In this post, I’ll show how to deploy KB5061768 OOB update with Intune for Windows 10 devices. The May 2025 Update (KB5058379) for Windows 10 has caused significant issues for users, including reboot loops, Blue Screen of Death (BSOD) errors, and the unexpected appearance of the BitLocker Recovery screen.

To resolve these problems, Microsoft has released an out-of-band update (KB5061768) for Windows 10 versions 21H2 and 22H2 that can be deployed via Intune.

Out-of-band (OOB) update KB5061768 is available In Intune to fix “Windows 10 might repeatedly display the BitLocker recovery screen at startup“. If you manage Windows 10 devices with Intune, you can quickly deploy the KB5061768 update using the expedited quality update policy.

Install and Update Third Party Applications with Patch My PC
Install and Update Third Party Applications with Patch My PC

Windows 10 update KB5058379 Bitlocker Recovery Screen

The screenshot below is from one of the Windows 10 computers that got affected with this issue after installing the KB5058379 update. If you don’t have the recovery key for Bitlocker you cannot access your computer. If your device is encountering this issue, installing the KB5061768 update is the solution.

Windows 10 update KB5058379 Bitlocker Recovery Screen
Windows 10 update KB5058379 Bitlocker Recovery Screen

Deploy KB5061768 OOB Update with Intune for Windows 10

For Windows 10 devices that are affected with KB5058379 Bitlocker issue, you can deploy KB5061768 OOB Update with Intune. To do that:

  1. Sign in to the Intune admin center. Go to Devices > Windows > Windows Updates > Quality Updates.
  2. Create a new Expedite policy and enter a descriptive name for the profile.
  3. Click on the drop-down located to next to expedite installation of quality updates if device OS version less than and select “05/16/2025 – 2025.05 OOB security Update for Windows 10 and later.”
  4. Specify the number of days to wait before restart is enforced.

That’s it, click Next.

Deploy KB5061768 OOB Update with Intune
Deploy KB5061768 OOB Update with Intune

On the Assignments tab, select Add groups and then select device or user groups to assign the policy. Click Next.

Deploy KB5061768 OOB Update with Intune
Deploy KB5061768 OOB Update with Intune

On the Review+Create page, have a look at the expedite policy settings. If it’s all good, click Create. After the policy is created, it deploys to assigned groups.

KB5061768 Expedite Update Report

After deploying the KB5061768 OOB update using Intune, you can run Windows Expedited Update Report to see an overview of how many devices are in progress of installing an update, have completed the installation, or have an error.

  • Sign in to the Microsoft Intune admin center.
  • Select Reports > Windows updates. Click the Windows Expedited Update Report.
  • Select the Generate report button to find devices that successfully installed the KB5061768 OOB update.
KB5061768 Expedite Update Report
KB5061768 Expedite Update Report

Still Need Help?

If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.

Forums Telegram Contact Me

Leave a Reply

Your email address will not be published. Required fields are marked *

Prajwal Desai

Prajwal Desai is a technology expert and 10 time Dual Microsoft MVP (Most Valuable Professional) with a strong focus on Microsoft Intune, SCCM, Windows 365, Enterprise Mobility, and Windows. He is a renowned author, speaker, & community leader, known for sharing his expertise & knowledge through his blog, YouTube, conferences, webinars etc.