Windows 11 TPM requirements — Microsoft finally clears up confusion

How to check Windows 11 compatibility if PC Health Check doesn’t work
(Image credit: Shutterstock)

The announcement of Windows 11’s system requirements could have gone better. Microsoft certainly could have done more to communicate what TPM 2.0 was, and why the operating system required it.

But now we’re in the run-up to the Windows 11 October 5 launch, Microsoft seems to be trying to clear up all the confusion. That involves actually telling people what TPM 2.0 is, and how it can be activated.

A TPM is one of those things the majority of people have never even heard of, which caused a lot of confusion when Windows 11’s system requirements were announced. It didn’t help that some manufacturers, like ASUS, were updating older hardware that seemingly bypassed the TPM 2.0 requirement altogether.

Microsoft tweeted out a response to the confusion, with a link to a support page explaining some of the basics of TPM 2.0 and how to make sure it’s enabled.

See more

The support page clarifies that “most PCs” that shipped over the past five years are capable of running the TPM 2.0 module. However, not all of them are actually set up to run the module, and it may be up to the user to check whether it’s been enabled or not. 

As the page points out, a lot of retail motherboards, often used by people building their own PCs from scratch, have a TPM but ship with it switched off. The support page explains different ways the TPM module can be activated, though Microsoft points out that anyone unfamiliar with this “level of technical detail” should “consult your PC manufacturer’s support information for more instructions specific to your device”.

However anyone hoping to use a virtual machine with Windows 11 better be quite selective with how they go about it. Virtual machine owners have started reporting that the latest pre-release builds of Windows 11 are locking them out for not meeting the TPM requirements. Because virtual machines don't have physical TPM hardware to refer to.

So if you plan on using Windows 11 virtually, be sure to use virtual machine software that can simulate a TPM. Unfortunately those appear to cost money.

Why is TPM even required for Windows 11?

Microsoft has explained that the TPM 2.0 module is needed as an “important building block” for a number of Windows 11’s features. Features like identity protection with Windows Hello, BitLocker and so on.

The TPM also helps encrypt crucial data, so if your machine ever gets stolen all the information on your hard drive is kept safe. This is provided the TPM is still enabled, which explains why Windows 11 is requiring it at a system level.

However, since a lot of TPMs may not be enabled by default, it means users may well need to go beyond their comfort zone to activate them in the BIOS. And one wrong move could end up with some pretty disastrous consequences, like a bricked machine. 

So if you don’t know what you’re doing, take your computer to someone who does. A licensed computer technician should be able to handle activating a dormant TPM. And if they mess it all up, then that’s their problem to deal with and not yours.

Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.

  • russell_john
    The latest BIOS for my Asus x570 motherboard had TPM enabled by default .... Anyone that uses Bitlocker also has TPM enabled

    One other thing you got wrong is most motherboards no longer have an actual TPM module but have it built into the UEFI BIOS .... You mainly only need a module if you have an older motherboard or CPU .... A lot of people are running out and buying a TPM module when they don't even need one because they already have it built into the CPU and Motherboard BIOS. For instance my old Gigabyte B350 board had a header for a TPM module but as long as you used a Ryzen 2000 or newer CPU you didn't need it because it's built into the CPU and BIOS
    Reply
  • johnnyts
    What I don’t like with the way MS is pushing this, is that TPM2 module, is not actually required to run windows. Yes It does come with some extra security benefits, but it is in no way necessary. They could easily let people install it and show a big red notification or something when they do the installation.

    if they want to do something radical, better to get rid of the ages old code they carry to support 25 years old applications or start using the same UI language/design for all of the OS and their apps.
    Reply
  • gameboie
    I didn't think my computer supported this until the motherboard manufacturer (ASUS) released a list of motherboards that supported it, and how to enable it.
    Reply
  • tomuxi
    Actually TPM 2.0 can be installed as a firmware upgrade to some models. But alas, Microsoft also has a supported CPU model list and older ones are not supported even though they would be technically quite capable of running Windows 11.
    Reply