From my knowledge, the following is true: sign in with MS account will store encryption key. It can be deleted. But is anything cloud really deleted?
Setting up computer as a local machine, from what I know, does not sync encryption keys. They change things frequently and I don’t trust MS, so still use caution.
Setting up a machine on Active Directory in an enterprise setting allows bit locker keys to be written to Active Directory, but I don’t believe it is enabled OOB.