Our security guidelines require a TPM PIN to be set.
Under Security => I can set a Storage Password anda Master HDD Password but no TPM PIN.
Did I miss something?
Thanks
Andreas
On Windows you can enable this via a group policy. See https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/ for example.
1 Like
Thanks that what we did @fritzmg but I did not receive any popup in Windows asking for it.
So I thought this is a setting to be done in the UEFI - but it seems like I am wrong 
A bit strange though, isnt it? If you enable this after BitLocker has been activated, users have to console-do the whole thing? Hmmm
You’ll have to ask Microsoft 
But they will probably want you to pay them to ask the question. 
You don’t set a pin on the TPM itself, it’s by and large dumb.
What you usually do is use a pin to decrypt a blob of data using the TPM, hence Bitlocker being mentioned.
With Bitlocker, it defaults to an automatic decrypt mode, where it uses the TPM to validate a known, expected boot state, called measured boot.
You can add additional methods, or replace the automatic one, from the cmd line, and possibly by policy in Windows.