As the deadline for Windows 10 support looms, Microsoft is urging users to transition to Windows 11. However, a significant hurdle remains: the requirement for PCs to be equipped with Trusted Platform Module (TPM) version 2.0 prior to installation.
With many older PCs unable to meet this specification before the end of Windows 10 support in October 2025, Microsoft has reaffirmed its stance that this policy will remain unchanged.
Despite being on the market for over three years, Windows 11 still trails behind its predecessor in user adoption. According to StatCounter’s November 2024 data, Windows 10 commands a substantial 61.8 percent of the Windows market, while Windows 11 accounts for only 34.9 percent.
Microsoft’s Justification
In a recent blog post, Steven Hoskings from Microsoft elaborated on the rationale behind maintaining the TPM 2.0 requirement, acknowledging the challenges some organizations may face in adapting.
“It’s true that its implementation might require a change for your organization,” Hoskings noted. “Yet it represents an important step toward more effectively countering today’s intricate security challenges.”
TPM 2.0 enhances security through advanced encryption and key management capabilities, outpacing its predecessor, TPM 1.2. By integrating with features such as Secure Boot and Windows Hello for Business, TPM 2.0 is designed to address emerging security threats more effectively.
Guidance for Organizations
For organizations looking to transition before the impending deadline, Hoskings offers several recommendations:
- Evaluate current hardware for TPM 2.0 compatibility. Conduct a thorough assessment of existing hardware using tools like Microsoft Intune to identify which systems meet the TPM 2.0 requirements and determine necessary upgrades.
- Plan and budget for upgrades. Develop a comprehensive plan and budget for upgrading non-compliant hardware to TPM 2.0, considering the long-term benefits of enhanced security and regulatory compliance.
- Review security policies and procedures. Update organizational security policies to incorporate TPM 2.0 usage, and provide training for team members on new protocols and the importance of maintaining a secure IT environment.
For those unable to upgrade, Microsoft offers an extended support program for Windows 10, priced at per device for the first year of out-of-band security updates, with costs increasing annually. However, this extended support is not indefinite, and users will eventually need to make the transition.
Hoskings emphasizes the critical nature of TPM 2.0, stating, “It’s not just a recommendation – it’s a necessity for maintaining a secure and future-proof IT environment with Windows 11.” He further notes that it plays a vital role in the broader Zero Trust strategy, alongside Secure Boot, Credential Guard, and Windows Hello for Business.
