Use a hardware security device

A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it cannot be used on other devices.

If you enable this policy setting, only devices with a usable TPM may provision Microsoft Passport for Work.

If you disable or do not configure this policy setting, the TPM is still preferred, but all devices may provision Microsoft Passport for Work using software if the TPM is non-functional or unavailable.

Supported on: At least Windows 10

Registry Hive	HKEY_LOCAL_MACHINE
Registry Path	SOFTWARE\Policies\Microsoft\PassportForWork
Value Name	RequireSecurityDevice
Value Type	REG_DWORD
Enabled Value	1
Disabled Value	0

passport.admx

Administrative Templates (Computers)

Control Panel
- Personalization
- Regional and Language Options
- User Accounts
  - Apply the default user logon picture to all users
- Allow Online Tips
- Settings Page Visibility
Network
Printers
Start Menu and Taskbar
System
Windows Components

Administrative Templates (Users)

Configuration Manager
- User State Management Client Side Extension
Control Panel
Desktop
Network
Shared Folders
- Allow DFS roots to be published
- Allow shared folders to be published
Start Menu and Taskbar
System
Windows Components
Enable auto-subscription