Safeguard on Windows 10 without TPM

Dear all,

i would like to know if it's possible to enable Safeguard full disk encryption on a Windows 10 Pro PC with a not working tpm chip.

if the answer is yes, what is the procedure ?

Thank you.

  • Yes - Assuming your PC is domained you may need to alter the GPO to Allow BitLocker without a compatible TPM or modify the local policy.


    You'll need to set a fallback policy for Sophos SafeGuard too, so that it does TPM OR Password/startup key. This is set in the Authentication policy section.


    I have this running successfully here on a number of laptops and have a password to secure the device at boot instead of TPM And PIN.


    I would add that if TPM is broken I would disable/hide it in BIOS so that the OS doesn't try to use it and then fails.


    Hope this helps?

  • In reply to MichaelMcLannahan:

    Dear Michael,

    thank you for the answer. But what it will be the pre-authentication method in this case ? The insert of domain user name and password as for Windows 7 ?

    Thank you again.

  • In reply to Marco Curtolo:

    No, it'll be a password that the user can set within Windows. It looks almost identical to the TPM PIN prompt but note it says password and NOT PIN