diff --git a/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md b/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md
index 4b70d3b..a0e83ce 100644
--- a/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md	
+++ b/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md	
@@ -9,4 +9,5 @@ Choose drive encryption method and cipher strength (Windows 10 [Version 1511] an
 ## Operating System Drives
 
 - Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
-- Allow enhanced PINs for startup -> Enabled.
\ No newline at end of file
+- Allow enhanced PINs for startup -> Enabled.
+- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,7,11
\ No newline at end of file