In order to make these settings visible, you have to create a device configuration profile with the endpoint protection template. See screenshot below.
The settings you are looking for will then be under the Windows Encryption category in Configuration settings. You will also be able to save the recovery keys to Azure AD (Entra ID).
If this was helpful and answered your question please let me know. Thank you.