Windows 11 setup often halts on Hyper-V virtual machines with the message “This PC can’t run Windows 11,” even when the underlying hardware supports TPM. This occurs because Windows 11 requires a virtualized Trusted Platform Module (TPM) and other specific VM settings, which are not enabled by default in Hyper-V guest configurations. Adjusting these settings ensures the virtual machine meets Microsoft’s requirements and allows Windows 11 installation to proceed without errors.

Enabling Virtual TPM and Secure Boot in Hyper-V Manager

Step 1: Open Hyper-V Manager from the Windows Start menu. This application provides a graphical interface for managing virtual machines and their configurations.

Step 2: In the list of virtual machines, select the VM you plan to use for Windows 11. Right-click the VM and choose Settings. The VM must be turned off before you can change security settings.

Step 3: In the settings window’s left pane, click Security. In the right pane, ensure Enable Secure Boot is checked. For Windows 11, the Secure Boot template should be set to Microsoft Windows.

Step 4: Still in the Security section, find the Encryption Support area. Check the box labeled Enable Trusted Platform Module. This adds a virtual TPM 2.0 chip to the VM, allowing Windows 11 setup to recognize the required security hardware.

Step 5: Click Apply and then OK to save changes. Start the VM and begin the Windows 11 installation process. The setup should now proceed without the hardware requirements error.

Verifying Additional Windows 11 System Requirements

Windows 11 requires more than just TPM and Secure Boot. If the installation still fails, check these VM settings:

  • Generation 2 VM: Only Generation 2 VMs support UEFI, Secure Boot, and TPM. Generation 1 VMs are incompatible with Windows 11 requirements.
  • Processor Count: Assign at least 2 virtual processors. Windows 11 will not install on a VM with only one vCPU.
  • Memory: Set a minimum of 4096 MB (4 GB) RAM. If using dynamic memory, the minimum must be at least 2048 MB, but the maximum should be set to 4096 MB or higher.
  • Boot Order: Ensure the virtual DVD drive containing the Windows 11 ISO is first in the boot order.

To adjust processor and memory settings, return to the VM’s Settings window, select Processor and Memory, and update the values as needed.

Configuring Virtual TPM Using PowerShell

Automating VM creation and configuration via PowerShell is useful for scripting deployments or advanced setups. The following script creates a Generation 2 VM with required settings for Windows 11, including TPM and Secure Boot:


$VMName = "Win11VM"
$SwitchName = "YourVirtualSwitch"
$ISOFile = "C:\Path\To\Windows11.iso"
$VMPath = "C:\VMs\$VMName"
New-VM -Name $VMName -Generation 2 -MemoryStartupBytes 4096MB -SwitchName $SwitchName -Path $VMPath -NewVHDPath "$VMPath\virtualdisk\VHD.vhdx" -NewVHDSizeBytes 127000MB
Set-VM -Name $VMName -ProcessorCount 2
Add-VMDvdDrive -VMName $VMName -Path $ISOFile
$DVDDrive = Get-VMDvdDrive -VMName $VMName
Set-VMFirmware -BootOrder $DVDDrive -VMName $VMName
Set-VMKeyProtector -VMName $VMName -NewLocalKeyProtector
Enable-VMTPM -VMName $VMName

This script sets up a Generation 2 VM, assigns 4 GB RAM, 2 CPUs, attaches the Windows 11 ISO, sets boot order, and enables a virtual TPM. Adjust the variables as needed for your environment. After running the script, start the VM and proceed with installation.

Troubleshooting Common Issues

Some users encounter errors even after enabling TPM and Secure Boot. Typical causes include:

  • Attempting to use a Generation 1 VM instead of Generation 2.
  • Using an ISO that is modified or not officially obtained from Microsoft, resulting in signature or hash errors. Always use a clean, official ISO.
  • Insufficient virtual CPUs or RAM assigned to the VM.
  • Host TPM disabled in BIOS or missing entirely, which can prevent the option to add a virtual TPM in guest settings.
  • Secure Boot template mismatch—ensure “Microsoft Windows” is selected for Windows 11 installations.

If the option to enable TPM does not appear in the VM settings, check your host system for a physical TPM and verify it is enabled in the BIOS/UEFI firmware. On older Hyper-V hosts, you may need to enable “Isolated User Mode” via PowerShell:


Enable-WindowsOptionalFeature -Feature IsolatedUserMode -Online

Restart the host after making these changes, then revisit the VM’s settings.

Additional Security Options

For advanced scenarios, Hyper-V offers features such as Shielded VMs, which further restrict access to the VM and encrypt state and migration data. Enabling shielding automatically selects Secure Boot and TPM, but is generally used in enterprise environments with Host Guardian Service configured. For most standalone or testing use cases, enabling TPM and Secure Boot is sufficient.

Configuring TPM and Secure Boot in Hyper-V resolves the majority of Windows 11 installation errors in virtual machines. Double-check VM generation, processor count, and memory allocation for a smooth setup experience.