3 easy steps to enable BitLocker encryption on a VM with TPM
If you are looking for how to encrypt a virtual machine (VM), how to enable a Trusted Platform Module on a VM, how to enable BitLocker device encryption using TPM, you are at the right place!
Encryption helps to protect the data on your device so it can only be accessed by people who’ve been authorized. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM).
In this post, I’ll walk you through the following sections:
Pre-requisite:
As per vmware, VMware Workstation Pro 14+ supports TPM version 2.0, hence, create a virtual machine with a minimum hardware version of 14 that uses the UEFI firmware type. Link to download latest VMware workstation pro.
Step 1: Encrypt a virtual machine:
1. Power off the virtual machine.
2. Select the virtual machine and select VM > Settings.
3. On the Options tab, select Access Control.
4. Click Encrypt.
5. Type an encryption password and click Encrypt.
Step 2: Enable TPM on a VM:
Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. Let’s see how to enable TPM on a VM.
1. Select the virtual machine and select VM > Settings.
2. Click Add.
3. Click Trusted Platform Module.
4. Click Finish.
5. Click OK.
Check the TPM Status:
To verify if the TPM has been enabled on the VM, login to the VM and type TPM.msc in the run command and press enter. This opens the TPM management on the local computer. Under Status, it shows TPM is ready for use. For the TPM version, look for the details under TPM Manufacturer Information as shown below.
Step 3: Enable BitLocker Encryption:
- In the search box on the taskbar, type Manage BitLocker and then select it from the list of results. Note: You’ll only see this option if BitLocker is available for your device. It isn’t available on Windows 10 Home edition.
- Select Turn on BitLocker and then follow the instructions.
Checking BitLocker Encryption status: (From Manage BitLocker Console)
- Navigate to Manage BitLocker console as described above.
- View the status that is reported in the console.
- If encrypting, the status will show that BitLocker is encrypting
- If encrypted, the status will show that BitLocker is on and show a lock icon as shown below.
Checking BitLocker Encryption status: (From Command Line)
- Right-click Command Prompt and select “Run as Administrator”
- In the command prompt, type “manage-bde -status” and press Enter.
- View the status of BitLocker on the drives in the system.
I hope this article has helped you to learn about the process of device encryption. If you have any questions or feedback, you can post them in the comments section. I’ll be happy to hear from you.