Do you use virtual Windows 10 machines to test the Intune and SCCM policies? Have you tried to enable BitLocker in a HyperV/VMware virtual machines? Did you ever receive the following error while you try to enable BitlLocker on Windows 10 Virtual Machines?
This Device Can’t Use a Trusted Platform module. Your administrator must set the “Allow Bitlocker without a compatible TPM” option in the “Required additional authentication at startup” policy for OS volumes.
More detailed demonstration in the above video or you can click here
BitLocker will get automatically enabled on modern instant go devices like Surface Pro 3, Surface Pro 4, etc. But for other Windows 10 devices, each user needs to enable BitLocker via some other method. BitLocker can be enabled using Windows 10 MDM policies, Group Policies, SCCM Policies, etc.
All the above BitLocker enablement process is more or less straightforward. But to enable BitLocker on Windows 10 virtual machines are not straight forward. When we try to enable BitLocker from “This PC” or “Control Panel.” User needs to enable following group policy (GPEDIT.MSC) on Windows 10 VM to get rid of TPM error while enabling the BitLocker.
Local Computer Policy –> Computer Configuration –> Administrative Template –> Windows Components –> Bitlocker Drive Encryption –> Operating System Drives –> Require additional authentication at startup –> ENABLE
Another important option in BitLocker enablement process is to save the recovery key. We have four options to save the BitLocker key.