Framework 13 Ryzen - Intune Compliance Issue (Pluton?)

After further debugging with both AMD and Microsoft, Microsoft has confirmed the issue is on the Windows end and they have escalated it internally to the relevant team. This means we don’t currently expect that any BIOS update will be needed to resolve Intune support. We don’t yet have feedback from Microsoft on the schedule on their end.


Alright, thank you @nrp!

Is there any news on this? As we have already commented on this thread this issue makes the AMD version of the Framework 13 (and the 16?) unusable in a business environment. At the very least it needs to be made very clear on the “Framework for Business” website that the AMD variant will not be functional if the customer employs Intune Compliance Policies for Encryption


Another user strobert linked me to this thread as we’re having similar issues with our own new AMD units:
AMD 13 & 16 - SecureBoot, CodeIntegrity & BitLocker erroneous reporting - Community Support - Framework Community

I’ve kicked off cases with our own MS contacts - will post to here if I unearth anything of substance.

We are still working with MSFT to get this resolved, but we do not have a resolution yet.
One thing that would be helpful for us at this point is to consolidate the different Microsoft case numbers.
If you are willing to do so, it would be helpful for us to get the case numbers through support. And mention in your subject:
Intune autopilot issue: Casenumber.

And mention to escalate this to Kieran.




Just noting two items here from trying to debug this:

Windows has an optional feature that you can install called tpmdiagnostics.exe

Which has some commands for attestation debug.

There is also a more advanced utility as part of the HLK, tpmutil.exe which has some more options, but some options look unsafe to use with attestation, (it looks like you can clear/reset/load attestation).

Switching from the Pluton TPM to the PSP firmware TPM is not something we want to enable at the moment, as it cannot be done seamlessly during the BIOS update process. We are going to track this with Microsoft.

is tpmutil.exe in reference to that earlier, if yes where do I find it, if not, how is that coming along so far? (I’d really prefer not using pluton)

@Kieran_Levin - cross posting from my other thread for visibility. I’ll message separately with case ref.

After some back and forth with our MS contacts and some support/diagnostic sessions - current opinion is that InTune IS in fact reading in the device status correctly, the fault is within InTune’s own reporting functions.

Latest I have right now is, and I quote:

“This is a Reporting issue from InTune end, this should be fixed by next InTune release.”

What I don’t have yet (I’m pressing for it) is a confirmation of that from the InTune engineering team, or visbility of it in the InTune development board.

Will update again as and when I get more.