Safeguard on Windows 10 without TPM

Question

Dear all, 
 i would like to know if it's possible to enable Safeguard full disk encryption on a Windows 10 Pro PC with a not working tpm chip. 
 if the answer is yes, what is the procedure ? 
 Thank you.

MichaelMcLannahan · Accepted Answer

No, it'll be a password that the user can set within Windows. It looks almost identical to the TPM PIN prompt but note it says password and NOT PIN

MichaelMcLannahan · Answer

Yes - Assuming your PC is domained you may need to alter the GPO to Allow BitLocker without a compatible TPM or modify the local policy. 
 
 You'll need to set a fallback policy for Sophos SafeGuard too, so that it does TPM OR Password/startup key. This is set in the Authentication policy section. 
 
 I have this running successfully here on a number of laptops and have a password to secure the device at boot instead of TPM And PIN. 
 
 I would add that if TPM is broken I would disable/hide it in BIOS so that the OS doesn't try to use it and then fails. 
 
 Hope this helps?

Marco Curtolo · Answer

It works. Thank you :)