Microsoft Discloses TPM Chip Requirements For Windows 11

The company says it’s setting a ‘hard floor’ of TPM 1.2 in order to install the new operating system, though TPM 2.0 is recommended.

Microsoft has posted the specific requirements for the Trusted Platform Module (TPM) chip that will be needed to install Windows 11, indicating that TPM 2.0 is recommended but not a firm requirement for running the operating system.

[Update: Microsoft Now Says TPM 2.0 Chip Is Required For Windows 11]

In its announcement on Thursday, Microsoft said that a security chip, such as the TPM 2.0 chip, will be required to run Windows 11 on a PC.

However, while TPM 2.0 is ideal, that exact version is not actually required, according to Microsoft documentation on Windows 11 compatibility.

As long as a PC has at least TPM 1.2, it will meet the minimum security requirements for Windows 11, Microsoft said. TPM 1.2 is the “hard floor” for installing Windows 11, the company said.

“Devices that do not meet the hard floor cannot be upgraded to Windows 11, and devices that meet the soft floor will receive a notification that upgrade is not advised,” Microsoft said in the documentation.

The disclosure comes amid an expectation that the TPM requirement will prevent many PCs from getting Windows 11.

Solution provider partners of Microsoft told CRN on Thursday that the move to require TPM is a win for improving security posture among customers.

The TPM chip requirement gives a boost to a zero trust security approach, said Michael Montagliano, chief of innovation at ProArch, an Atlanta-based Microsoft Gold partner.

“It’s really critical to helping us make certain that that device and that identity is verified,” he said. “That is really important for this zero trust initiative. If organizations start adopting this type of mentality, and leveraging this kind of mindset, we’re going to have much more secure environments.”

The move is timely, given that businesses have gone from having a single office and network to having “hundreds of offices and insecure networks,” said Ryan Loughran, reactive service manager at Valiant Technology, a New York-based MSP.

“Security is so much more important now since you don’t have that single office control that we used to have,” he said. “Hardening endpoints is probably the single most important thing that IT providers should focus on.”

In addition to the TPM requirement, security capabilities such as hardware-based isolation, secure boot and hypervisor code integrity will be turned on in Windows 11 by default, as protection against malware and “sophisticated” attacks, said Nicole Dezen, vice president for device partner sales in the Global Partner Solutions organization at Microsoft, in a blog post.

Microsoft also released minimum requirements for Intel, AMD and Qualcomm processors needed to run Windows 11.

For Intel Core chips, support for Windows 11 starts at the eighth-generation line, meaning that PCs with seventh-gen Intel Core chips and older would not be compatible with Windows 11, based on Microsoft’s disclosure.

The first builds of Windows 11 will begin rolling out to Windows Insider testers early next week, and Windows 11 will be generally available this holiday as a free update for compatible Windows 10 PCs, Microsoft said. Windows 11 will only see one major feature update per year, in contrast to the twice-a-year feature updates for Windows 10, the company disclosed.