But I make a point of using a Microsoft account on all new machine setups, including those for small business, for a variety of reasons. So I need to be particularly aware of how this is being handled with OEM OOBE versus custom build OOBE (or at least might be).
I really see far too much value in the Microsoft Account and having devices linked to it to avoid its use.
I agree with you on that, today we're migrating another non profit from on prem server to all 365/Azure, currently in the middle of quite a few remote session working on desktops. So we're having computers log in with their 365 biz prem accounts. And I have an InTune policy to enforce higher 265 bit bitlocker, and capture the key.
And as tenant admin for all of our clients 365 tenants...we can go and quickly get the BL key for any device.
I can certainly see that, out of the box, with W10/W11...once you sign in with a Microsoft account (instead of choosing a local account)...BOOM..BL is on and busy.
I'll state that..when we unbox computers, (always Windows Pro)...we initially choose the "organization" login choice..meaning we're going to join a domain, meaning we initially set up a local user we always called Dynall. We use that account to sign in, run updates, OEM driver/firmware updates, and have it ready to start setting up for the client. We never see bitlocker engage yet while logged in as "Dynall" local user (admin).
Only when we join AzureAD, and sign in as the 365 user...BOOM...there goes Bitlocker.
Also, if it's going to a client with an old on prem server, local domain, thus a "domain user account"...Bitlocker never engages there either.
But for a "home" user...signing into a Personal Microsoft account, I can certainly see the need for wanting to be able to know that the BL key is stored in their personal Microsoft account...to have concern that you'd be able to access that. If you're setting up the computer for them, signing in as them (this know their creds), that's one way to know. But for end users that went and quickly set up their own computer...and probably didn't know what they were doing, somehow made a MS personal account but forgot it...yeah, that's....well, they're out of luck if you need to get the key.