You can take advantage of the advanced hardware security features in Windows today without having to load any beta code.
When Windows 11 was introduced in late June of 2021, many were excited by its revamped user interface — and countless PC enthusiasts rushed to download the Windows Insider Developer Channel builds of the new OS. But, as they quickly discovered, the new OS has several new requirements for PCs to support its new hardware and virtualization-based security features. These features are critical for securing both consumer and business workloads alike from more sophisticated malware and exploit threats that are currently evolving in the wild. Also: Windows 11: Everything you need to know As it turns out, all of these features are already built-in to Windows 10 if you are running the 20H2 release (Windows 10 October 2020 Update). As a consumer, small business, or enterprise, you can take advantage of these if you deploy Group Policy or simply click into Windows 10’s Device Security menu to switch them on. You don’t need to wait until Windows 11’s release or buy a new PC. Trusted Platform Module (TPM) is a technology designed to provide hardware-based, security-related cryptographic functions. If you have a PC that was manufactured within the last five years, chances are, you have a TPM chip on your motherboard that supports version 2.0. You can determine this by opening up Device Manager and expanding „Security devices.“ If it says „Trusted Platform Module 2.0,“ you’re good to go. This is shown as „Security Processor“ in the Device Security Settings menu in Windows 10 (and Windows 11). So what does TPM actually do? It is used to generate and store cryptographic keys unique to your system, including an RSA encryption key unique to your system’s TPM itself. In addition to being used traditionally with smart cards and VPNs, TPMs are used to support the Secure Boot process. It measures the integrity of the boot code of the OS, including the firmware and individual operating system components, to make sure they haven’t been compromised. There’s nothing you need to do to make it work; it just does, provided it is not disabled in your UEFI. Your organization can choose to deploy Secure Boot on Windows 10 via Group Policy or an enterprise MDM-based solution such as Microsoft Endpoint Manager. While most manufacturers ship their PCs with TPM turned on, some may have it disabled, so if it doesn’t show up in Device Manager or shows it as disabled, boot up into your UEFI firmware settings and look.
