Windows 11 Now Enforces the Same System Requirements in Virtual Machines - Including TPM

[jagdtigger]

1 hour ago, StDragon said:

ensure VBS has little to no performance impact

One single function that no-one asked for nor needs it IRL.....

[thorhammerz]

3 hours ago, Beerzerker said:

MS is just trying to force their original "TPM Thing"

Your ire would be better directed at the various special interests pushing for hardware/software/biometrics integration, rather than Microsoft itself .

 

All they're doing is collecting their paycheck .

[LAwLz]

7 hours ago, Kisai said:

https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/

That's why.

 

That feature does not use the TPM.

@StDragon@Zodiark1593 @bmx6454

 

TPM is not required for that feature nor does a TPM in any way shape or for improve security of that feature. 

[Doobeedoo]

As for VM aside.

Still confused about 'outrage' about this remembering how so many were vocal to not upgrade to 10 or even basic updates yet for 11 it's like everyone needs it immediately huh. Then again those with older PCs no super reason to really need it and those with newer PCs and those buying a new one will get it with no hassle.

[jagdtigger]

10 minutes ago, Doobeedoo said:

yet for 11 it's like everyone needs it immediately huh

Because it locks out old but still very capable hw in just 4 years? And TPM is not a thing in desk PC's? (cant count on ftpm, you are at the mercy of the mobo manufacturer, not all of them exposing the option) Plus the mandatory MS account is just dumb....

[leadeater]

3 hours ago, Nacht said:

Guess they gonna enforce secure boot and uefi as well then, does any virtual machine even support it at this point ?, i have to set my network boot server to pxe every time instead of efi just to network boot on virtual machine lol

Yea, we UEFI PXE boot all our VMware machines for PXE install, both Windows and Linux. We also have a Key server so the TPM and disk encryption keys can be managed. This is all the stuff you really don't need in a small lab or at home though, it's quite an unnecessary amount of infrastructure to deploy and configure for only a few VMs.

[Stahlmann]

8 hours ago, TempestCatto said:

Linux is free...

As long as you don't value your own time.

For someone that never used anything other than windows is not just a "plug-and-play" kinda switch.

And there plenty people who i wouldn't trust to learn a new OS.

 

And here is the occasional reminder that W11 is not forced on you. If anyone doesn't like the changes then just keep on using W10. Most issues you have now will most likely be resolved by the time W10 support ends. Or maybe the next Windows version is already on the horizon by then.

 

And by saying that i'm not saying "everything Microsoft does is ok". If you hate W11, then don't switch to it.

 

If the adoption rate is abysmal due to their changes and reqirements, they will have to do something.

[Beerzerker]

3 hours ago, thorhammerz said:

Your ire would be better directed at the various special interests pushing for hardware/software/biometrics integration, rather than Microsoft itself .

 

All they're doing is collecting their paycheck .

And your response doesn't make it any less real - Paycheck or not.
Since you are probrably correct about the special interests involved, I'll admit that does bear weight but still doesn't absolve MS's own complicity to that end for these "Special Interest" organizations and it's still us that has to deal with it in the end.

[Doobeedoo]

7 minutes ago, jagdtigger said:

Because it locks out old but still very capable hw in just 4 years? And TPM is not a thing in desk PC's? (cant count on ftpm, you are at the mercy of the mobo manufacturer, not all of them exposing the option) Plus the mandatory MS account is just dumb....

Maybe, but still odd to see polarizing outcry with W10 upgrade/update and W11 upgrade now though. You can use offline local account.

[jagdtigger]

6 minutes ago, Doobeedoo said:

You can use offline local account.

AFAIK on home edition you cant....

[leadeater]

8 minutes ago, Doobeedoo said:

Maybe, but still odd to see polarizing outcry with W10 upgrade/update and W11 upgrade now though. You can use offline local account.

It's still going to be a pain because while you can install Windows 11 without a TPM, not upgrade, this change looks to mean you cannot do build/feature updates of Windows 11 so if you ever want to do updates that are not security updates then you have to do another manual clean install.

 

So it's not really a case of not being able to run Windows 11 in a VM it's just much more inconvenient now and that also applies to all unsupported hardware installs too.

 

Edit:

But yes with the absolute determination to not upgrade to Windows 10 it's very strange watching the literal opposite arguments this time. Reminds me of the South Park episode where Cartman buys a  failing theme park and won't let anyone in, so of course everyone wants in because they aren't allowed in lol.

[Doobeedoo]

Just now, leadeater said:

It's still going to be a pain because while you can install Windows 11 without a TPM, not upgrade, this change looks to mean you cannot do build/feature updates of Windows 11 so if you ever want to do updates that are not security updates then you have to do another manual clean install.

