Hello Atrivio,
What you are running into is a change in the servicing model introduced with Windows 11 cumulative updates. In earlier versions, the Servicing Stack Update (SSU) and the Latest Cumulative Update (LCU) were separate packages, and the servicing stack was updated first to allow the cumulative update to apply in a single reboot cycle. Starting in late 2021, Microsoft began shipping combined SSU + LCU packages, but the internal servicing logic in Windows 11 has evolved further. Certain cumulative updates now stage components in two phases: the first reboot applies the servicing stack and kernel-level changes, and the second reboot finalizes component store operations, .NET framework updates, or driver catalog integrations. This is why you are seeing the “double reboot” pattern more frequently in the last nine months.
The behavior is intentional and documented in servicing guidance, though not in a way that is obvious to administrators. Microsoft’s official documentation on cumulative updates for Windows 11 notes that some updates require multiple restarts depending on the component set being updated. The trigger is usually when the update contains both a servicing stack change and a payload that touches boot-critical binaries. In those cases, Windows will complete the first reboot, resume update processing in the “pending” state, and then require a second reboot to finalize.
For environments with BitLocker, the correct way to handle this is to suspend BitLocker for multiple reboots rather than a single one. The PowerShell cmdlet Suspend-BitLocker -MountPoint "C:" -RebootCount 2 is indeed the supported method. The -RebootCount parameter was added specifically to address scenarios where more than one reboot is required. Two is generally sufficient for cumulative updates, but there are rare cases (for example, feature updates or .NET rollups combined with cumulative updates) where three reboots may occur. There is no supported way to “guess” the exact number in advance, but the safe practice is to set -RebootCount 3 if you want to cover all possible cases.
There is no signal exposed to administrators that tells you “another reboot is required” before BitLocker resumes. BitLocker suspension is purely time- or reboot-count based. The servicing stack does not publish an external flag that you can query remotely to extend suspension dynamically. Microsoft’s guidance is to use the -RebootCount parameter with a value that covers the maximum expected reboots for the update type you are deploying.
In short: the two-reboot pattern is by design in Windows 11 servicing when certain cumulative updates are applied. The correct remote-safe approach is to suspend BitLocker with -RebootCount 2 or -RebootCount 3 depending on your tolerance for risk. There is no official signal to detect pending reboots beyond what Windows Update reports, and BitLocker will always re-enable automatically once the reboot count is exhausted.
I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!
Domic Vo.