I also use secure boot, and self-manage the keys, since having someone else hold the keys completely mitigates the value of secure boot. It's not ideal, and it creates a minor headache, but the gains massively outweigh the extra work required. I don't run Windows, so at least that portion is mitigated by OS selection, but it still creates a headache when I have to install Microslop junk on my computer, since they expect a prebuilt key to be present.
Why doesn't Microsoft want an independent encryption program running? They need to be able to steal all your data, and feed in to their AI training, and hand it over to police. Windows is not a safe OS, Microsoft has proven that time and time again. I use VeraCrypt frequently, any sensitive file on my computer is in a VeryCrypt volume.
If sensitivity is important, you must encrypt the file away from the OS, and other people. The entire point is to keep sensitive stuff safe, and since Microsoft has some delusional belief that all your files are their files, in the wrong hands, they block VeraCrypt.