I was wondering when a reporter would uncover this.

@jt_rebelo @Infoseepage @GossiTheDog altneratively, they could store it in the TEE encrypted drive now, but again, they don't offer that. MSFT can't touch that one. But you have to know; normal users obviously do not.

@jt_rebelo @Infoseepage @GossiTheDog that is precisely the point. you CAN possess and NOT backup your keys in a cloud. But sure, it makes it easy for msft to help you out in a pinch. But MSFT could upload an encrypted version -- they do not offer that. Unfortunately.

@jt_rebelo @Infoseepage @GossiTheDog the default for storing such things would be an encrypted version, per the Apple option.

We have no knowledge whether Apple or Google have ever given something out. I would not take that for a denial that they had.

@jt_rebelo @Infoseepage @GossiTheDog it's important to note that the objection here is that users should not be encouraged to store their own encryption keys on a service provider, as that provider has a responsibility to comply with legal search warrants wherever it does business. Microsoft does not "directly" give anyone keys to data without such a warrant as a matter of policy.

@GossiTheDog is correct to argue that a) it shouldn't be made easy to default to the cloud and b) that ultimately, if you mean to encrypt then you likely mean to own those keys yourself. Don't put them in a service that must respond to legal instruments.