If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.
Note If you want to require the use of a startup PIN and a USB flash drive, you must configure Bit Locker settings using the command-line tool manage-bde instead of the Bit Locker Drive Encryption setup wizard. Supported operations are Add, Get, Replace, and Delete.
System Drives Minimum PINLength This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup".
This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN.
When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.
If you enable this policy setting, users can configure advanced startup options in the Bit Locker setup wizard.
In this mode either a password or a USB drive is required for start-up.If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the Bit Locker recovery options to access the drive.On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data.This setting is applied when you turn on Bit Locker.Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.If you enable this setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually.