Reply To: Does bitlocker require TPM?

#12206
AvatarNora Lang
Moderator
1 pt

Thanks for reaching out to us!

I will start with how TPM helps with BitLocker. TPM is a chip that is soldered into your motherboard, which provides a hardware-based authentication, i.e., if you have enabled BitLocker, you can switch on and login to your device (considering the fact you have pushed the right set of configurations) with a click of a button and a password you can actually remember. You don’t have to go through the whole torturous process of connecting a USB with a startup key or entering a 6–20-digit startup PIN. The encryption key is partly stored on the TPM instead of the drive.

Bottom line: If you have got TPM, you don’t actually need to enter a Startup PIN or a Startup Key on device startup.

Disclaimer: Make sure you push a BitLocker policy that doesn’t mandate a Startup PIN or a Startup Key.

Now let’s come to the question at hand. You can configure a BitLocker policy for a device that doesn’t have TPM hardware. You won’t face any issues except having to manually enter a Startup PIN and connecting a USB with the Start-up Key stored in it.

Head on to Polices > Windows > BitLocker and configure the policy as required by your enterprise. Choose Enable from the drop-down for Configure authentication when the computer starts up. Allow Enable BitLocker without a Trusted Platform Module (TPM). On doing so, Authenticate with TPM startup key and PIN would be required by default.

Nora Lang

Hexnode UEM