When Microsoft announced Windows 11 more than three years ago, it was immediately controversial. Not only because of its unconventional interface, but also because of its high hardware requirements, which left many systems unable to run Windows 11 properly, such as TPM and Secure Boot.
Microsoft has repeatedly explained why features like TPM (Trusted Platform Module) 2.0, VBS (Virtualization-based Security), and Secure Boot are important for Windows 11 PCs. Microsoft requires that users' PCs support these features in order to use Windows 11, because of the enhanced security benefits they provide, and has released visual demos to better explain how these features work.
Recently, with the Windows 11 24H2 feature update, Microsoft updated one of the support articles on its official website titled “Automatic Device Encryption via BitLocker”, which Microsoft calls “Auto-DE”. Notably, this document mentions why TPM and Secure Boot are required for Device Encryption.
Below is the content of the supporting document before being edited.
Why is Device Encryption not available?
Here are the steps to determine why Device Encryption might be unavailable:
1. From the Start menu, type System Information, right-click System Information in the results list, and then select Run as administrator.
2. In the System Summary - Item list, look for the value Automatic Device Encryption Support or Device Encryption Support.
- The value provides the reason why Device Encryption cannot be enabled.
- If the value shows Meets prerequisites then Device Encryption is currently available on your device.
And here is the content of the supporting document after it has been edited.
Why is Device Encryption not available?
Here are the steps to determine why Device Encryption might be unavailable:
1. From the Start menu, type System Information, right-click System Information in the results list, and then select Run as administrator.
2. In the System Summary - Item list, look for the value Automatic Device Encryption Support or Device Encryption Support.
The value describes the support status of Device Encryption:
- Meets prerequisites: Device Encryption available on your device
- TPM is not usable: Your device does not have a Trusted Platform Module (TPM), or TPM is not enabled in the BIOS or UEFI.
- WinRE is not configured: Your device does not have Windows Recovery Environment configured.
- PCR7 binding is not supported: Secure Boot is disabled in BIOS/UEFI, or you have peripherals connected to your device during boot (such as a dedicated network interface, docking station, or external graphics card)
The article basically details what those missing “prerequisites” are. They include TPM, WinRE (Windows Recovery Environment), and Secure Boot.
Additionally, Microsoft also mentioned PCR7. PCR, or Platform Configuration Register, is a memory location on the TPM that is used to store hashing algorithms. PCR profile 7, or PCR7, is what BitLocker binds to. This binding ensures that the cryptographic key, in this case the BitLocker key, is only loaded during a certain time during the boot process, not before or after.
This is where Secure Boot comes into play as it verifies and authenticates the required Microsoft Windows PCA 2011 certificate during boot, as an invalid signature will result in BitLocker using profiles other than 7.
The resurgence of interest in BitLocker and encryption on Windows 11 24H2 came about recently when the Redmond giant unexpectedly lowered the OEM requirements for Auto-DE on the latest version of Windows, so that even home PCs can be automatically encrypted. Shortly after, the company also released a handy backup and recovery guide for BitLocker keys.
Not long ago, Microsoft also reaffirmed TPM 2.0 as a non-negotiable standard on its operating systems.
Modern versions of Windows still contain a lot of old code, and Microsoft generally tries to hide outdated parts, like the Control Panel, in favor of more modern components. However, there are some interesting exceptions.
Today, Microsoft officially launched another version of the Windows 11 operating system.
This will be the first price increase for Microsoft 365 Personal and Home subscriptions since Microsoft launched the Office 365 service 12 years ago.
After a long period of “living on the sidelines,” the Windows Mail, Calendar, and People apps are slowly approaching the end of their lifecycles. Microsoft recently updated its official documentation to clarify that the aforementioned apps will be completely retired on December 31, 2024.
Shortly after the official launch of Windows 11 version 24H2 last month, Microsoft acknowledged an unexpected issue with the Voicemeeter app.
Windows 11's only major update - version 24H2 - was released on October 1 and included quite a few new features.
If you can't get customers to choose your product voluntarily, make your product look almost like your competitors.
Microsoft is focusing on improving Copilot's referencing capabilities in Office documents. With the latest update, Word users can reference more data when creating, reviewing, and finalizing Word documents.
Microsoft today officially announced that the Xbox app is now available on select LG smart TVs.
After a long wait, the first major update of Windows 11 has officially been released.
Japanese investment giant Softbank is planning to invest between $15 billion and $25 billion in OpenAI. If the deal goes through, Softbank will become OpenAI’s largest investor, replacing Microsoft.
Recently, Microsoft has been continuously posting articles on the company's official blog urging users to upgrade to Windows 11 as the end of support for Windows 10 is approaching.
Recently, some independent review units have started to evaluate the performance experience of Windows 11 24H2 compared to version 23H2.
As the Windows 11 end-of-life deadline approaches, Windows 10 end-of-life (EOL) warning banners are popping up everywhere.
Unlike most other operating systems whether on smartphones or desktops, Windows 11 doesn't have a proper native battery percentage indicator on the taskbar.
When you tell Windows to delete a file, you usually want it gone forever. However, some data recovery applications and services can restore those files even if you think they've been completely deleted.
You may encounter an issue where Windows tells you your PIN is incorrect even though you entered it correctly.
Back in July 2024, Mozilla expressed its desire to extend Firefox support to Windows 7, 8, and 8.1, while other browsers like Chrome and Edge have abandoned versions of Microsoft's outdated operating system.
Modern versions of Windows still contain a lot of old code, and Microsoft generally tries to hide outdated parts, like the Control Panel, in favor of more modern components. However, there are some interesting exceptions.
According to Microsoft, Copilot is the future of Windows. But what if you want to try it but can't find Copilot? The following article will show you some tricks if Copilot doesn't appear on your Windows 11.
Over time, the files on your hard drive become fragmented and your computer slows down because it has to check multiple locations on the drive. To help your computer run more efficiently, you can use the built-in tools in Windows to defragment those files.
If you're wondering how well your Windows PC is performing, run the Windows Experience Index (WEI).
Today, Microsoft officially launched another version of the Windows 11 operating system.
On your PC, a lot of your personal information can be accessed without permission. That's because Windows data is stored publicly on the drive and is not encrypted or protected by encryption software, so anyone can access your confidential and private information.
Android Studio is the official IDE (Integrated Development Environment) for Android app development and it is based on JetBrains' IntelliJ IDEA software. Android Studio offers many great features that help improve productivity when building Android apps.
Windows 11 is officially leaked and you can even install it right now.
Phone Link lets you access your mobile device from your PC instantly. And users have the option to enable or disable the display of linked device names in Windows Share.
Since Windows Terminal Preview version 1.23.10353.0, Microsoft has added color customization so you can change the color according to your needs.
Accessing the Control Panel will help you adjust many system settings, because the Control Panel in Windows is a collection of applets, which are like small programs, each of which is used to configure different aspects of the operating system.
Setting up multiple monitors on Windows is quite simple and only takes a few minutes to do. After setting up multi-monitor mode (multiple screens), you can set up separate wallpapers for each screen. To do this, please refer to the article below from WebTech360.
