Forum Discussion

Aguinaco's avatar
Aguinaco
Copper Contributor
Jun 17, 2024

¿fTPM is supported in self deploying autopilot profiles?

Hi,

someone has experience enrolling shared pc's in intune via self-deploying profiles with AMD fTPM? I need to deploy this type of machine and as far as i know TPM 2.0 and TPM attestation support is necessary. Today I´ve learned what is fTPM and have been searching for information about this related with Intune but with inconclusive results.

After reading the forums some people say it has worked for them, others don’t. 

The only "official" documentation I have found for Intune says that it is a known issue (Windows Autopilot known issues | Microsoft Learn)

"TPM attestation isn't working on AMD platforms with ASP fTPM.
TPM attestation for AMD platforms with ASP firmware TPM might fail with error code 0x80070490 on Windows systems. This issue is resolved on later versions of AMD firmware. Consult with device manufacturers and firmware release notes for which firmware versions contain the update"

But nothing about versions, computer models...

Does anyone have more precise information that could help me other than consulting the manufacturer about every device? In our case, we would use both new and recycled equipment, and I would like to have a clearer picture of this.

Thank you in advance

  • Attestation is required for self deploying or pre-provisioning. The difficult part is, that a lot of vendors are continuously improving their security in the tpm and also how the required certificate needs to be fethed. Its really difficult to tell which of the tpms /vendors will be working.. as it also depends on the firmware a lot :(.. so most of the time its trial and error until you got yourself some good hardware series you could use
  • Attestation is required for self deploying or pre-provisioning. The difficult part is, that a lot of vendors are continuously improving their security in the tpm and also how the required certificate needs to be fethed. Its really difficult to tell which of the tpms /vendors will be working.. as it also depends on the firmware a lot :(.. so most of the time its trial and error until you got yourself some good hardware series you could use
    • Aguinaco's avatar
      Aguinaco
      Copper Contributor

      Hi Sir,

      it was what I suspected, in any case thank you very much for your answer and confirm it to me. Your opinion is always very appreciated.

      regards

Resources