Turn on BitLocker Encryption without TPM
(Active Directory - Group Policy)
Step 1: You can verify the TPM status by running the following command tpm.msc
Step 2: Go to Active Directory Group Policy.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
Under Right Pane, double click Require additional authentication at startup.
Under settings page of the policy, Enable the policy by click on Enabled Radio Button.
Check the box “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)”.
Step 3: Save the BitLocker recovery information in AD DS.
Step 4: GP Update
gpupdate /force