When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to an online Microsoft account and the TPM protector is created. Should a device ...