The Hyper-V server is Server 2012 R2.
The guest in Server 2016 and there is no TPM available.
I enabled the gpedit.msc setting on the guest VM to allow Bitlocker without TPM, but the Bitlocker GUI in control panel still isn't available.
I know this will require a Bitlocker password to be manually entered at every reboot of the VM since there is no TPM, but I don't care because this is going to be a VM that is rarely running since it is an offline root CA. We won't ever RDP into it because the network will not be enabled.
To secure it from being started without authorization and to prevent access to the virtual drive contents while it's powered off, we want to encrypt the VM with Bitlocker and require a startup password as an alternative to moving it off the host and storing it on a separate drive in a safe.