To enable or disable vTPM for Hyper-V VMs, admins can use the Enable-VMTPM and Disable-VMTPM PowerShell cmdlet...
Trusted Platform Module (TPM) is a security feature in which data is encrypted through Windows BitLocker. BitLocker also makes sure that if you run the encrypted VM in someone else's Hyper-V environment, only you can access the data.
Starting with Windows Server 2016, you have the ability to enable virtual TPM (vTPM) for Hyper-V VMs. You can use the vTPM feature for VMs even if the underlying hardware doesn't have a TPM chip. However, vTPM requires a Generation 2 VM running Windows Server 2012 R2, Windows Server 2016 or a Linux OS that can understand BitLocker drive encryption mechanisms.
Check vTPM status
To see if a Hyper-V VM has vTPM enabled, run the Get-VMSecurity <VMName> PowerShell command. If the VM has vTPM enabled, the output will show TPMEnabled:True. Otherwise, you'll see False after the TPMEnabled line in the output.
To enable vTPM for Hyper-V VMs, open a PowerShell window on the Hyper-V host and run Enable-VMTPM -VMName SQLVM. This command enables TPM support for SQLVM.
Improve host security with Shielded VMs
Windows Server 2016 Hyper-V comes with a new security feature: VM shielding. Learn about the advantages of VM shielding and how it works.
Once you have enabled vTPM support for the VM, you'll be required to install the BitLocker feature and start encrypting the VM drives.
Verify vTPM was enabled
If you want to verify that vTPM was enabled, you can either run the Get-VMSecurity PowerShell command to see if the TPMEnabled property shows True, or start the VM, open the Device Manager on the VM OS, expand the Security Devices node and look for the Trusted Platform Module 2.0 device entry. If Trusted Platform Module 2.0 is present, that means the VM is configured with vTPM support.
Disabling vTPM for a VM is easy; you just need to use the Disable-VMTPM PowerShell command followed by the VM name. For example, to disable vTPM support for a VM named SQLVM, use the Disable-VMTPM -VMName SQLVM PowerShell command.
Note that Windows Server 2016 Hyper-V provides new security features, including Guarded Fabric and Shielded VMs that have the TPM feature built-in. If you aren't using Guarded Fabric and Shielded VMs in your environment, you have to manually enable vTPM for VMs to ensure your data is secure.
Dig Deeper on Microsoft Hyper-V management
Related Q&A from Nirmal Sharma
Use System Center Virtual Machine Manager and PowerShell to make logical network management easy. Execute a script to display network virtualization ... Continue Reading
Hyper-V replication is easy to use, but there are a number of steps you should take during Hyper-V replication setup to ensure you stay abreast of ... Continue Reading
Manage Hyper-V clusters more easily with PowerShell cmdlets and scripts that automate the retrieval and display of node information, including node ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.