Why does Windows 11 require TPM 2.0?

TPM 2.0 is a hardware chip that stores cryptographic keys in a way the operating system cannot read directly. Windows 11 uses it for BitLocker drive encryption, Windows Hello biometric auth, Credential Guard, Measured Boot and Pluton (where present). Mandating TPM 2.0 raises the security floor for the entire Windows 11 fleet, which is the main reason Microsoft tightened the requirements compared to Windows 10.

Most enterprise hardware bought after 2018 has TPM 2.0 (sometimes disabled in firmware — enable it in BIOS/UEFI). Older hardware that lacks TPM 2.0 cannot run Windows 11 in a supported configuration.

Still unsure?

Talk to a licensing specialist for a written, signed quote tailored to your environment.