There are a few issues to address here and no it does not involve paying Microsoft an extra $200. That would be a little silly. So lets start from the beginning because this is not new with Windows 10. It was actually introduced in Windows 8.1 with a very specific criteria that has to be met.
Before Windows 8.1 automatically enables Device Encryption, the following must be true:
- The Windows device “must support connected standby and meet the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems.” (Source) Older Windows PCs won’t support this feature, while new Windows 8.1 devices you pick up will have this feature enabled by default.
- When Windows 8.1 installs cleanly and the computer is prepared, device encryption is “initialized” on the system drive and other internal drives. Windows uses a clear key at this point, which is removed later when the recovery key is successfully backed up.
- The PC’s user must log in with a Microsoft account with administrator privileges or join the PC to a domain. If a Microsoft account is used, a recovery key will be backed up to Microsoft’s servers and encryption will be enabled. If a domain account is used, a recovery key will be backed up to Active Directory Domain Services and encryption will be enabled.
So if your pc does not meet these modern standards and you score and upgrade to Windows 10 home. No it won't self encrypt and you will be using a Windows 10 device that is unencrypted. If it does meet those standards then yes it will automatically encrypt and upload the recovery key to OneDrive assuming you logged into a Microsoft account.
So lets get real for a second. If you are worried that now your secret "Golden Key" is out on OneDrive. You can easily enough remove it and regenerate a new recovery key. Also mind you the default for Bitlocker is AES128. I don't go less that AES256 on any of my systems.
1. Go to this Microsoft FAQ and click on the question How can I get my Bitlocker recovery key. It will contain a direct link to take you to your recovery key. Once you are logged in. Just remove it. If you get a page saying no bitlocker key exists then you are good to go.
2. Verify your computer is even encrypted. Open up a elevated command prompt and type in the following.
This should pull back some info similar to this:
As you can see this drive is not encrypted. There is no bitlocker version and it is running Windows 10 home. I'll get to what I am going to do with my unencrypted laptop in a minute.
If your drive is encrypted and you did have to do a removal of your key from OneDrive then do step 3.
3. Regenerate your recovery key. No decryption necessary.