Share via

TpmProtected : NO

Keith Chalmers 1 Reputation point
2020-06-29T07:17:23.413+00:00

Hi

I joined a Windows 10 laptop to our AAD tenant using Autopilot, Windows Hello for Business registration succeeded and everything is working fine. My question is this: why, when I query the device ds reg status, does it say TpmProtected : NO even though there is a TPM? Is there any way to troubleshoot/fix this?

Many thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,069 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,646 Reputation points
    2020-06-29T12:28:44.417+00:00

    @KeithChalmers-3234 Everything looks good in the information that you have shared and there is no known issue with these versions of Windows and TPM. I would suggest you to capture below logs and open a support ticket as this would require deeper level of debugging.

    1. Download the ngc_tracing_Public.zip diagnostics script files.
    2. Extract the two .cmd files.
    3. Open an admin command prompt, change directory to the path where files were extracted and run: start_ngc_tracing_public.cmd
    4. Sign-in with an Azure AD Account.
    5. Run stop_ngc_tracing_public.cmd to stop logging.
    6. Run dsregcmd /status as administrator and save the output to dsregcmdoutput.txt file.

    Zip the logs collected in %systemdrive%\TraceDJPP along with dsregcmdoutput.txt file and attach with the support ticket.

    1 person found this answer helpful.
    0 comments
  2. AmanpreetSingh-MSFT 56,646 Reputation points
    2020-06-29T09:50:39.88+00:00

    @KeithChalmers-3234

    TpmProtected is set to YES if the Device private key is stored in the Hardware TPM which happens automatically if the TPM is detected on the computer. Could you please share below information to identify the issue:

    1. Version of your Windows 10 OS.
    2. Version of the TPM that you can find under Device manager > Security Devices.
    3. Output of the command: wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get * /format:textvaluelist.xsl
    4. Screenshot of the TPM console. To open TPM Console, use tpm.msc command.
    5. Check whether TPM is enabled in the system BIOS or not.

    Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

    0 comments
  3. Keith Chalmers 1 Reputation point
    2020-06-29T11:45:34.127+00:00

    Thanks.

    Version of your Windows 10 OS.
    Windows 10 Education 64-bit 1909 (18363.900)

    Version of the TPM that you can find under Device manager > Security Devices.
    Specification version: 2.0

    Output of the command: wmic /namespace:\root\cimv2\security\microsofttpm path win32_tpm get * /format:textvaluelist.xsl
    IsActivated_InitialValue=TRUE
    IsEnabled_InitialValue=TRUE
    IsOwned_InitialValue=TRUE
    ManufacturerId=1229346816
    ManufacturerIdTxt=IFX
    ManufacturerVersion=7.63.3353.0
    ManufacturerVersionFull20=7.63.13.6400
    ManufacturerVersionInfo=SLB9670
    PhysicalPresenceVersionInfo=1.3
    SpecVersion=2.0, 0, 1.16

    Screenshot of the TPM console. To open TPM Console, use tpm.msc command.

    10872-capture.png

    Check whether TPM is enabled in the system BIOS or not.
    Yes, it is.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.