Under normal circumstances, you unlock your drive automatically when you sign in to Windows using an account that's authorized for that device. If you try to access the system in any other way, such as by booting from a Windows 10 or Windows 11 Setup drive or a Linux-based USB boot drive, you'll be prompted for a recovery key to access the current drive. You might also see a prompt for a recovery key if a firmware update has changed the system in a way that the TPM doesn't recognize.
As a system administrator in an organization, you can use a recovery key (manually or with the assistance of management software) to access data on any device that is owned by your organization, even if the user is no longer a part of the organization.
The recovery key is a 48-digit number that unlocks the encrypted drive in those circumstances. Without that key, the data on the drive remains encrypted. If your goal is to reinstall Windows in preparation for recycling a device, you can skip entering the key and the old data will be completely unreadable after setup is complete.
Your recovery key is stored in the cloud automatically if you enabled device encryption with a Microsoft account. To find the key, go to https://onedrive.com/recoverykey and sign in with the associated Microsoft account. (Note that this option works on a mobile phone.) Expand the listing for any device to see additional details and an option to delete the saved key.
If you enabled BitLocker encryption by joining your Windows 10 or Windows 11 device with an Azure AD account, you'll find the recovery key listed under your Azure AD profile. Go to Settings > Accounts > Your Info and click Manage My Accounts. If you're using a device that's not registered with Azure AD, go to https://account.activedirectory.windowsazure.com/profile and sign in with your Azure AD credentials.
Find the device name under the Devices & Activity heading and click Get BitLocker Keys to view the recovery key for that device. Note that your organization must allow this feature for the information to be available to you.
Finally, on business editions of Windows 10 or Windows 11, you can print or save a copy of the recovery key and store the file or printout (or both) in a safe place. Use the management tools available in File Explorer to access these options. Use this option if you enabled device encryption with a Microsoft account and you prefer not to have the recovery key available in OneDrive.