You can add a Virtual Trusted Platform Module (vTPM) to an existing virtual machine to provide enhanced security to the guest operating system. You must set up the KMS before you can add a vTPM.
You can enable a vTPM for virtual machines running on vSphere 6.7 and later. The VMware virtual TPM is compatible with TPM 2.0, and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts.
- Ensure your vSphere environment is configured for virtual machine encryption. See Set Up the Standard Key Provider.
- The guest OS you use must be either Windows Server 2016 (64 bit) or Windows 10 (64 bit).
- Verify that the virtual machine is turned off.
- The ESXi hosts running in your environment must be ESXi 6.7 or later.
- The virtual machine must use EFI firmware.
- Connect to vCenter Server by using the vSphere Client.
- Right-click the virtual machine in the inventory that you want to modify and select Edit Settings.
- In the Edit Settings dialog box, click Add New Device and select Trusted Platform Module.
- Click OK.
The virtual machine Summary tab now includes Virtual Trusted Platform Module in the VM Hardware pane.