The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
This is configurable; you can set BitLocker to always require a password on boot. If you do that, the clearkey doesn’t get placed (yet). If you set this mode, the key also doesn’t get uploaded to OneDrive. Of course, there’s a big warning when you set it up, and it recommends you print off and save the one time recovery key list.
Easier just to use an OS that doesn’t require you to jump through hoops to secure it though.
You can also disable it with a Group Policy too and delete any keys that were uploaded to Microsoft with manage-bde while adding your own keys, but for the average person Bitlocker is going to be how it comes by default.
Pre-builts are even worse because that’s another party who has had access to your keys and there are not laws that they would violate by keeping copies (for your convenience, of course)
This is configurable; you can set BitLocker to always require a password on boot. If you do that, the clearkey doesn’t get placed (yet). If you set this mode, the key also doesn’t get uploaded to OneDrive. Of course, there’s a big warning when you set it up, and it recommends you print off and save the one time recovery key list.
Easier just to use an OS that doesn’t require you to jump through hoops to secure it though.
You can also disable it with a Group Policy too and delete any keys that were uploaded to Microsoft with manage-bde while adding your own keys, but for the average person Bitlocker is going to be how it comes by default.
Pre-builts are even worse because that’s another party who has had access to your keys and there are not laws that they would violate by keeping copies (for your convenience, of course)