A new report claims that Windows 10 is now running on 200 million devices across the world, which means that Microsoft has already completed 20 percent of its goal and has another 12 months to achieve the remaining 80 percent. However, one of the unknown facts of this encryption key is that Microsoft stores a copy of it in the clouds. Also, there is a no option the user to stop this process, hence, the Windows user can't prevent device encryption from sending your recovery key. Based on the possibility of this outcome and a broad survey of customer feedback we chose to automatically backup the user recovery key
Microsoft keeps a copy of users' recovery keys on its servers, defeating the very point of encryption technologies.
To be completely safe, you'll want to not only delete your key from the cloud but also generate a new one and avoid uploading it. You can either use BitLocker (available with Windows Pro and Enterprise versions) or a third-party app like BestCrypt.
A recent The Intercept article reveals that Microsoft is storing device encryption keys in the cloud under certain circumstances automatically. If a person's hard drive is inaccessible and they have lost the encryption key, users could find themselves locked out of their machine. If your laptop or desktop contains a TPM module and meets all of Microsoft's specifications, the device will ship with full disk encryption activated.
The Intercept's Micah Lee explains: "keeping a backup of your recovery key in your Microsoft account is genuinely useful for probably the majority of Windows users, which is why Microsoft designed the encryption scheme, known as "device encryption", this way". Make sure to DO NOT SELECT "Save to your Microsoft Account".
While local access is needed for that, it is better to be safe than sorry later on. This will decrypt the drive which may take a while depending on its size and performance.
"As soon as your recovery key leaves your computer, you have no way of knowing its fate".
Once done, select "Turn on BitLocker". It wants to extend that protection to all users, including users that aren't technically proficient and who would be unlikely to understand the importance of writing down and securing their own recovery keys. All you have to do is log into your computer using your Microsoft account and turn the feature off. How bad is this vulnerability, really?