With TPM 1.2, Microsoft was able to clear the TPM during the SCCM Task Sequence without asking for permission to clear the TPM. With TPM 2.0, SCCM is unable to clear and activate the TPM chip during the deployment. The first time you boot your computer, you need to provide a BitLocker Recovery Key, or the tpm.msc console will tell you that the TPM is ready for use, with reduced functionality.
I found a script online that I’ve added to my GitHub to clear the TPM 2.0 chip during the deployment. You need to reboot the computer after running this script and it will give a UEFI pop-up during the deployment asking the user for permission to clear the TPM chip. (Physical Presence) I heart from a vendor that Microsoft is working on a workaround to disable the Physical Presence during the deployment. You could experiment with the “NoPPIclear” TPM setting to disable this physical presence feature next time you deploy a computer.
Your Task Sequence should look like this:
– Run the PowerShell script from the URL above
– Restart Computer (You will see the Physical Clearance prompt after the reboot)
– Enable BitLocker Task