How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module? Do you use virtual Windows 10 machines to test the Intune and SCCM policies? Have you tried to enable BitLocker in a HyperV/VMware virtual machine?

Did you ever receive the following error while you tried to enable BitLocker on Windows 10 Virtual Machines?

This Device Can’t Use a Trusted Platform module. Your administrator must set the “Allow Bitlocker without a compatible TPM” option in the “Required additional authentication at startup” policy for OS volumes.  More detailed demonstration in the above video, or you can click here

Patch My PC
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module

How to Enable Bitlocker on HyperV

BitLocker will get automatically enabled on modern instant go devices like Surface Pro 3, Surface Pro 4, etc. But for other Windows 10 devices, each user needs to enable BitLocker via another method. BitLocker can be enabled using Windows 10 MDM policies, Group Policies, SCCM Policies, etc.  

All the above BitLocker enablement process is more or less straightforward. But to enable BitLocker on Windows 10 virtual machines are not straightforward. When we try to enable BitLocker from “This PC” or “Control Panel.” 

The user needs to enable the following group policy (GPEDIT.MSC) on Windows 10 VM to get rid of the TPM error while enabling the BitLocker.  

Local Computer Policy –> Computer Configuration –> Administrative Template –>
Windows Components –> Bitlocker Drive Encryption –> Operating System Drives –> Require additional authentication at startup –> ENABLE
 

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module

Another important option in the BitLocker enablement process is to save the recovery key. We have four options to save the BitLocker key. Save to your Microsoft accounts have to a USB flash drive save to a file, print the recovery key. How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module.

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a logger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.