For authentication at endpoints without TPM security hardware, a passphrase can be used.

Users have to enter this passphrase in the Windows pre-boot environment every time the computer starts.

Passphrase protection requires Windows 8.0 or later and the GPO settings of the system must allow the passphrase mode.

If all conditions are met, the passphrase setting dialog will be displayed and the user is prompted to define a passphrase of 8-100 characters in length. The user can click Restart and Encrypt to immediately reboot the computer and start encryption.