I ran into the following error after pushing an image to a Microsoft Surface Book and configuring the imaged device for a new user. I tried to Turn on BitLocker and immediately saw:
This device cannot use a Trusted Platform Module. Your administrator must set the “Allow Bitlocker without a compatible TPM” option in the “Required additional authentication at startup” policy for OS volumes
During the imaging process I had turned off TPM via BIOS, so I rebooted into BIOS ad made sure TPM was enabled. Next I saved and exited BIOS and restarted. WIth TPM enabled in BIOS I did the following:
- Entered Device manager: (Type device Manager in Start Menu)
- In Device Manager, look for “Security Devices” (If you don’t see “Security Devices”, click on “View” and “Show hidden devices”.
- Under Security Devices you should See “Trusted Platform Module 2.0” or similar
- Right Click on that and select Properties
- Mine showed the device was not detected
- I then clicked on cancel (In the TPM Properties screen)
- I then Right Clicked on TPM module and selected “Uninstall device”
- This required a reboot which I did.
- After reboot I checked the device manager and TPM was shown as working properly. I was then able to turn on and configure BitLocker