I'm running Windows 10 10.0.19043.1237 on an MicroStar Z590-A PRO (MS-7D09) motherboard, where I recently installed a TPM. I can confirm that Bitlocker is running and providing full disk encryption, and that the recovery key is safely tucked away in Azure AD. Intune, however, is not recognizing that my device has a TPM installed, and it's causing compliance issues. When I look at the encryption monitoring report, it has this to say about my device:
TPM Version: Unknown
Encryption readiness: Not ready
Encryption status: Encrypted
Profile state summary: Succeeded
Status details: Succeeded
When I look up the compliance policy as it is applied to the device, it shows "Not Applicable" under "Require Bitlocker."
System Information in Windows 10 shows the following:
BIOS Version/Date: American Megatrends International, LLC 1.10, 4/9/2021
BIOS Mode: UEFI
Secure Boot State: On
PCR7 Configuration: Binding Not Possible
Device Encryption Support: Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected
In my BIOS, secure boot is enabled in Standard mode. The partition table is GPT.
The TPM was just installed yesterday, so the device in question was already enrolled in Intune, if that makes a difference. From what I can tell, my setup is correct, but Intune and Windows are both reporting problems with my TPM setup. Where should I look next? I installed the TPM as is, out of the box. Does it require further configuration?