cognus said:
per my edits above, since Drive Encryption was auto switched 'on' at some point, was there a key generated, without notice to the user [me, in this case]? Since it turned 'off' peacefully enough, I assume not, but the discussion has me concerned :)
No need to be concerned.

Device Encryption would always be turned on by default unless manually turned off.

When turned on, you would have a BitLocker recovery key created that can be used as a passcode to recover or unlock the encrypted drive if needed when normal methods are unable to unlock it.

When turned off, the current BitLocker recovery key is cleared and will no longer be valid.

A new BitLocker recovery key will be created if you should turn on Device Encryption again though.