Sorry, what I meant was: I like to encrypt all my devices for my security/privacy in the unlikely event that they're lost or stolen. I was thinking that perhaps enabling TPM would then let me use Bitlocker with a password option as I'm accustomed to. Or I could just use Bitlocker as I've already set it up, with an enhanced PIN. I don't much care about the TPM either way, except to the extent that it might affect my Bitlocker options.
OK, let me try to answer this way in keeping things simple (and assuming the drives were not encrypted before the new build).
You can only enable/setup BitLocker when the OS is up and running. And if you choose enable BitLocker on an OS drive, there is no pin or password option, only a 48-digit key option in which you have to option to save to your Microsoft account, or anywhere else except the drive being encrypted. That once the OS drive is encrypted the key will be embedded in the BIOS so whenever the OS is restarted the drive will unlock automatically - no need to supply a key.
However, if you do a BIOS update or make certain hardware changes, BitLocker may (will) ask for your key to insure you're the owner and that the changes weren't some attempt to backdoor it. For this reason, it's a good idea to have your keys available during any BIOS updates or hardware changes.
With Non-OS drives, you can choose to
use a password or pin to unlock the drive when setting up BitLocker instead of an also supplied 48-digit key. When encrypting a non-OS drive, you'll have the option to allow the PC to automatically unlock those drives when the PC boots, or be required to provide the password each time the system boots. (I'd suggest auto unlock, but that's me).
This tutorial will show you how to turn on BitLocker to encrypt a fixed data drive in Windows 11. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately...
www.elevenforum.com
Transfer of already BitLockered drives:
For the OS drive (in keeping things simple) transfer to a new system requires BitLocker to be removed as the 48-digit key is married to the board/TPM chip the drive was encrypted one. For non-OS drives using BitLocker, you can move them around since they aren't married to the system they were encrypted on. Here you'll just need your password (or key) to unlock the drive on the new system.
So, if the drives were encrypted (BitLocker) before being moved to a new system, that's one thing as explained. If the drives are going to be encrypted "after" the OS is installed that's another thing.
Also, though there is a procedure to BitLocker drives with put TPM, it would be a lot simpler to just enable TPM and follow the BitLocker procedure once the app is started. However, as stated (FYI), enabling TPM does NOT require BitLocker.
Hope this helps/clarifies :)
Using Your PIN or Password
docs.microsoft.com
Learn more about BitLocker by reviewing the frequently asked questions.
docs.microsoft.com
