Earlier today, Microsoft officially revealed Windows 11 and announced its anticipated release later this year. It seems, however, that not all Windows 10 devices will be eligible for the upgrade. Two key requirements are an 8th or newer generation Intel processor and TPM 2.0 chip – common to most, but not all, computers made in the last five years.
Already, there’s been an outcry online from users ineligible for the upgrade and confusion about what purpose the TPM serves. Although it’s possible (for now) to bypass the TPM requirement, we don’t recommend that. Here’s why we applaud Microsoft instead.
In a word: BitLocker. BitLocker full-volume encryption has been a godsend to anxious employers and corporations over the last year with employees working remotely more than ever. The ability to ensure a device and the business’s IP are encrypted at rest offers protection in the case of theft or accidental loss of device. An attacker, thief, or (hopefully innocent) purchaser of stolen goods can’t load and inspect your files by booting an alternate OS.
In combination with other device and OS hardening tactics, this offers robust protection that’s easy for enterprises to deploy and manage. We therefore welcome the new TPM requirement, as deploying and using BitLocker without an embedded TPM chip is a far more involved process for both IT management and the end user. All too often end user convenience is prioritised above security, so we’re thrilled to see Microsoft adopting a more balanced approach here, which will ultimately better protect users and companies.
Stay safe, stay encrypted, and as best you can, stay secure.
You can read more about how Windows uses TPMs here.