System firmware updates amongst other boot changes can cause a TPM based Bitlocker key to become invalid.

When you attempt to boot into windows you’ll get a blue screen asking to unlock the drive.

Hopefully you have a copy of your bitlocker recovery key. Sometimes you can find this on your microsoft account.

Enter the key into the blue window and boot into windows. Now if you don’t fix the issue, you’ll continue to have that blue screen every boot.

The fix is to clear and re-add the TPM based key to unlock the C: drive.

Using an admin powershell, run the following commands:

manage-bde.exe -status C:
manage-bde.exe -protectors -delete -type tpm C:
manage-bde.exe -status C:
manage-bde.exe -protectors -add C: -tpm
manage-bde.exe -status C:

The status should show the tpm key, and it being removed, and it being added again.

If you reboot under the same conditions, you should not see the blue screen, and windows should boot normally.