I was first in line for a Framework 13 Ryzen machine and I tried Azure Active Directory Joining it but ran into some issues with it showing as non-compliant (attached). I know when the 6000-series AMD chips came out my company had issues and had to disable Pluton but there doesn’t appear to be an option to do that in the Framework BIOS.
Does anyone know if there are Pluton-specific policies that need to be pushed to allow those devices to join correctly? This is a “personal” machine that I want to use for work and I am able to talk with IT to update policies if necessary. From what I can tell, Microsoft hasn’t done a great job of documenting Pluton even though it’s been on the market for 18 months.
@Twistgibber It seems like other manufacturers are getting around this by letting Pluton be disabled in BIOS (and falling back to other TPM methodologies). I imagine this problem is only going to grow as Framework Ryzen machines get into the wild. Is there any ETA or roadmap for making this happen?
Thanks for the Logs.
I am looking for an easy way to replicate this issue without having to setup an intune / AAD environment to debug what is going on.
I tried running a few different commands to see if i can spot where any issues are.
MdmDiagnosticsTool.exe -area Tpm;DeviceProvisioning -cab tpmlogs.cab
Shows the certificates on device, and a test sign which looked successful.
I did see a mention from one blog that if an intermediate CA is not trusted it may cause an error like this, but it sounds like I need to trigger an attestation check to duplicate this error.