BitLocker Recovery Key.

MirrorSphere  ·  Knowledge Base

KB Article 744  ·  Account Management  ·  Self Service

How to request and retrieve your BitLocker recovery key via the MirrorSphere support portal. This guide covers the request process, the approval flow, the emails you’ll receive, and what the key retrieval page looks like.

What is a BitLocker Recovery Key? A 48-digit code that unlocks the encrypted drive on a Windows device. Windows asks for it after certain hardware changes or recovery-mode boots — without it, the device won’t start. MirrorSphere holds your key securely so you can retrieve it when needed.
Who is this for? Anyone with a MirrorSphere-managed Windows device that has BitLocker enabled. If you’ve been prompted for a 48-digit recovery key on boot, this guide tells you how to get it.
Audience
End User
Process Time
~10 mins
Last Reviewed
May 2026

How to Raise a Request

  1. Log in to portal.mirrorsphere.com using your work account
  2. From the Home page, click Services and Products. Search for BitLocker in the search box, or browse to All Service Catalogue and select Request BitLocker Key (also found under Users and Services › Services)
  3. Make sure the correct device is linked in the Asset field — this is how we know which key to retrieve
  4. Add a brief note explaining why you need the key (e.g. “forgot PIN after Windows update”)
  5. Click Submit — you’ll receive a confirmation email within seconds
Tip: An asset must be assigned before you can submit the request — the form will not allow submission without one. If your device does not appear in the Asset field, contact IT support and we will link it for you.
The key link is time-limited. Once approved, you have 3 hours to click the link, and it can only be opened once. Wait until you’re ready to use the key before you submit the request — expired links cannot be reissued, you’d need to raise a fresh ticket.

The Approval Process

For security, all BitLocker key requests require approver approval before the key is released. Here’s what happens after you submit:

You submit

Portal form sent

Approver approves

Email with one click

Key link sent

Secure email to you

Ticket closed

Automatically

Typical turnaround is a few minutes during business hours once submitted. Out-of-hours timing depends on when your approver is able to check the email.

  • Approval received from your nominated approver, usually within minutes
  • One-time secure key link delivered to your email inbox
  • Recovery key viewed and copied via clavis.mirrorsphere.com
  • Ticket closed automatically with an audit record on file
What the approver sees

Your approver receives an email with Approve and Decline buttons. Clicking either button takes them directly to a confirmation page in the HaloPSA portal.

Approver email with Approve and Decline buttons
The approver email — one-click Approve / Decline buttons
HaloPSA approver confirmation page
The confirmation page they land on after clicking either button

Emails You’ll Receive

You’ll receive up to four emails depending on the outcome. The table below summarises them; previews of each are further down.

Email When What it means
Pending  Request Confirmation Immediately on submission Your request has been logged and the approver has been notified
Approved  Request Approved Once your approver approves The secure key link is on its way in a separate email
Action  Your Secure Key Link Seconds after approval One-time link to the key — valid 3 hours, opens once only
Closed  Key Retrieved After you view the key page Confirms the key was retrieved; ticket closes automatically
Expired  Link Expired If 3 hours pass without you opening the link Link has expired; ticket closes — raise a new request if still needed
Declined  Request Declined If your approver declines Ticket closes — contact IT support if you believe this is in error

Preview of each email

1
Request Confirmation

Sent immediately when you submit. Confirms your request has been logged and your approver has been notified.

Request Confirmation email preview
2
Request Approved

Sent once your approver approves. The secure key link arrives in the next email seconds later.

Request Approved email preview
3
Your Secure Key Link Most Important

The email with your key link. The button can only be clicked once and is valid for 3 hours. Make sure you’re ready before you click.

Secure Key Link email preview
4a
Key Retrieved — Ticket Closed If link was used

Sent after you successfully view the key page. Confirms your ticket is closed — no further action needed.

Key Retrieved confirmation email preview
4b
Link Expired — Ticket Closed If link timed out

Sent if 3 hours pass without you clicking the link. The ticket closes automatically — just raise a new request.

Link Expired email preview
!
Request Declined If approver declines

If your approver declines, you’ll receive this email and the ticket closes. Contact IT support if you believe this is an error.

