The Windows 11 TPM 2.0 requirement has kept many organizations from installing the new operating system on their existing PCs.
Such organizations generally have a couple of choices about how to handle the TPM 2.0 predicament. One option is to circumvent Microsoft’s Windows 11 hardware requirements. However, as I explained in a recent article, doing so is a bad idea. It puts the machine into an unsupported state and may also prevent the machine from accessing security updates later on.
The second option is, of course, to buy new PC hardware. While this is arguably the best option for organizations to run Windows 11, it isn’t always practical. After all, there are costs associated with replacing aging PCs. Given the state of the economy, some organizations would understandably like to postpone their next PC refresh.
So, does that mean that most organizations are going to be stuck with Windows 10 for the foreseeable future? Maybe not. Unless your organization’s PCs are exceptionally old, there is a very real chance you can adopt Windows 11 right now -- without replacing the PCs or violating Microsoft’s hardware requirements and industry best practices.
Check for Disabled TPM Support
Several PC manufacturers include TPM 2.0 support on their PCs, but, by default, have historically left TPM 2.0 disabled. When Microsoft first announced the Windows 11 TPM 2.0 requirement, a flurry of bloggers told readers they can go into a PC’s Unified Extensible Firmware Interface (UEFI) and enable TPM 2.0 support. Although this is indeed good advice, many of the bloggers failed to mention two important points:
- Just because you don’t see an option to enable TPM 2.0 does not mean that the option does not exist.
- Even if your PC does not natively include TPM 2.0 support, it doesn’t mean that it cannot be added on (and for less money than you think).
Finding the Illusive TPM Option
As previously noted, many systems do in fact support TPM 2.0, even if they do not list TPM 2.0 in the system’s UEFI. The reason why has a bit to do with marketing.
TPM stands for Trusted Platform Module. It’s a somewhat generic term. The Trusted Computing Group, an organization that has been tasked with maintaining the TPM standard, essentially determined what it means for a machine to be TPM 2.0 compliant. The important thing to take away from this is that TPM is just a standard. PC manufacturers do not own this standard. That being the case, motherboard manufacturers often come up with their own names for TPM support.
All of this is to say that when you open your computer’s UEFI, you may find TPM 2.0 listed under a different name. Intel, for example, uses names such as Identity Protection Technology, or IPT, and Platform Trust Technology, or PTT.
If you find it difficult to locate the TPM option on a system, check the CPU type. Intel has universally supported TPM 2.0 since the days of the Skylake CPU. There are even a few Intel systems out there that support TPM 2.0 even though they predate Skylake. Similarly, AMD began supporting TPM 2.0 with its Ryzen 2500 CPU, although some systems require a firmware update.
Once you have determined whether a PC’s CPU supports TPM 2.0, you can do a web search to find out what the TPM feature was called in the system’s UEFI. You may also be able to find how to enable TPM 2.0, since the option is so often hidden behind multiple menus.
Adding on TPM Support
If you find that your system does not natively include TPM support, you may be able to install a TPM module. To do so, your PC’s system must have an SPI TPM 2.0 header. The cost of a TPM module varies, but you can often find TPM modules on Amazon for under $20.
If you plan to install your own TPM module, start by trying out one module. Do this before you place a large TPM module order for all your PCs. That way, you can verify that the module will work with the Windows 11 TPM 2.0 requirement. It’s also important to check compatibility information, since some add-on TPM 2.0 modules will only work with specific system boards.