How does a Bitlocker screen appear on a Windows 11 Home system?

[whoisit]

Is it a newish computer? New installs of Windows 11 have been shipping/installing with software disk encryption on/enabled, but not actively encrypting the disk. The copy of 24H2 Home edition was like this when I installed it for my parents this summer. With Microsoft pushing Microsoft Accounts at setup, and being able to store encryption keys on their servers, I could see a user encrypting a disk any never knowing it.

 

[whoisit]

I dunno. With Bitlocker and no recovery key, they may be hosed. I mean, a backdoor kinda defeats the purpose of disk encryption.

From memory, the encryption process asks to store the keys in a Microsoft Account and to a USB drive. The user has to choose one option, but it lets the user forego the other if they so choose.

 

[whoisit]

If she can use her computer, and Disk Encryption is enabled (and the disk encrypted), it's getting the key to decrypt from somewhere. Microsoft Account, USB drive, TPM/PTT module, etc. without the key, Disk Encryption doesn't care about your user access level on the device.

Another possibilty is the old scam site that makes a window that spoofs a Windows dialog box. Since you weren't there, just getting a description over the phone.

 

[whoisit]

If the key is stored on the Microsoft account, it unlocks the drive transparently to the user at login. It's real slick until it screws up.

And if it's enabled, and storing the decrypt key on Microsoft's servers, it makes sense to get that prompt for an offline scan. The network stack isn't loaded, so the key can't be retreived. You should be able to back up the decrypt keys to a USB drive, so that can be used in the occasion the computer can't auth across a network/internet connection.