In this blog we will do a deep dive into how Microsoft is reintroducing quality updates during OOBE, this time with more control for IT admins. We’ll explore how update deferrals work, what’s changing with Autopilot and AP-DP, and the technical flow behind it.

This blog is a deep dive into the mystery of failing TPM attestation during Windows Autopilot (0x80070490) on Dell Latitude devices (with an STM TPM), how Microsoft seems to have increased  TPM security on 24h2, and what you can (or can’t) do about it.