When Microsoft announced Windows 11 more than three years ago, it was immediately controversial. Not only because of its unconventional interface, but also because of its high hardware requirements, which left many systems unable to run Windows 11 properly, such as TPM and Secure Boot.
Microsoft has repeatedly explained why features like TPM (Trusted Platform Module) 2.0, VBS (Virtualization-based Security), and Secure Boot are important for Windows 11 PCs. Microsoft requires that users' PCs support these features in order to use Windows 11, because of the enhanced security benefits they provide, and has released visual demos to better explain how these features work.
Recently, with the Windows 11 24H2 feature update, Microsoft updated one of the support articles on its official website titled “Automatic Device Encryption via BitLocker”, which Microsoft calls “Auto-DE”. Notably, this document mentions why TPM and Secure Boot are required for Device Encryption.
Below is the content of the supporting document before being edited.
Why is Device Encryption not available?
Here are the steps to determine why Device Encryption might be unavailable:
1. From the Start menu, type System Information, right-click System Information in the results list, and then select Run as administrator.
2. In the System Summary - Item list, look for the value Automatic Device Encryption Support or Device Encryption Support.
- The value provides the reason why Device Encryption cannot be enabled.
- If the value shows Meets prerequisites then Device Encryption is currently available on your device.
And here is the content of the supporting document after it has been edited.
Why is Device Encryption not available?
Here are the steps to determine why Device Encryption might be unavailable:
1. From the Start menu, type System Information, right-click System Information in the results list, and then select Run as administrator.
2. In the System Summary - Item list, look for the value Automatic Device Encryption Support or Device Encryption Support.
The value describes the support status of Device Encryption:
- Meets prerequisites: Device Encryption available on your device
- TPM is not usable: Your device does not have a Trusted Platform Module (TPM), or TPM is not enabled in the BIOS or UEFI.
- WinRE is not configured: Your device does not have Windows Recovery Environment configured.
- PCR7 binding is not supported: Secure Boot is disabled in BIOS/UEFI, or you have peripherals connected to your device during boot (such as a dedicated network interface, docking station, or external graphics card)
The article basically details what those missing “prerequisites” are. They include TPM, WinRE (Windows Recovery Environment), and Secure Boot.
Additionally, Microsoft also mentioned PCR7. PCR, or Platform Configuration Register, is a memory location on the TPM that is used to store hashing algorithms. PCR profile 7, or PCR7, is what BitLocker binds to. This binding ensures that the cryptographic key, in this case the BitLocker key, is only loaded during a certain time during the boot process, not before or after.
This is where Secure Boot comes into play as it verifies and authenticates the required Microsoft Windows PCA 2011 certificate during boot, as an invalid signature will result in BitLocker using profiles other than 7.
The resurgence of interest in BitLocker and encryption on Windows 11 24H2 came about recently when the Redmond giant unexpectedly lowered the OEM requirements for Auto-DE on the latest version of Windows, so that even home PCs can be automatically encrypted. Shortly after, the company also released a handy backup and recovery guide for BitLocker keys.
Not long ago, Microsoft also reaffirmed TPM 2.0 as a non-negotiable standard on its operating systems.
Windows 11 version 21H2 is one of the major original releases of Windows 11 that began rolling out globally on October 4, 2021.
The year 2023 saw Microsoft betting heavily on artificial intelligence and its partnership with OpenAI to make Copilot a reality.
Microsoft introduced Bluetooth LE (low energy) Audio support with Windows 11 22H2 KB5026446 (build 22621.1778), also known as Moment 3, in May 2023.
After keeping things the same for years, the Sticky Note update in mid-2024 changed the game.
Today, Microsoft officially announced the general availability of Windows Server 2025 along with System Center 2025.
There's always something incredibly cool about the nostalgic user interface of 90s versions of Windows.
More than three years ago, when Microsoft announced Windows 11, the operating system immediately caused a lot of controversy.
The October 2024 report provides an overview of Windows 11's market share compared to other versions of Windows.
Microsoft is said to be getting closer to launching its first foldable smartphone when it was granted a patent for a foldable phone with the ability to fold 360 degrees but without creating wrinkles on the screen on October 1.
In a new post on its Tech Community website, Microsoft has announced plans to discontinue WSUS driver synchronization in favor of its latest cloud-based driver services.
Windows Photo Viewer was first released alongside Windows XP and has quickly become one of the most frequently used tools on Windows.
The latest previews of Windows 11 that Microsoft released this week include an improved About section in the Settings app, where users can get more information about the hardware inside their computer.
To address common issues faced by PC gamers, Microsoft has finally made the Windows operating system easier to navigate with an Xbox controller.
The April security updates for Windows 11 silently created a new empty folder on the C drive.
Microsoft has invested billions of dollars in OpenAI since 2019, although the Redmond-based software giant is by no means the primary investor in the innovative AI startup.
Error code 0xc0000098 in Windows causes a blue screen error on startup. The ACPI.sys driver is often to blame, especially on unsupported versions of Windows 11 like 23H2 or 22H2 or Windows 10.
In some cases, sometimes you start your computer in Safe Mode and the computer freezes. So how to fix the error in this case, please refer to the article below of WebTech360.
Snipping Tool is a powerful photo and video capture tool on Windows. However, this tool sometimes has some errors, such as constantly displaying on the screen.
Every network has a router to access the Internet, but not everyone knows how to make the router work better. In this article, we will introduce some router tips to help speed up the wireless connection in the network.
If the results seem slower than expected, don't be too quick to blame your ISP - mistakes when performing the test can skew your numbers.
In the article below, we will introduce and guide you to learn about the concept of QoS - Quality of Service on router devices.
Windows has a built-in Credential Manager, but it's not what you think it is—and certainly not a replacement for a password manager.
Microsoft charges for its official codecs and doesn't include them in Windows 10. However, you can get them for free without pulling out your credit card and spending $0.99.
While having trouble accessing files and folders can be frustrating, don't panic—with a few simple tweaks, you can regain access to your system.
After creating a USB boot to install Windows, users should check the USB boot's performance to see if it was created successfully or not.
Although Windows Storage Sense efficiently deletes temporary files, some types of data are permanent and continue to accumulate.
You can turn off Windows 11 background apps to optimize performance, save battery and reduce RAM consumption.
When a computer, mobile device, or printer tries to connect to a Microsoft Windows computer over a network, for example, the error message network path was not found — Error 0x80070035 may appear.
We can block Internet access for any application or software on the computer, while other programs can still access the network. The following article will guide readers on how to disable Internet access for software and applications on Windows.
Instead of paying $30 for a year of security updates, keep Windows 10 safe until 2030 with this simple solution.
