• After enabling the Native Key Provider (NKP) on the vCenter Server Appliance, ESXi hosts have an alarm on them that says "Host Requires Encryption Mode Enabled".
• When hosts with TPM are added to a cluster containing non-TPM enabled hosts, an alarm is reported on the non-TPM enabled hosts, stating "Host Requires Encryption Mode Enabled".

VMware vCenter Server 7.x - 8.x
VMware vSphere ESXi 7.x - 8.x

There are several approaches to resolve this issue:

If the TPM is enabled on the host and encryption is required to be enabled - 

1. Enable the ESXi encryption mode by selecting the ESXi host, Configure and then Security Profile.
2. Under the Host Encryption Mode, click the Edit button and then change the mode to Enabled and click the OK button.

If encryption and TPM functionality is not required - 

1. Log in to the vSphere Client.
2. Navigate to the vCenter Server object in the inventory.
3. Go to Configure > Alarm Definitions.
4. In the filter field next to "Alarm Name", enter "encryption".
5. Select the radio button next to "Host Requires Encryption Mode Enabled Alarm".
6. Click the EDIT control.
7. In the alarm configuration dialogue, click NEXT until you reach the "Review" screen.
8. Find the "Disable this alarm" option and select it.
9. Click SAVE to apply the changes.

After applying any of these solutions, monitor the vSphere UI for 24 hours to confirm that the alarm is no longer triggered.