I thought that this was known. My understanding is that Bitlocker is fairly secure as long as you never link your key to your account. I don’t think it has been independently reviewed, though, and of course I’ve heard of theoretical TPM attacks and attacks if the machine is on or recently powered off. Of course, the best course of action for a secure laptop is probably Linux + fully encrypted LUKS, yadda yadda.

You might wonder how Microsoft had the keys to someone else’s computer. Interestingly, when you set up a new Windows PC, the system often asks if you want to back up your recovery key to your online Microsoft account. While this is very convenient if you ever forget your password, it also means Microsoft keeps a copy of that key on its servers.