deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

clean/linted tpm recs

Browse Source
This commit is contained in:
martyav
2019-08-01 15:53:15 -04:00
parent c2dcb444d1
commit d1fcdadae4
1 changed files with 37 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
windows/security/information-protection/tpm/tpm-recommendations.md
View File

@ -20,6 +20,7 @@ ms.date: 11/29/2018
# TPM recommendations # TPM recommendations
**Applies to** **Applies to**
- Windows 10 - Windows 10
- Windows Server 2016 - Windows Server 2016
@ -108,25 +109,23 @@ For end consumers, TPM is behind the scenes but is still very relevant. TPM is u
The following table defines which Windows features require TPM support. The following table defines which Windows features require TPM support.
| Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details | Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details |
|-------------------------|--------------|--------------------|--------------------|----------| -|-|-|-|-
| Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot | Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot
| BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required, but [Automatic Device Encryption requires Modern Standby](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) including TPM 2.0 support | BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required, but [Automatic Device Encryption requires Modern Standby](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) including TPM 2.0 support
| Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. | Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0.
| Windows Defender Application Control (Device Guard) | No | Yes | Yes | | Windows Defender Application Control (Device Guard) | No | Yes | Yes
| Windows Defender Exploit Guard | No | N/A | N/A | | Windows Defender System Guard | Yes | No | Yes
| Windows Defender System Guard | Yes | No | Yes | | Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported.
| Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. | Device Health Attestation| Yes | Yes | Yes
| Device Health Attestation| Yes | Yes | Yes | | Windows Hello/Windows Hello for Business| No | Yes | Yes | Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support.
| Windows Hello/Windows Hello for Business| No | Yes | Yes | Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. | UEFI Secure Boot | No | Yes | Yes
| UEFI Secure Boot | No | Yes | Yes | | TPM Platform Crypto Provider Key Storage Provider| Yes | Yes | Yes
| TPM Platform Crypto Provider Key Storage Provider| Yes | Yes| Yes | | Virtual Smart Card | Yes | Yes | Yes
| Virtual Smart Card | Yes | Yes | Yes | | Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM.
| Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM. | Autopilot | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
| Autopilot | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. | SecureBIO | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
| SecureBIO | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. | DRTM | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
| DRTM | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. |
## OEM Status on TPM 2.0 system availability and certified parts ## OEM Status on TPM 2.0 system availability and certified parts