All this means is Microsoft has your decryption keys by default but you can still easily turn that off.

And yeah of course Microsoft gave them the keys they would have had a warrant.

At least I hope they had a warrant. It's 2025 and that's not a guarantee anymore.

You're correct, you can absolutely not send them your keys. And if you don't trust them to fully delete them, you can re-Bitlocker your drive and make sure not to send them your keys this time (it's in the wizard you go through when you turn bitlocker on).

However, I *can* say that it has saved my ass before. This is because anything that makes a change to your SecureBoot environment (like, from linux for example- which is what happened to me) will render Windows unbootable without a recovery key, and if y

If someone else can get the key to unlock the drive, the drive isn't locked. The problem with BitLocker, at least in general, is that you don't control the passphrase or keys, and hence it's not really useful in the wider / greater context!

Look at LUKS, you control the passphrase, and if you choose, additive keys, and that means if law enforcement needs your drive, they can't side step you. The fact Microsoft can hand over the keys makes BitLocker functionally useless, and, really cuts to the core of t

They have the recovery keys. You can remove them if you like.
If you're paranoid, you can remove them, disable bitlocker, re-enabled it and this time choose not to send MS your keys.