The specific use case for a vTPM on vSphere is to support Windows 10 and 2016 security features. The HTML5 UI is designed with this in mind. Enablement of VBS does not require a vTPM.

Enablement of vTPM for any VM other than Windows 10 and 2016 is done via API. More on that in the future.

Let’s get a question I get asked about out of the way up front.

“Does this mean I can run Bitlocker on a Windows VM now?!”

Well, technically, all the parts are now there to run Bitlocker but I have to ask “Why??”. Remember, in order to enable vTPM you have to already have VM Encryption!

This means you already have a virtual machine encryption solution that’s easy to manage and works for every virtual machine that’s supported on vSphere, regardless of the guest operating system. Not to mention, you don’t have to manage the encryption “in guest” which lowers your overall workload significantly. #NoSecuritySnowflakes