With a VM running on an encrypted file system, whatever a warrant for a bitlocker key might normally provide will be hidden behind an additional layer that Microsoft does not hold the keys to.
(Determining whether that is useful or not is an exercise for the person who believes that they have something to hide.)
Sure, the plan you outline does sound very simple. And in an ideal world, that'd be perfectly fine.
Except we don't live in an ideal world.
See, for example, the fuckery alluded to above.
Therein: Linking a Microsoft account to a Windows login is something that appears to happen automatically under some circumstances, and then bitlocker keys are also automatically leaked to the mothership...
The machine is quite clearly designed with the intent that it behaves as a trap. Do you trust it?
If you believe Windows to be so actively malicious that it would go behind your back and enable key backups after you've explicitly disabled them, you should probably assume that it will steal your encrypted information in other ways too.
This continued usage of the word "you," as if directly and specifically targeted at me, that you're using: At first, I thought it was a mistake, but now I'm pretty sure that it is a very deliberate word choice on your part.
Therefore, based on that...
Since this is about me, then: I'd like to ask that you please stop fucking with me.
We can discuss whatever concepts that you'd like to discuss, in generalities, but I, myself, am not on the menu for discussion.
With a VM running on an encrypted file system, whatever a warrant for a bitlocker key might normally provide will be hidden behind an additional layer that Microsoft does not hold the keys to.
(Determining whether that is useful or not is an exercise for the person who believes that they have something to hide.)