This series will show you all you need to know about TPM Attestation and Device Health
This blog will be the first of 3 and will be about the TPM provisioning part (which I briefly explained in another blog) when using devices WITH a firmware-based TPM (Intel, AMD or Qualcomm) and you need to perform a white glove. Please note the flow I am showing is PRE Intel Tiger Lake, the next one will show you the flow WITH Intel Tiger Lake. I decided to write these additional blogs because In my opinion there were still…
This blog will be about my experiences with Autopilot for pre-provisioned deployments (White Glove) and I will try to talk you through the whole process. You might ask, why did he write it? Some time ago I was troubleshooting the Autopilot white-glove deployments because there were a lot of issues with the TPM attestation part (0x80180014 and 0x800705b4), while troubleshooting I noticed some weird stuff (in my opinion) as I can’t find any official Microsoft documentation about it. I will…
Some time ago I wrote a blog about conditional access, the PRT, the “DeviceID” and the “iscompliant” attribute… That blog triggered me somehow, even more, to learn the whole “being compliant” process. While reading and learning the flows I decided to create a separate blog about the Device Health Attestation and this time with all strings attached.. I need to warn you, this blog will be a little bit more technical than I first wanted it to be but I…
This blog will be about an Autopilot White Gloved device that ended up in Intune but without an Azure Ad Join even while it showed us a nice green screen before sealing it! This blog is a work in progress so it will be updated daily!!!! I will divide this blog into multiple parts Introduction The Issue TRYING to solve it! Azure Ad and Intune Device certificate The Device Certificate and White Glove Back to the Issue Fixing it Manually…