Windows 11 VM Support in vSphere - Clarifying Trust Authority vs. TPM Requirements
search cancel

Windows 11 VM Support in vSphere - Clarifying Trust Authority vs. TPM Requirements

book

Article ID: 380330

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Users attempting to deploy Windows 11 virtual machines in vSphere environments may incorrectly attempt to configure vSphere Trust Authority, believing it to be a requirement for Windows 11 VM support. This misunderstanding can lead to unnecessary complexity and configuration errors.

Environment

- VMware vSphere 8.0 and later
- Windows 11 virtual machines
- vCenter Server

Users may encounter the following:
- Attempting to configure vSphere Trust Authority for Windows 11 VM deployment
- Confusion about TPM requirements for Windows 11 VMs
- Unnecessary complexity in VM deployment process

Cause

This issue typically occurs due to:
1. Misinterpretation of Windows 11 TPM requirements in vSphere environments
2. Search engine results incorrectly directing users to Trust Authority documentation when searching for Windows 11 VM support
3. Confusion between vSphere Trust Authority (a security feature for hardware Key Management Systems) and Virtual TPM requirements for Windows 11

Resolution

What You Actually Need for Windows 11 VMs
To support Windows 11 VMs in vSphere, you only need:

  1. A vSphere Native Key Provider configured on vCenter Server
    • Alternatively, a hardware Key Management Server (KMS) can be used
  2. Virtual TPM devices added to Windows 11 VMs

Resolution

Additional Information

Understanding vSphere Trust Authority

vSphere Trust Authority is NOT required for Windows 11 VM support. It serves a different purpose:

  • It enables one vCenter Server site to use another as a proxy for a hardware Key Management System
  • It's designed for specific security requirements in large enterprises
  • It requires:
    • A hardware KMS
    • A second vCenter site to act as the Trust Authority
    • Complex configuration and maintenance

When to Use Each Feature

  • For standard Windows 11 VM deployment: Use vSphere Native Key Provider + Virtual TPM
  • For hardware KMS security proxy requirements: Use vSphere Trust Authority
    See: vSphere Trust Authority for details