What are you talking about?

> I'm sure there's some cryptographic way to avoid Microsoft having direct access to the keys here.

FTA (3rd paragraph): don't default upload the keys to MSFT.

>If you design it so you don't have access to the data, what can they do?

You don't have access to your own data? If not, they can compel you to reveal testimony on who/what is the next step to accessing the data, and they chase that.