Microsoft has done a lot of improvements in Windows Server 2016 HYPER-V security. One of them is the ability to use virtual TPM in your Virtual Machines without need HYPER-V Host to has a physical TPM processor.
Read more for the new Windows Server 2016 HYPER-V security settings in Generation 2 virtual machine security settings for Hyper-V
As IT Pro you have realize that the trust when have to do with the Cloud (Public or Private) is a black hole and the biggest blocker in lot of scenarios.
With these improvements from Microsoft we can quarantee that nobody can access in our data of your Virtual Machines.
It doesn't matter if your Datacenter is on-premise or in the Cloud.
So let's start to explain how can do it.
- First of all we must select the Virtual Machine that you would like to encrypt from the HYPER-V Manager
- Click on Virtual Machine Settings
- Go on Security
- From the right side check the Enable Trusted Platform Module
- Click OK and that's it
- Start your Virtual Machine
- Go in Device Manager and you will see the Trusted Platform Module
- Now you are ready to encrypt the Virtual Machine
- Open Bitlocker
- Click Turn On Bitlocker
- Select what you want to do with the Recovery Key.Click Next
- Select how do you want to encrypt your disk. Click Next
- Select the method that you want to use.Click Next
- Click Start encrypting.
- Wait to finish the encryption.
Now you are sure that nobody can take your .vhdx disk in another HYPER-V to use it.
Of course you don't need to remember passwords to start the Virtual Machine as behave without TPM.