Security News > 2021 > June > Windows 11 makes TPM Diagnostics tool its first optional feature
Windows 11 comes with a new optional feature called 'TPM Diagnostics' that allows administrators to query the data stored on a device's TPM security processor.
"TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices."
While Microsoft has received considerable pushback due to this new requirement, a new optional feature shows how serious they are about TPM security processors and their use on Windows 11.
Microsoft's investment in the use of TPM processors shows in a brand new Windows 11 command-line tool called "TPM Diagnostics" that allows administrators to query a TPM for stored information.
Exe tool allows access to much more significant information, including Windows Attestation Identity Keys, Endorsement Key certificates, others keys stored in the TPM, boot counters, information about what tasks are running, information about the TPM, and much more.
As I only have Windows 11 install in a virtual machine which does not have TPM capabilities, I tested the program by copying the files to a Windows 10 box that has a TPM 2.0 module installed.