Microsoft explains Windows 11 requirement of TPM 2.0

News
By Sean Endicott
last updated

TPM 2.0 is a somewhat controversial requirement for Windows 11, and now we have a better idea as to why it's needed.

Windows 11 Start Surfacepro
Windows 11 Start Surfacepro (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft explains in a new blog post how Windows 11 "enables security by design from the chip to the cloud.".
  • The company explains that requirements such as TPM 2.0 chips help ensure hardware-based security.
  • TPM 2.0 is a "critical building block" of Windows Hello and BitLocker, according to Microsoft.

The minimum requirements of Windows 11 have brought TPM 2.0 into the spotlight. TPM stands for Trusted Platform Module. Even though TPM 2.0 has been in new PCs for years, it's a technology that many hadn't heard of until this week. A new security blog post from Microsoft's director of enterprise and OS security, David Weston, explains the importance of TPM 2.0. The post also runs through some of the other security benefits of the new operating system.

Before diving into Windows 11, Weston runs through some of Microsoft's previous security efforts, including secured-core PCs and spending $1 billion per year on security. He then provides insight into some of the security aspects of Microsofts new operating system.

"All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust," explains Weston.

TPM is a chip that's integrated into a motherboard on a PC or added to a CPU. It helps protect sensitive data, user credentials, and encryption keys. It helps protect PCs from malware and ransomware attacks, which are becoming more common.

Specifically, TPM 2.0 is a "critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data," as explained by Weston.

HP ENVY 32 AIO Windows Hello

Source: Windows Central (Image credit: Source: Windows Central)

Weston also highlights that Windows 11 has out-of-the-box support for Microsoft Azure Attestation, which lets people enforce Zero Trust policies with supported mobile device managements.

Windows 11 also supports virtualization-based security, hypervisor-protected code integrity, Secure Boot built-in, and hardware-enforce stack protection for supported hardware from Intel and AMD.

The blog post is an interesting read for security professionals and those worried about device security, but for many people, the main takeaway is that TPM 2.0 isn't a Windows 11 requirement for an arbitrary reason.

With Windows 11, some PCs may be left behind because of TPM, and it's causing a lot of confusion

It's worth noting that the soft floor and hard floor minimum requirements are different for Windows 11. There's a chance that people will be able to get Windows 11 to run on devices with older TPM 1.2 chips, though we're waiting for more clarity on the situation.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.