Forum Discussion

josvds's avatar
josvds
Brass Contributor
Jan 18, 2023

Intune compliance issues Windows 11 22H2

We have unboxed several new "HP ProBook 450 G9" devices and connected them to MDM with AutoPilot. We installed these devices and they should be marked compliant based on the settings we have applied ...
Intune
mobile device management (mdm)
DrokzIT's avatar
DrokzIT
Copper Contributor
Feb 02, 2023

just installed on HP 445 and 455 G9 notebooks Windows 11 22H2, getting the same error. After installing the February preview update at least the BitLocker state could be read from the TPM chip and I got my devices connected to the Microsoft365 services, but still saying not compliant. So the February update of 11 22h2 changes something. But still not compliant.

edit: and yes, nuvoton tpm with 7.2.3.0

Rudy_Ooms_MVP's avatar
Rudy_Ooms_MVP
MVP
Feb 02, 2023

I guess I know where the problem lies... Its mentioning stuff about the intermediate cert... and looking at the nuvoton.... it doesn't have one? it chains right up to the root one... just wondering but does this give you the aik cert?
certreq -enrollaik -config “”

 

Also ... yeah that feb update is going resolve the tpm AMD attesttion issues.. as they were having issues with the chain of attestation and the intermediate cert... ow wait... sounds familiar right? 

  • buckbaggen's avatar
    buckbaggen
    Brass Contributor
    Feb 02, 2023
    Sorry for the long wait... But a few notebooks are compliant, without any change or whatever... All other notebooks i have reinstalled with the same image as before and they are also compliant now...

    Nothing changed with the image, nothing changed with the steps i preform during install and nothing changed in our Intune/Autopilot envoirment..

    So i'm realy confused but happy that they are all compliant now....
    • SK1's avatar
      SK1
      Copper Contributor
      Feb 03, 2023
      We don't seem to be seeing the issue any longer either. Same physical batch of hardware but the current devices being deployed were pre-provisioned more recently. I suspect if these devices are left on the green screen for long enough whilst connected to the internet they could receive updates and therefore resolve the issue in the background...that or MS have deployed a fix ? Not convinced this has completely gone away though. Also TPM on the HP 1040 is IFX
    • Rudy_Ooms_MVP's avatar
      Rudy_Ooms_MVP
      MVP
      Feb 02, 2023
      Mmm thats odd... and that tpm task can be executed successfully now?
      • buckbaggen's avatar
        buckbaggen
        Brass Contributor
        Feb 03, 2023
        Hi, i have tested the task on 3 devices. 2 out of 3 fails, but when i open the companyportal he says: can acces company resources, checked les then a minute ago....

        on my own notebook, what i'm using several months without problems, the task also fails.