Microsoft explains Windows 11 requirement of TPM 2.0

Windows 11 Start Surfacepro (Image credit: Daniel Rubino / Windows Central)

What you need to know

Microsoft explains in a new blog post how Windows 11 "enables security by design from the chip to the cloud.".
The company explains that requirements such as TPM 2.0 chips help ensure hardware-based security.
TPM 2.0 is a "critical building block" of Windows Hello and BitLocker, according to Microsoft.

The minimum requirements of Windows 11 have brought TPM 2.0 into the spotlight. TPM stands for Trusted Platform Module. Even though TPM 2.0 has been in new PCs for years, it's a technology that many hadn't heard of until this week. A new security blog post from Microsoft's director of enterprise and OS security, David Weston, explains the importance of TPM 2.0. The post also runs through some of the other security benefits of the new operating system.

Before diving into Windows 11, Weston runs through some of Microsoft's previous security efforts, including secured-core PCs and spending $1 billion per year on security. He then provides insight into some of the security aspects of Microsofts new operating system.

"All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust," explains Weston.

TPM is a chip that's integrated into a motherboard on a PC or added to a CPU. It helps protect sensitive data, user credentials, and encryption keys. It helps protect PCs from malware and ransomware attacks, which are becoming more common.

Specifically, TPM 2.0 is a "critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data," as explained by Weston.

HP ENVY 32 AIO Windows Hello — Source: Windows Central (Image credit: Source: Windows Central)

Weston also highlights that Windows 11 has out-of-the-box support for Microsoft Azure Attestation, which lets people enforce Zero Trust policies with supported mobile device managements.

Windows 11 also supports virtualization-based security, hypervisor-protected code integrity, Secure Boot built-in, and hardware-enforce stack protection for supported hardware from Intel and AMD.

The blog post is an interesting read for security professionals and those worried about device security, but for many people, the main takeaway is that TPM 2.0 isn't a Windows 11 requirement for an arbitrary reason.

With Windows 11, some PCs may be left behind because of TPM, and it's causing a lot of confusion

It's worth noting that the soft floor and hard floor minimum requirements are different for Windows 11. There's a chance that people will be able to get Windows 11 to run on devices with older TPM 1.2 chips, though we're waiting for more clarity on the situation.

Sean Endicott is a news writer and apps editor for Windows Central with 11+ years of experience. A Nottingham Trent journalism graduate, Sean has covered the industry’s arc from the Lumia era to the launch of Windows 11 and generative AI. Having started at Thrifter, he uses his expertise in price tracking to help readers find genuine hardware value.

Beyond tech news, Sean is a UK sports media pioneer. In 2017, he became one of the first to stream via smartphone and is an expert in AP Capture systems. A tech-forward coach, he was named 2024 BAFA Youth Coach of the Year. He is focused on using technology—from AI to Clipchamp—to gain a practical edge.