The Trusted Platform Module (TPM) chip has been a standard in business-grade laptops for years. Now that Windows 11 will require TPM 2.0 chips, you should check to see if your existing machine has this chip. To check your TPM status:
1. Type tpm.msc in the Windows search bar, and press Enter.
2. The Trusted Platform Module (TPM) Management window will appear. In the middle of the window, confirm:
- Status should show “The TPM is ready for use”
- TPM Manufacturer Information should show “Specification Version: 2.0”
That’s it! You can close the tpm.msc window.
If you don’t see both that your TPM is ready for use and that it’s version 2.0, then your workstation will not be able to upgrade to Windows 11 and will likely need to stay at Windows 10 for the rest of its lifecycle. While is possible to add a TPM chip to certain workstations, it’s likely not cost-effective to spend the time finding a compatible TPM 2.0 chip, having it installed, and then configuring it so Windows can recognize that it is installed.
The main reason that TPM 2.0 is required by Windows 11 is that it ensures the integrity of your workstation. During the normal startup of your machine, and multiple times while you use it, the TPM is being used as a 'root of trust' or a 'trust anchor,' allowing multiple cryptographic security functions to be based on it.
This establishes secure device identification and device integrity validation, which is extremely valuable to multiple security functions on the device itself or on systems that the device is interacting with, like a cloud system.
The TPM chip can also store full disk encryption keys. Windows’ built-in encryption tool, Bitlocker, requires a TPM chip to work properly. Microsoft has had a significant focus on a Zero Trust security framework, which requires device integrity and a reliable way to confirm that the device hasn’t been tampered with.
We hope this article helps you and your business prepare for Windows 11 and Zero Trust security by making sure your workstations have a central component that makes this possible: the TPM 2.0 chip.
WHAT TO READ NEXT:
- How to Eliminate RDP Vulnerabilities
- Net Friends' Response to the Kaseya Breach
- How Do We Get to Universally Safe Networks?