Because then you'd need to mail out these USB keys and hope that they don't go missing or are misused before IT can force a key rotation. Also the time involved in buying and creating the USB keys for all remote employees. Just have everyone bring their laptop to the closest office, IT can scan the key off their machine for the laptop, and now they can quickly delete the offending CrowdStrike files. If you mailed them out, employees would still need to be walked through on deleting the files and would need the right access to do so.
If you have 5 IT workers processing 200 remote employees at each office and the resolution takes only 5 minutes, you can get the work done in 3 hours. Building USB keys and waiting for them to be mailed out for every employee probably takes longer than it took to write the basic barcode script.
> How can you rotate the bitlocker key? I was under the impression that it’s permanent.
The actual key key is not changeable, but the "recovery key" is not actually the key (or a representation of it) but is another password that unlocks the actual key. As already mentioned, this can be done in one click on an admin console, and even on personal systems you could change it (even to all zeroes if you're stupid enough) using the manage-bde command-line program.
If you have 5 IT workers processing 200 remote employees at each office and the resolution takes only 5 minutes, you can get the work done in 3 hours. Building USB keys and waiting for them to be mailed out for every employee probably takes longer than it took to write the basic barcode script.