BitLocker is a full-disk encryption feature included with select editions of Windows Vista and later. It is designed to protect data by providing encryption for entire volumes. Bit-Locker feature included with Professional, Ultimate and Enterprise editions of Microsoft Windows. You can simply Right-click on the Drive and select Turn on BitLocker to encrypt a volume in Windows 10. But users notice while turn on Bitlocker Drive Encryption fail with error This device can’t use a Trusted Platform Module. And the BitLocker encryption cant start, The full message would be like.
This device can’t use a Trusted Platform Module. Your administrator must select the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
Enable BitLocker without TPM windows 10
If you are also struggling with a similar error This device can’t use a Trusted Platform Module while enabling BitLocker and looking for a solution to fix this problem. Here fallow bellow we have some tips to fix and allow Bitlocker without a compatible TPM.
Before the move to troubleshooting first, understand What exactly the error. What is a Trusted Platform Module (TPM) and what is the Administrator policy?
What is a Trusted Platform Module (TPM)
This is basically a chip that is on newer processors that have extra security features. When BitLocker uses TPM, it stores the encryption key on the chip itself. If you don’t have a chip that supports TPM, then you can still use BitLocker, but you’ll have to store the encryption key on a USB stick.
So what’s all the stuff about selecting X and Y policy for OS volumes? Basically, it’s a group policy setting that has to be changed that will allow BitLocker to work without the TPM requirement. And using group policy you can Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) to enable Bitlocker without a TPM chip. Let’s see how to this on Group policy.
Note: As this Bitlocker only available to windows pro editions the same thing group policy also only available on pro editions. The Group policy feature is not available on Windows Home and starter editions.
Enable BitLocker in Windows 10 without TPM chip
Now we need to first open the Local Group Policy editor to Allow Bitlocker without TPM.
- Press Windows key + R, type gpedit.msc and hit the enter key.
- In the Group Policy Editor, navigate to Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives.
- Double click on Require additional authentication at startup in the main window. Pay attention to choose the right option as there is another similar entry for (Windows Server).
- Now select Enabled in the upper left and activate Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) check box below.
That’s all now click Apply, OK and exit the Group Policy Editor.
Update the Group policy to take effect changes Immediately. To do this press Win + R on run Type gpupdate / force and hit enter key.
A command prompt will open with updating policy. after successfully complete the update close command and move to Turn On Bitlocker Drive Encryption. Now This time you didn’t face any problem or error.
Hope After performing these steps your problem This device can’t use a Trusted Platform Module error while Turn on BitLocker will be fixed.