You can’t run Windows 11 on a PC that lacks essential security hardware. That’s a good thing. Less promising is the fact that you can disable these requirements. Don’t do that!
Asked why he robbed banks, the notorious Willie Sutton allegedly answered, “Because that’s where the money is.” By the same token, most malware coders hit Windows or Android because that’s where the security holes are. Once Windows 11 achieves wide usage, that may change. Microsoft has taken the bold step of requiring essential security hardware, even though it means some PCs won’t be able to upgrade. With the boot process shielded and cryptographic routines running in protected memory, this Windows edition would seem to be completely invulnerable against a wide range of attacks. Just how does this added security work? Microsoft will happily supply endless pages of detailed descriptions. For those who prefer a broader view, here’s a simple rundown of what I learned—and what I found when I installed the new OS. The TL;DR? The new OS may not look like a major update, but when it comes to security, it’s a sea change—unless you deactivate it. Installing Windows 11 on a Virtual Machine To get started, I needed to install Windows 11. I do almost all testing of security products using virtual machines. That way I can release real-world ransomware without worrying about real-world damage if the antivirus fails its defensive task. It only made sense for me to install Windows 11 in a virtual machine—especially the prerelease version, which is what was a available when I started testing. We’ve covered the basics of how to create a Windows 11 virtual machine, but I found I had to go beyond what our article suggested. The biggest tweaks I had to make involved security. My first attempt ended badly. I had barely gotten into the setup process when the installer announced, “This PC doesn’t meet the minimum requirements.” With no further details, that wasn’t very helpful. After several more false starts, I got the bright idea to use the PC Health Check app on an existing virtual machine. The verdict was clear and simple. In their default configuration, my virtual machines don’t support Secure Boot and don’t have a (virtual) Trusted Platform Module (TPM). I took another run at the problem, choosing to create a virtual machine with custom settings. This let me choose UEFI firmware with Secure Boot, a good start. In the last step, customizing hardware, I tried to add a TPM. The VMware screen explained, “The virtual machine must be encrypted and using UEFI firmware.” I gave installation a try but encountered the same warning about not meeting the requirements.
