The upcoming Windows 11 will require a little-known security feature, TPM. The Trusted Platform Module has raised concern among users who can’t wait to try the upgraded OS. Surprisingly, despite the six years Microsoft had to prepare for the launch of Windows 11, it is still struggling to explain this new requirement.
This comes as a surprise, especially for users who have recently purchased a new PC for Windows 10. Even for older but capable machines, it’s unfortunate that they may not support Windows 11 if they lack the TPM.
We reached out to experts, trying to understand why Microsoft took this route and what users should know about TPM as a whole. Is the security feature a good or a bad thing? Let’s delve into their thoughts.
What is TPM?
Kenny Riley, Technical Director at Velocity IT, starts by introducing the TPM technology. A Trusted Platform Module chip, or TPM chip, is a hardware security component integrated into your PC’s motherboard or CPU. The purpose of a TPM chip is to protect user credentials, encryption keys, and other sensitive data on your hard drive against potential malware and ransomware attacks.
Ashu Singhal, President at Orion Networks, adds that TPM (trusted platform module) is a hardware chip that helps add an extra layer of security against software-based attacks. It can sense if your computer is infected, and you can use it to boot up in quarantine mode and clean up the viruses. Since it’s hardware-based, it’s difficult for most viruses and malware to infect it.
Riley continues to say that TPM chips have several use cases that enhance the overall security of PCs. For example, people use TPM to enable Windows BitLocker drive encryption. If a notebook has an included fingerprint reader, a TPM module stores the recorded fingerprints. If you use Windows Hello for facial recognition to log into your laptop, a TPM chip stores your facial profile.
Joe Cannata, Owner of Techsperts, LLC, adds that BitLocker utilizes the TPM chip and allows you to encrypt your hard drive fully for security purposes. Encrypting your hard drive is crucial for many reasons. One example of the importance of hard drive encryption is if a business laptop is left behind somewhere accidentally. With BitLocker hard drive encryption, a malicious actor would not succeed in extracting data from the hard drive without an encryption key to unlock the drive.
Adam Rippon, IT Support Specialist at Sydney Technology Solutions, adds that by combining Windows Hello and BitLocker, technology such as TPM makes it easier to protect users’ information and identities. With the requirement for Trusted Platform Modules on Windows 11, Microsoft is attempting to strengthen the protection of computers.
Is TPM a New Security Feature?
Microsoft introduced TPM in 2009. However, it has been updated several times throughout the years, and as of October 2014, TPM 2.0 is the current standard.
Riley notes that Windows 10 has had extensive support built into the operating system for TPM chips for a few years. However, as part of security upgrades, Microsoft is making TPM 2.0 a requirement to run Windows 11.
TPM chips have been included in most enterprise-grade PCs since 2016, so if your computer is relatively new, this requirement shouldn’t affect you. However, if you’re running an older computer or a non-enterprise grade PC, chances are you will need to add a TPM to your machine. For this to happen, your computer or laptop has to support TPM. You can add the feature on your own if you are technically savvy enough to do so. Alternatively, you will need to replace your PC with a new one with integrated TPM 2.0 support.
How to Check if Your PC Has a TPM Chip
You can easily verify if your PC currently has a TPM chip present or not from the Device Manager in Windows 10 by following these steps:
- Open Start
- Type Device Manager and click the top results to open the app
- Click on the Security Devices branch to expand it.
- Confirm if TPM exists and the module on your PC.
Is TPM a Good or a Bad Thing?
TPM chips these days are usually found only in business class PCs or higher-end consumer PCs, says Cannata. Their primary function is to provide encryption capabilities for your computer. With the upcoming release of Windows 11, Microsoft seems ready to list TPM chips as a system requirement. He believes this is a good move because it will force companies and end-users to enhance their data security.
Mike Shelah, the Director of Marketing and Business Development at Advantage Industries, adds his thoughts. He says that the TPM requirement is an extension of Microsoft’s overarching strategy towards greater security. Recently, the DoD has begun mandating all government contractors to follow CMMC (Cyber Maturity Model Certification) and the go-to solution set for this is Microsoft. With more mid-market and enterprise companies recognizing the need for better cybersecurity, Microsoft is responding.
Besides, the DoD will not be the only government entity to require CMMC. Other agencies are looking to add the requirement in the next 2-3 years. If that is the case, how long will it be before the commercial sector is faced with the same requirement? Cyber-attacks, phishing, and hacking are costing billions of dollars and putting thousands of companies permanently out of business. The answer seems to be mandating better security.
The Problem with TPM
However, Cannata also notes that the feature has some downsides. The downside is that lower-end computers that lack a TPM chip may need a replacement to take advantage of the enhanced security features.
His thoughts are backed up by Ilan Sredni, CEO and President at Palindrome Consulting, Inc. In theory, the TPM requirement is a great idea but in practice, it won’t work. TPM is mandatory in the current Windows 11 version, but it may not be a requirement for the final version. If it is, it won’t work on numerous desktop systems with no TPM available. In the long run, Microsoft may not keep to that requirement.
The TPM technology that is bound to become a requirement with Windows 11 is confusing for many users. The fact that computers without the chip won’t support Windows 11 is causing some unrest among some Microsoft users. The question is whether it should be a requirement that Microsoft should keep or discard.
As a business person, you may want more guidance on how this security feature affects your business. At Ulistic, we want to help you dispel any fears you might have about any possible business disruption that will come with the upgrade. Talk to Ulistic today, and we will guide you on what to do if you wish to move your systems to Windows 11.