alt Hacker NewsWhy would you need to create a local account? You can just not choose to store the keys in your Microsoft account during BitLocker setup: https://www.diskpart.com/screenshot/en/others/windows-11/win...
Admittedly, the risks of choosing this option are not clearly laid out, but the way you are framing it also isn't accurate
All "Global Reader" accounts have "microsoft.directory/bitlockerKeys/key/read" permission.
Whether you opt in, or not, if you connect your account to Microsoft, then they do have the ability fetch the bitlocker key, if the account is not local only. [0] Global Reader is builtin to everything +365.
[0] https://github.com/MicrosoftDocs/entra-docs/commit/2364d8da9...