Why is TPM a requirement for Windows 11?

The minimum requirements to install Windows 11 have made TPM 2.0 the focus. While TPM 2.0 has been on PCs for years, it wasn’t until this week that the technology became known to the general public.

Accordingly, David Weston, Microsoft’s OS Security Manager, explains the importance of TPM 2.0. Besides, he also mentioned some other security benefits of Windows 11.

Why is TPM a requirement for Windows 11?

“All tested Windows 11 systems will come with a TPM 2.0 chip to ensure customers can benefit from security backed by hardware root of trust,” Weston said.

TPM is a chip that is either integrated with the motherboard on a PC or added to the CPU. TPM not only helps protect data, user logins and encryption keys, but also protects PCs from malware and ransomware attacks – which are becoming increasingly common.

Specifically, according to Weston, TPM 2.0 is a key element in providing security for Windows Hello and BitLocker to help customers better protect their identities and personal data.

Despite the confusion surrounding this new criterion, it is not very novel. Since 2016, Microsoft has mandated the inclusion of TPM 2.0 in all new prebuilt PCs manufactured that run any version of Windows 10 for desktop. If you purchased a Windows 10 device in the last couple years from a retailer, there’s a good chance you’re already protected and can install Windows 11 right now. To check for updates, navigate to Settings > Windows Update > Check for Updates.

However, this excludes a sizable portion of the computer market. For example, custom-built PCs may employ motherboards and processors that lack a TPM or disable it by default. While the majority of Windows devices are secured, some are not, making it more difficult to roll out security measures consistently.

Microsoft’s efforts to eliminate passwords for Microsoft accounts are a prominent example of this. Passwords are paradoxical in that they are tough for humans to remember yet frequently simple for attackers to guess. The corporation has advocated for password alternatives that rely on authenticators on your phone, biometric data, or even a PIN that, when kept in a TPM, can be more secure and easier to use than a password.

While some of these functionalities are achievable without a TPM, they are far more secure with one. By requiring the TPM on all Windows 11 systems, Microsoft can establish a minimum level of security. The disadvantage is that it may leave some individuals behind who have otherwise capable computers. That is a worthwhile trade-off for Microsoft.

TPM 2.0 is a key element in providing security for Windows Hello.

According to him, Azure Attestation is also supported in Windows 11. This allows anyone to enforce Zero Trust policies with supported mobile device management features.

In addition, Windows supports virtualization-based security, built-in Secure Boot, and Hardware-enforced Stack Protection for hardware provided by Intel and AMD.

Suffice to say, his explanations for security professionals and those interested in device security are interesting. However, for others, they see the reason that Windows 11 requires TPM 2.0 is not arbitrary.

It should be noted that, for Windows 11, the minimum requirements for soft floor and hard floor are different. People can still run Windows 11 on devices with TPM 1.2 chip, but we still need to wait for more specific information.

Mr. Weston played a significant role in Microsoft’s security, including launching secure core PCs and spending $1 billion a year on security. volume_upcontent_copysharestar_border