This could be failing because of the issue reported on this article :
Windows 10 TPM 2.0 Client Authentication in TLS 1.2 with RSA PSS making trouble - Microsoft Q&A
If so, possible solutions are:
- Upgrade the TPM to a higher revision (if available)
- Disable the RSA-PSS signature algorithms on the client
- Use a certificate that does not use RSA signature algorithms
Are you using any security devices Proxy / FW .. that intercept SSL traffic?
If your organization uses proxy servers that intercept SSL traffic for scenarios like data loss prevention or Azure AD tenant restrictions, ensure that traffic to these URLs are excluded from TLS break-and-inspect.
- https://enterpriseregistration.windows.net
- https://login.microsoftonline.com
- https://device.login.microsoftonline.com
- https://autologon.microsoftazuread-sso.com (If you use or plan to use seamless SSO)
- Your organization's Security Token Service (STS) (For federated domains)
You can test the connectivity by using the test connectivity tool:
https://learn.microsoft.com/en-us/samples/azure-samples/testdeviceregconnectivity/testdeviceregconnectivity/
Additionally, this can influence Autopilot ties. So you can also try renaming the client machine in the Intune management portal and see what happens.
Another potential workaround is:
- Run the dsregcmd /leave command
- Rename the computer
- Reboot