Ever since Microsoft announced Windows 11 almost four years ago, there has been significant controversy on a fairly regular basis about stringent hardware requirements that need to be met in order to legitimately run the operating system. A major concern revolved around the fact that Windows 11 mandates TPM 2.0, something that is not present in older processors, rendering otherwise perfectly fine PCs obsolete.
For those unaware, TPM is an abbreviation for Trusted Platform Module. It isn't something that was invented alongside Windows 11; in fact, it's first version dates back to 2003. TPM 2.0 is a security processor that is responsible for the secure storage of sensitive data like cryptographic keys and passwords, along with verification that a system hasn't been tampered with during the Secure Boot process, disk encryption through BitLocker keys, and security in Windows Hello. Most modern PCs have TPM 2.0 installed and enabled by default, but there are millions of older pieces of hardware out there that either have it disabled or don't host the security component at all.
In the past few years, Microsoft has been regularly convincing customers that TPM 2.0 is essential for them. This involves publishing blog posts about TPM 2.0 being the security forefront of its latest OS, its next-gen security protections, and how customers can utilize it to secure their PCs. In the past few months alone, the company has talked about TPM 2.0 being a non-negotiable requirement in Windows 11 and penned multiple guides explaining the benefits of the technology.
Of course, the reason it's doing all of this is to convince Windows 10 remainers to upgrade to Windows 11 before end of life (EoL) on October 14, 2025. But Microsoft doesn't seem to understand a major problem in this strategy: the average Windows user just doesn't care about TPM 2.0. These blog posts that are intended to educate customers that TPM 2.0, and by extension, Windows 11, are a must-have are falling on deaf ears.
When an average person purchased a Windows 10 PC years ago, they did not ask the retailer if the hardware also included TPM. The customer may care about Windows Hello in their potential purchase, they don't care about how it's more secure through TPM 2.0. This technology, while useful, doesn't matter to your regular home user. Most people don't utilize or even know about BitLocker encryption, in fact, they'd probably be more concerned about the performance hit that could result from disk encryption.
It's also important to understand that most Windows customers interact with their PC and installed software through a graphical user interface (GUI). TPM 2.0, on the other hand, offers a legacy UI through tpm.msc, which means that there's a steep learning curve for anyone who even discovers this interface. The lack of modernization and interactivity also results in no real-time insights for users about how their PC is being protected from external threats.
The common Windows 11 user assumes that the operating system's security is built-in, and as long as they have a secure password that allows them to login to their PC and use it, they should be fine.
The fact of the matter is that TPM 2.0 is a highly technical implementation that is fairly invisible and works in the background. This is completely fine and should be how security processes operate, so that they don't interrupt workflows until something critical happens. But this also means that only highly tech-savvy people, such as enterprise IT admins or government customers will really understand what TPM 2.0 brings to the table and make informed decisions about it. You can't expect the regular Windows 11 user to ever understand what TPM 2.0 truly does or how important it is for them, just by publishing blog posts on the topic.
Instead, I would argue that Microsoft's time would be better spent convincing users to upgrade to Windows 11 by boasting about actually tangible benefits. This includes snappier performance, compatibility with all their existing software, enhanced workflows, battery life improvements, prettier UIs, and more. The company has been pretty lackluster in this department, which is also why it hasn't been able to convince me to upgrade to Windows 11 as my sole daily driver, even though I think I am slightly more technical and informed than the regular Windows 10 user.
The problem with TPM 2.0 is that it has its benefits, but it's not the "killer feature" that Microsoft has been touting it to be for the past four years. The phrases "tamper-resistant" and "data encrypted at rest" are just fancy buzzwords to your average Windows customer rather than must-have capabilities. That doesn't mean that TPM 2.0 isn't useful, it's probably crucial in governments and critical enterprise environments, it's just not something that an average person would know about. Heck, even in the aforementioned environments, only IT admins and cybersecurity professionals would be aware of its utilization and benefits.
That's fine, TPM 2.0 is meant to be invisible. But that also means that Microsoft's efforts to convince regular users to update their hardware to be TPM 2.0- and Windows 11-compliant won't really yield significant results. This failure in getting almost half of the Windows user base to upgrade to Windows 11 even four years after the operating system's launch is proof of that, and probably why it has decided to decided to extend the life of its previous OS by a year for free (kind of).
source