 

So it's not really a case of not being able to run Windows 11 in a VM it's just much more inconvenient now and that also applies to all unsupported hardware installs too.

True, though W10 will be supported for a while and will also get DirectStorage as 11 even though 11 will be better overall.

[leadeater]

Just now, Doobeedoo said:

True, though W10 will be supported for a while and will also get DirectStorage as 11 even though 11 will be better overall.

Yea, I'm happy to just sit back and see what the uptake numbers are and if that requires Microsoft to change their tune in any way. Also I doubt there are many Windows Home users running VMs so Hyper-V Windows Pro is going to work just fine for those wanting to run Windows 11 VMs, I don't use VMware Workstation etc actively so don't know if they have virtual TPM or not, you can bet for sure they will soon if they do not.

 

Also I think you'll enjoy my edit to my post above lol.

[lewdicrous]

10 hours ago, bcredeur97 said:

how long before MS goes full walled garden like apple? 

Without an integrated ecosystem, so more like a walled yard.

[jagdtigger]

13 minutes ago, leadeater said:

Yea, I'm happy to just sit back and see what the uptake numbers are and if that requires Microsoft to change their tune in any way.

I dont think they will change anything meaningfully. Their store and backend is pretty much dead  at this point but they just dont want to let go of it....

[leadeater]

Just now, jagdtigger said:

I dont think they will change anything meaningfully. Their store and backend is pretty much dead  at this point but they just dont want to let go of it....

Oh I don't expect any changes on that front, just the whole blocking Feature Upgrades on "Unsupported" installs. It's literally just a flag they can change and hey presto it's allowed again, I mean not that the most ahh "ethically" used edition of Windows 11 will be the embedded edition that is officially allowed to run on unsupported hardware. #NotAdvice, do with that information as you will.

[GoodBytes]

Microsoft is pushing password-less logins. Windows Hello, to be it's safest, needs TPM. It's your biometrics that it needs to keep safe.

 

VM can add TPM support. They just never did it as it wasn't a requirement. Just wait a bit, and you'll quickly see all have them.

[jagdtigger]

Making something mandatory for one optional feature is just plain stupidity....

[GoodBytes]

1 minute ago, jagdtigger said:

Making something mandatory for one optional feature is just plain stupidity....

It's not optional. Windows will have you setup Windows Hello method.

[leadeater]

1 minute ago, James Evens said:

How bad is a TPM for privacy? 

To be more specific can someone running in the VM identify the host by looking at the TPM?

VM's use a virtual TPM and is unique per VM, they don't have access to the TPM firmware or physical TPM if you have one. Most will only have firmware TPM btw.

[jagdtigger]

2 minutes ago, GoodBytes said:

It's not optional. Windows will have you setup Windows Hello method.

Shoving it down forcibly ppl's throat wont make it any less optional.... (Wont be needed in browser etc.....) If they really care about security make 2 FA mandatory, biometrics are overrated IMO.

[GoodBytes]

Just now, James Evens said:

How bad is a TPM for privacy? 

To be more specific can someone running in the VM identify the host by looking at the TPM?

Actually, TPM is great for privacy, can also be used to improve encryption of data. VM virtualization can be implemented. It was never actually been needed in the past. So only Hyper-V and vSphere support TPM at the moment

[GoodBytes]

1 minute ago, jagdtigger said:

Shoving it down forcibly ppl's throat wont make it any less optional.... (Wont be needed in browser etc.....)

Actually, Edge has a password manager built-in. 

https://blogs.windows.com/msedgedev/2016/04/12/a-world-without-passwords-windows-hello-in-microsoft-edge/

 

[StDragon]

2 hours ago, LAwLz said:

That feature does not use the TPM.

@StDragon@Zodiark1593 @bmx6454

 

TPM is not required for that feature nor does a TPM in any way shape or for improve security of that feature. 

 

10 minutes ago, GoodBytes said:

It's not optional. Windows will have you setup Windows Hello method.

 

Perhaps I'm conflating functionality here, but my understanding with Windows Hello is that leveraging TPM is optional whereas it's mandatory for Windows 11 to use it. Also, isn't biometric or a FIDO2 key (Yubico for example) technically "passwordless"?

[leadeater]

2 minutes ago, James Evens said:

Glade to know.

Still a shit move from Microsoft as home user don't profit at all from enforcing TPM for VMs. What's next HyperV requirement?

Well how many run VMs? If you have Windows Pro then you'll be unaffected as it supports Hyper-V with vTPM.