Bitlocker: Enable PIN on boot
If you want your system to require a PIN number in order to unlock a Bitlocker encrypted drive at boot time, you need to change one small GPO setting (assuming that you have Bitlocker already set up):
Start Group Policy editor by pressing Windows+R and entering the command ‘gpedit.msc’
Navigate to Local Computer Policy → Computer Configuration → Administrative Templates → Windows Components → Bitlocker Drive Encryption → Operating System Drives
Select the ‘Require additional authentication at startup’ option, and set it to ‘Enabled’. Then set ‘Configure TPM startup PIN’ to ‘Require startup PIN with TPM’
Now open CMD in elevated mode and enter the command to set the PIN
manage-bde -protectors -add c: -TPMAndPIN
This will prompt you for a PIN which You will enter at Boot time.