Microsoft signin issues - TPM

[HCHTech]

We have run into this 3 times in recent weeks, so I thought I would post to see if it was a wider issue. When installing a new computer and trying to sign into Outlook (desktop) for the first time, it doesn't work. Clearing any MS entries in credential manager didn't help. Resetting the MS password & 2FA didn't help. The error message mentions TPM malfunctioning, and booting into the BIOS and wiping TPM is what set things right. The next attempted login to Outlook worked right away. I don't know if this could have been done inside of the TPM.msc console or not, the techs that reported this didn't try that.

Odd that a fresh setup would have this problem. All of the boxes that had this problem were fresh setups, with 24H2 fully updated. They also were all the same brand of computer (Lenovo Tinys). I'm wondering if we should make clearing the TPM part of our pre-install setup now...

 

[Sky-Knight]

TPM enabled platforms leverage the TPM signature as part of the M365 sign-in and associated license check.

If it EVER works, the TPM token is registered to the account and future checks on failure will cause this issue.

Also, in addition to the above, if the DEVICE is denied access to M365 that's the error you get on the user front. Next time check Entra ID's device list and verify the machine you're on isn't disabled, various things can cause that computer account to be disabled and trigger this.