BitLocker seems like good technology with major flaws. For example, BitLocker keys are uploaded to Microsoft accounts without user specifically allowing it. BitLocker can also be suspended in some situations. There are probably other flaws. I need tweaks, policies, and/or settings to enforce BitLocker encryption that meets the following requirements: - Data is fully 100% encrypted - No keys = no access to encrypted data - Keys are not uploaded to any 3rd party - Encryption cannot be suspended in any mode - Keys are not stored in plaintext format anywhere If there is a way to harden ciphers or harden BitLocker in other ways, then I'd like to know that as well. Until the, I can use alternatives, such as DiskCryptor or BestCrypt.