Bitlocker Error Configuration change was requested to disable TPM

Bitlocker Error Configuration change was requested to disable TPM – I came across this issue while working with one of the customer. Basically they wanted to secure their Dell Latitude series laptops. They were specifically looking to encrypt the data so that even if the laptop is stolen, the data shouldn’t be accessible to others. Bitlocker is one of the best solution that one can recommend. Most of all BitLocker encrypts the hard drive(s) to protect the operating system from offline attacks. BitLocker provides the most protection when used with a Trusted Platform Module. Most of the computer manufacturers include TPM chip these days. If you do not have a TPM, you can still use BitLocker to encrypt the Windows operating system drive.

Bitlocker Error Configuration change was requested to disable TPM

So the customer decided to go with Bitlocker. While the Bitlocker encryption worked fine on most of the other laptops, an issue was seen with new Dell Latitude E7470 series laptop. The TPM was enabled in BIOS and the IT guy logged in to windows and tried to encrypt the drive. It failed and the computer rebooted, the error was :-

A configuration change was requested to disable the TPM.

Warning: Doing so might prevent security applications that rely on TPM from functioning as expected.

If you are experiencing the same error, you could try the below steps.

Manually turn off TPM chip – The first step is to turn off the TPM manually in the BIOS. Look for the option to Turn off the TPM chip in BIOS (usually present under Security).

Upgrade the BIOS – If the BIOS version is old, download the latest and stable version of BIOS from Dell support site. You could also download dell system detect software that automatically detects and downloads the BIOS to computer. Run the BIOS executable as administrator. The computer reboots and and you will see the BIOS firmware upgrade screen.

BIOS upgrade – Ensure the BIOS is updated successfully. This step is quick and shouldn’t take much time.

Enable the TPM and begin Bitlocker – Once the BIOS is updated to the latest version, the computer restarts. Before you encrypt the drive, enable the TPM in BIOS and then log in to windows OS and initiate Bitlocker process. That should fix the error.