Request Declined email preview

The Key Retrieval Page

When you click the Retrieve Recovery Key button, your browser opens a secure page on clavis.mirrorsphere.com:

MirrorSphere Clavis key retrieval page
The Clavis key retrieval page on clavis.mirrorsphere.com

After clicking Copy Key, paste it into the BitLocker recovery screen on your device (if you can), or enter the key manually. If you have multiple encrypted drives, you’ll see a separate key row for each one.

If Something Goes Wrong

Most requests complete without issue, but a few things can go sideways. Here’s how to handle the common scenarios.

Scenario A
The link expired before I could use it

Simply raise a new request through the portal. The previous ticket has closed automatically; a new key link will be generated once your approver re-approves. The recovery key itself does not change between requests.

Scenario B
My approver is unavailable

If you’re locked out urgently and your approver isn’t reachable, call IT support directly on +44 (0) 1295 595 444. We can arrange an alternative approver or escalate via your Head of IT.

Scenario C
The key didn’t unlock my drive

Check you’re entering the key for the correct drive (C: vs D: etc.). Devices with multiple encrypted drives show a separate key row for each. If it still fails, call IT support on +44 (0) 1295 595 444 — do not raise another request, as a new key won’t change the outcome.

Scenario D
I don’t have a portal account

Contact IT support directly on +44 (0) 1295 595 444. An agent can raise the request on your behalf — the key will still be sent to your email address via the same secure process.

Tips

Plan ahead

The link is valid for 3 hours from when it’s sent. Don’t request the key until you’re ready to use it.

One click only

Each link works once. If you close the page before copying, raise a new request — there’s no way back in.

Save it securely

Once you have the key, store it in your password manager (1Password, Bitwarden, etc.) for future reference.

Need help fast?

If your approver is unavailable or you’re locked out urgently, call IT directly on +44 (0) 1295 595 444.

Frequently Asked Questions

Why do I need approver approval?
BitLocker recovery keys provide complete access to your encrypted drive. Approver approval is a security control to ensure only authorised requests are fulfilled, and to protect you in the event your account is compromised.
How long does the whole process take?
Usually under 10 minutes during business hours, from the moment you submit to receiving the key link — once your approver approves, the link is generated and emailed automatically with no agent involvement.
What if the link has expired?
Simply raise a new request via the portal. The old ticket is automatically closed, and a new key link will be generated once your approver approves again. The key itself doesn’t change.
The key didn’t work — what now?
First, check you’re entering the key for the correct drive (C: vs D: etc.). If your device has multiple encrypted drives, you’ll see separate keys for each. If it still doesn’t work, call IT support on +44 (0) 1295 595 444.
Is this process secure?
Yes. Your recovery key is never visible in any ticket, agent screen, email body, or support chat. The only way to see it is via the one-time secure link, which is tied to your email address and expires automatically. The page also cannot be cached or revisited.
I don’t have a portal account — what do I do?
Contact IT support directly on +44 (0) 1295 595 444. An agent can raise the request on your behalf, though the key will still be sent to your email address via the same secure process.

Need More Help?

If this guide hasn’t resolved your issue, you have a few ways to reach us.

Self-service portal Raise a ticket via portal.mirrorsphere.com — the fastest route for non-urgent issues.
Phone support +44 (0) 1295 595 444, Monday–Friday 08:30–17:30. For urgent issues outside these hours, leave a voicemail — the on-call team monitors it.
Urgent / locked out Call the support line above and quote “BitLocker lockout” so we route you to the right tech first.
Escalation If the response time isn’t meeting your need, ask the agent to escalate to your account manager or your organisation’s Head of IT.
Locked out right now?
Skip the portal and call our support line for immediate help.
+44 (0) 1295 595 444
KB 744  ·  Account Management  ·  If you can’t find what you need here, raise a ticket via the support portal and we’ll help.
MirrorSphere  ·  Bloxham Mill, Barford Road, Bloxham, OX15 4FF  ·  www.mirrorsphere.com  ·  +44 (0) 1295 595 444
Managed IT Services
MirrorSphere Ltd, registered in England & Wales. Bloxham Mill, Barford Road, Bloxham, Banbury, OX15 4FF  |  Co. No. 6388568  |  VAT: GB918941394