Comment by Melatonic

Exactly. And any halfway decent corporate IT setup would be managing the keys themselves as well (although I would imagine many third party tools could also be compelled to do this with a proper warrant)

Bitlocker on by default (even if Microsoft does have the keys and complies with warrants) is still a hell if a lot better than the old default of no encryption. At least some rando can't steal your laptop, pop out the HDD, and take whatever data they want.