Found the answer, assuming you have BitLocker up and running, make the changes:
To enable TPM & PIN at boot:
Using the Group Policy Editor (Start -> gpedit.msc and press Enter), go to :
Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives
and open the key
"Require additional authentication at startup"
Then enable that Key and set “
Configure TPM startup Pin:” to
"Require startup PIN with TPM"
To set the actual PIN use in a CMD prompt
manage-bde -protectors -add c: -TPMAndPIN
This will prompt you for a PIN which it then requires you to enter at Boot.