What causes BitLocker encryption recovery?

Per Microsoft, some of the causes of BitLocker recovery include:

• An attacker has modified your computer. This is applicable for a computer with a Trusted Platform Module (TPM) because the TPM checks the integrity of boot components during startup.
• Moving the BitLocker-protected drive into a new computer.
• Upgrading to a new motherboard with a new TPM.
• Turning off, disabling, or clearing the TPM.
• Upgrading critical early boot components that cause the TPM to fail validation.

In our environment, the most common reasons for recovery are:

• A USB device with storage capacity such as a bootable USB key is attached
• An incorrect setting in the BIOS
• An outdated (defective) BIOS version
• Changing a BIOS setting without first disabling BitLocker
• Moving a protected drive to a new machine