Windows 11 PC restarted automatically?

Question

I had some processes running on my Windows (taking a long time) and many open applications (Eclipse, sqlDeveloper etc).

It's important to know that while the PC was running - It was disconnected from the web (physically removed the Ethernet cable)

Yesterday my system restarted causing the processes to stop and applications began closing/crashing. I lost a bunch of data...
My question is how to find out what caused Windows to restart?
I suspect it's related to a Windows update?

UPDATE
Adding the events from Event viewer:

    The kernel power manager has initiated a shutdown transition.Action: Power Action Reboot 
    The system has prepared for a system initiated reboot from Sleeping (Idle).
    Virtualization-based security (policies: VBS Enabled,VSM Required,Boot Chain Signer Soft Enforced) is enabled due to HyperV.
    The last shutdown's success status was true. The last boot's success status was true.
    EFI time zone bias: 2047. Daylight flags: 0. Firmware time: ‎2023‎-‎12‎-‎14T00:33:07.000000000Z.
    The boot menu policy was 0x1.
    The boot type was 0x0.
    There are 0x1 boot options on this system.
    The bootmgr spent 0 ms waiting for user input.
    The firmware reported boot metrics.
    ACPI thermal zone \_TZ.TZ00 has been enumerated.     
    ACPI thermal zone \_TZ.TZ01 has been enumerated.         
    The system has detected a system initiated reboot from Sleeping (Idle).
    Connectivity state in standby: Disconnected, Reason: NIC compliance
    The system session has transitioned from 0 to 1.Reason SessionUnlock 
    The system session has transitioned from 1 to 3.Reason InputAccelerometer 
    The system session has transitioned from 3 to 4.Reason InputAccelerometer 
    The system session has transitioned from 4 to 6.Reason InputHid 

Answer 1

To find out the reason for a reboot, use one of the following commands:

• PowerShell :

  Get-WinEvent -FilterHashtable @{ LogName = 'System'; Id = 41, 1074, 6006, 6605, 6008; } | Format-List Id, LevelDisplayName, TimeCreated, Message
  

• CMD :

  wevtutil qe System /q:"*[System[(EventID=41) or (EventID=1074) or (EventID=6006) or (EventID=6005) or (EventID=6008)]]" /c:100 /f:text /rd:true 
  

If the computer has crashed, and not just rebooted, check folder %SystemRoot%\Minidump for a .dmp file whose creation-time corresponds to the time of the crash.

If found, analyze this file using BlueScreenView, or zip it up and publish it online for us to have a look (OneDrive, Dropbox etc).

If minidumps are not enabled, I suggest to enable Small memory dumps. See the article Configure Windows 10 to Create Minidump on BSOD.

Useful reference : How to find out why your PC shut down for no reason on Windows 10 and 11.

Answer 2

Look in the Event Viewer. Section "Windows Logs->System". For each reboot you will find a lot records (Source column says Kernel-Power and/or Kernel-Boot) pertaining to the reboot/startup of the computer and 1 of them will show which application requested the reboot to happen. (Or if it was a crash the blue-screen crash information is logged in such a record.)

My guess is that it was probably Windows Update, because that will sometimes want to do an urgent reboot for highly critical security fixes.
It will give a notification that allows you to delay that reboot until later, but if you don't respond to that notification quickly (e.g. you are not at the computer at that time) it will reboot anyway.

After your edit: Could also have been a crash/bug bad enough to drag down the OS as a whole (aka a "blue screen").