Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

Select:

Require additional authentication at startup

Choose the following options:

Configure TPM startup:             Do not allow TPM
Configure TPM startup PIN:         Do not allow startup PIN TPM
Configure TPM startup key:         Require startup key with TPM
Configure TPM startup key and PIN: Do not allow startup key and PIN with TPM

Encrypt the drive

At this point, you should be able to go to

Control Panel > BitLocker Drive Encryption

and use the wizard. (If you have setup your Group Policy settings wrong, when you try to encrypt the drive, you will get a message in the encryption dialogue box saying that your Group Policy settings are in conflict, and you need to change them.) Otherwise, you should be able to save a startup key (or, in your case, enter a startup PIN) and continue with drive encryption.

Limitations

When I first started researching this, my goal was to use a startup key exclusively, without using the TPM at all. The Microsoft documentation was pretty clear from the start, that to do that, you must use the command line tools. The Control Panel wizard will not do what you want. (While I am very much at home on the command line, Windows OS drive encryption is new territory for me. I wanted to stay on a well-traveled road.) The method above lays out how to use the TPM + startup key. You should be able to modify this slightly for your own needs, using the TPM + startup PIN.