How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module? Do you use virtual Windows 10 machines to test the Intune and SCCM policies? Have you tried to enable BitLocker in a HyperV/VMware virtual machine?
Did you ever receive the following error while you try to enable BitlLocker on Windows 10 Virtual Machines?
This Device Can’t Use a Trusted Platform module. Your administrator must set the “Allow Bitlocker without a compatible TPM” option in the “Required additional authentication at startup” policy for OS volumes. More detailed demonstration in the above video or you can click here
How to Enable Bitlocker on HyperV
BitLocker will get automatically enabled on modern instant go devices like Surface Pro 3, Surface Pro 4, etc. But for other Windows 10 devices, each user needs to enable BitLocker via some other method. BitLocker can be enabled using Windows 10 MDM policies, Group Policies, SCCM Policies, etc.
All the above BitLocker enablement process is more or less straightforward. But to enable BitLocker on Windows 10 virtual machines are not straightforward. When we try to enable BitLocker from “This PC” or “Control Panel.”
The user needs to enable following group policy (GPEDIT.MSC) on Windows 10 VM to get rid of TPM error while enabling the BitLocker.
Local Computer Policy –> Computer Configuration –> Administrative Template –>
Windows Components –> Bitlocker Drive Encryption –> Operating System Drives –> Require additional authentication at startup –> ENABLE
Another important option in the BitLocker enablement process is to save the recovery key. We have four options to save the BitLocker key. Save to your Microsoft accounts have to a USB flash drive save to a file print the recovery key. How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module.