We have a GPO which requires a TPM for BitLocker. PINs and USB keys are explicitly disallowed. Because of this and Windows to Go's requirement of a PIN, will domain joined WTG drives run into issues? My assumption is yes but I wanted to verify and see if anyone has any ideas on how to deal with this other than a separate OU for the WTG clients.

Hi Bryan,

Since Trusted Platform Module (TPM) isnt used for Windows To Go, Im afraid that you need to create a separate OU.

Trusted Platform Module (TPM) isnt used. When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.

Quote from: Differences between Windows To Go and a typical installation of Windows

More information:

Enable BitLocker protection for your Windows To Go drive

Hope this helps.