Windows Autopilot white-glove / self-deploy fails on Lenovo

Hello,

I have a series of Lenovo Notebooks (ThinkBook 14 G2 ARE Laptop - Type 20VF) where Autopilot white-glove and self-deployment fail during enrollment of the AIK certificate with a http error 404.

Here's the logfile:

v2.0
TPM-Version:2.0 -Level:0-Revision:1.38-VendorID:'AMD '-Firmware:196650.5
AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8
CN=PRG-RN, O=Advanced Micro Devices, S=CA, L=Santa Clara, C=US, OU=Engineering
https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found

Now I'm wondering whether this is one of the rare cases that https://oofhours.com/2019/07/09/tpm-attestation-what-can-possibly-go-wrong/ where the TPM has not been whitelisted by Microsoft (for whatever reason).

Some more details about the TPM:

C:\Windows\system32>tpmtool getdeviceinformation
-TPM Present: True
-TPM Version: 2.0
-TPM Manufacturer ID: AMD
-TPM Manufacturer Full Name: AMD
-TPM Manufacturer Version: 3.47.0.5
-PPI Version: 1.3
-Is Initialized: True
-Ready For Storage: True
-Ready For Attestation: True
-Is Capable For Attestation: True
-Clear Needed To Recover: False
-Clear Possible: True
-TPM Has Vulnerable Firmware: False
-PCR7 Binding State: 2
-Maintenance Task Complete: True
-TPM Spec Version: 1.38
-TPM Errata Date: Friday, March 02, 2018
-PC Client Version: 1.01
-Is Locked Out: False

Since the same configuration works like a charm for other notebook models, I assume, the reason somewhere in the TPM and not the configuration in Intune.

Does anybody have more details about TPM attestation and the background infrastructure?