Have you recently purchased a Windows computer?
Congratulations! As your new Windows computer has inbuilt disk encryption feature that is turned on by default in order to protect your data in case your device is lost or stolen.
Moreover, In case you lost your encryption keys then don't worry, Microsoft has a copy of your Recovery Key.
But Wait! If Microsoft already has your Disk Encryption Keys then what’s the use of using disk encryption feature? Doesn't Encryption mean Only you can unlock your disk?
Microsoft Probably Holds your Encryption Keys
Since the launch of Windows 8.1, Microsoft is offering disk encryption as a built-in feature for Windows laptops, Windows phones and other devices.
However, there is a little-known fact, highlighted by The Intercept, that if you have logged into Windows 10 using your Microsoft account, your system had automatically uploaded a copy of your recovery key to Microsoft’s servers secretly, and you can't prevent device encryption from sending your recovery key.
Note: Do not get confuse device encryption with BitLocker. Both works same but have different configuration options. BitLocker offers users a choice whether or not they want to backup their Recovery keys on Windows server.
How to Delete your Recovery Key from your Microsoft Account?
Follow these simple steps in order to remove your recovery key from your Microsoft account:
Step 1: Open this website and log in with your Microsoft Account
Step 2: You will find list of recovery keys backed up to your Microsoft Account
Step 3: Take a back of your recovery Keys locally
Step 4: Go ahead and delete your recovery key from Microsoft Account.
How to Generate a New Encryption key (Without Sending a copy to Microsoft)?
Step 1: Go to Start, type "Bitlocker," and click "Manage BitLocker."
Step 2: Click "Turn off BitLocker" and it will decrypt your disk.
Step 3: Once done, Click "Turn on BitLocker" again.
Step 4: Then Windows will ask you: How you want to backup your Recovery Key. Make sure to DO NOT SELECT "Save to your Microsoft Account." That's it.
Congratulations!
Finally, the new Windows device you purchased specially for disk encryption feature has now enabled the feature, and Microsoft no longer can unlock it.