Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
It sounds like you’re complaining about both approaches.
If Microsoft doesn’t have the key: You can’t recover your files if you lose it.
If Microsoft does have the key: An attacker could get in and take it (unlikely if you have two factor auth though) and you need to trust Microsoft.
How do you know this, though? It could be encrypted using your account password as a key or seed.
Microsoft is very much encouraging passwordless accounts. Mine only has a passkey with MFA.