My laptop runs on Windows 10, but I want to test the Microsoft BitLocker feature on Windows 11 VM. How should I proceed it? Additionally, it seems that my computer doesn’t currently have a TPM chip installed.
Enabling BitLocker encryption on a virtual machine is similar to doing so on a physical computer, but it requires consideration of virtualization environment specifics. Additionally, the performance and storage capabilities of the virtual machine may impact the encryption process when enabling BitLocker in a virtualized environment.
1. Ensure that the virtual machine's operating system version supports BitLocker.
2. Ensure that the virtual machine is running in a virtualization environment that supports BitLocker, such as Hyper-V, VMware Workstation, VirtualBox, etc.
3. Ensure that the virtual machine's hard disk has sufficient space for BitLocker encryption. The BitLocker encryption process requires adequate space to store encrypted data.
As Windows 11 must work on TPM 2.0, so you won’t be able to successfully installed Windows 11 Virtual Machine unless you add a TPM module. And without TPM, you may encounter the error prompt as follows. Here’s how to add it:
Step 1 Right-click on Windows 11, Select "Settings" from the menu.
Step 2 Click on "Add" button.
Step 3 Select "Trusted Platform Module", then "Finish".
Step 4 Press "<Win + R >", type "tpm.msc" in the text box, and then press Enter to check if TPM is ready for use. Boot the computer, start the BitLocker Drive Encryption.
If you’ve bypass the TPM verification when installing Windows 11, by updating the Group Policy, you can Turn On BitLocker for Operating System Drive Without Tpm. Follow the guidance in the linked article to achieve it.
If the following error message occurs, use the following steps to resolve it:
BitLocker Drive Encryption detected bootable media (CD/DVD) in the computer. Remove the media and restart the computer before configuring BitLocker
Step 1 Right-click on "Windows 11", then select "settings".
Step 2 Click "CD/DVD", then tap the "remove" button.
Step 3 Reboot the laptop, retry to enable BitLocker Encryption.
Step 1 Type "Control Panel" in the search box, and press "Enter". In the "View by" option, select "Large icons", then choose BitLocker Drive Encryption.
Step 2 Select the drive to encrypt, click "Turn on BitLocker".
Step 3 Choose encryption options, such as using a password for protection.
Step 4 Click "Next", then "Save to file" or "Print password" to back up the recovery key.
Step 5 Follow the guidance to go on BitLocker Encryption, until restart to run the system check. After completing the wizard, the system will begin encrypting the drive. This process may take some time, so please be patient.
Note: Remember to back up the recovery key file in a safe location.
In VM, you can Manage BitLocker by "Control Panel" > "System and Security" > "BitLocker Drive Encryption", including settings like "Suspend protection", "Back up recovery key", "Turn off BitLocker".
During the BitLocker encryption process, if there is no BitLocker process pause and it’s abruptly interrupted, it may lead to disk damage and irreversible data loss.
Lydia
By default, Windows Preinstallation Environment(WinPE) does not include support for BitLocker, so you need to create a WinPE image that includes BitLocker components.
Benjamin
The error code 0x8031004A when backing up files indicates that there’s something wrong with your device, you can change another drive for file backup, or you can fix this issue by following methods.
Lydia
Actually the BitLocker Yellow Triangle Warning is a notice or warning that BitLocker was not activated. The BitLocker drive encryption of the drive is on, but it’s not in BitLocker Drive Protection yet.
Lydia
