Use a hardware security device

A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it cannot be used on other devices.

If you enable this policy setting, only devices with a usable TPM may provision Microsoft Passport for Work.

If you disable or do not configure this policy setting, the TPM is still preferred, but all devices may provision Microsoft Passport for Work using software if the TPM is non-functional or unavailable.

Supported on: At least Windows 10 Server or Windows 10
Registry PathSOFTWARE\Policies\Microsoft\PassportForWork
Value NameRequireSecurityDevice
Enabled Value1
Disabled Value0


Administrative Templates (Computers)

Administrative Templates (Users)