Windows Autopilot white-glove / self-deploy fails on Lenovo
Hello, I have a series of Lenovo Notebooks (ThinkBook 14 G2 ARE Laptop - Type 20VF) where Autopilot white-glove and self-deployment fail during enrollment of the AIK certificate with a http error 404. Here's the logfile: v2.0 TPM-Version:2.0 -Level:0-Revision:1.38-VendorID:'AMD '-Firmware:196650.5 AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8 CN=PRG-RN, O=Advanced Micro Devices, S=CA, L=Santa Clara, C=US, OU=Engineering https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Now I'm wondering whether this is one of the rare cases that https://oofhours.com/2019/07/09/tpm-attestation-what-can-possibly-go-wrong/ where the TPM has not been whitelisted by Microsoft (for whatever reason). Some more details about the TPM: C:\Windows\system32>tpmtool getdeviceinformation -TPM Present: True -TPM Version: 2.0 -TPM Manufacturer ID: AMD -TPM Manufacturer Full Name: AMD -TPM Manufacturer Version: 3.47.0.5 -PPI Version: 1.3 -Is Initialized: True -Ready For Storage: True -Ready For Attestation: True -Is Capable For Attestation: True -Clear Needed To Recover: False -Clear Possible: True -TPM Has Vulnerable Firmware: False -PCR7 Binding State: 2 -Maintenance Task Complete: True -TPM Spec Version: 1.38 -TPM Errata Date: Friday, March 02, 2018 -PC Client Version: 1.01 -Is Locked Out: False Since the same configuration works like a charm for other notebook models, I assume, the reason somewhere in the TPM and not the configuration in Intune. Does anybody have more details about TPM attestation and the background infrastructure?