Simon Zerafa (Status: 
😊)Regular warning regarding backups and data recovery with Windows 11 25H2 and Bitlocker encryption.
By default, new installations of Windows 11 25H2 have BitLocker automatically enabled, on laptops and desktops.
In theory, the BitLocker recovery keys are transferred to the online Microsoft Account settings when you login that way on Windows 11.
If you use a Windows local account only then it's not backed up. Nor are you prompted to do so. This is very obviously a potentially dangerous state.
If you're going with a local account only Windows 11 OS installation then:
- Backup the recovery keys safely offline,
AND
- Keep unencrypted backups of important data off the system (ideally several copies stored separately)
OR
- Disable BitLocker
Unless you have a very specific use case or "interesting" threat model then disabling BitLocker is my suggestion.
Once BitLocker it's disabled then ensure you are taking regular backups of import data off the PC, ideally multiple copies in separate places for redundancy.
Hardware and storage media do fail. Motherboards and their TPM / UEFI Firmware data do get damaged. That's where the BitLocker encryption keys are stored.
If the BitLocker recovery information on the motherboard is damaged or unrecoverable, your BitLocker encrypted data will be unrecoverable without the recovery keys.