When setting up Bitlocker on an Azure AD connected device, you have the following options: https://i.imgur.com/MHbPBu6.png
A question about the exact wording of "Save to your cloud domain account". IMO that's not totally clear where it stores it. It infers, to me, that it would save it against my user domain account. However, I suspect it's saved against the device in Azure AD as that's the only place I can see this. Is this correct?
At the moment, the laptops are set-up by IT using their own account and a key step is to save the Bitlocker key. However, when a user first logs on, we also save it there. I suspect this later step is not needed.
Supplemental question - on the page linked below (which is the link from the Bitlocker screen), it says to access your Microsoft Azure account to get the Bitlocker key:
Can I also confirm that this misleading for normal users as the profile page that this takes you to has no information about Bitlocker:
And that the only way a user can retrieve their Bitlocker recovery key is to ask an admin with access to the Azure portal to look it up based upon their computer name?