Comment by andwur

They could have taken a more defence-in-depth approach to key storage and encrypted the cloud copy of the Bitlocker key with a random master key itself protected by a user password-derived key arrangement, with any crypto action occuring on the device to avoid knowledge of the plaintext key. That way the Bitlocker key stored in the cloud is opaque to Microsoft, and only by knowing the user's current cleartext password could they access the raw Bitlocker key.

The current approach is weak, and strikes me as a design unlikely to be taken unless all the people involved were unfamiliar with secure design (unlikely IMO), or they intentionally left the door open to this type of access.