At the present time, MSIX is blocking access to TPM (for both Reading from TPM and Writing to TPM)
Examples why access to TPM is required:
1. If you were to package a browser using MSIX and then need to authenticate to a corporate Web Site or SaaS application with a Virtual SmartCard (VSC)or X.509 certificate that is stored on TPM, authentication fails as MSIX application cannot read from TPM.
2. If a corporation provides a Win32 application to assist user in obtaining a X.509 Certificate / Virtual SmartCard (VSC) and packages with MSIX .... then when the application reaches the point to Write the certificate to TPM.