This blog is about a TPM attestation issue on a Lenovo Carbon X1 Gen 13 device that caused Autopilot pre-provisioning to fail with error code 0x81039001. The TPM attestation failure wasn’t your typical timeout or missing EKCert, something else was going on under the hood. Shall we dive in?

In this blog we will do a deep dive into how Microsoft is reintroducing quality updates during OOBE, this time with more control for IT admins. We’ll explore how update deferrals work, what’s changing with Autopilot and AP-DP, and the technical flow behind it.

This blog is a deep dive into the mystery of failing TPM attestation during Windows Autopilot (0x80070490) on Dell Latitude devices (with an STM TPM), how Microsoft seems to have increased  TPM security on 24h2, and what you can (or can’t) do about it.