Is this encryption method sensitive to weak keys? Is there any reference in the NIST on the AES key's entropy? (For example, must it have been generated from a TRNG?)
Can I safely use the Microsoft CAPI for key generation? (pseudorandom number generation)
Am I required to use true random number generation?
AES doesn't require uniformly distributed keys. However, if you have a key with less than 256 bits of entropy, then naturally your keyspace will be smaller than the maximum. Whether or not this is an issue depends on just how few bits you have. The only time a non-random key is bad for AES is when it's chosen very specifically to be harmful, in which case it can be used for a related key attack.
If your input is not uniformly distributed though, the standard technique is to pass it through a hash function like SHA-256 first, which compresses it to 256 uniformly-distributed bits. Or use a KDF.
