Use a hardware security device

A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it cannot be used on other devices.

If you enable this policy setting, only devices with a usable TPM may provision Microsoft Passport for Work.

If you disable or do not configure this policy setting, the TPM is still preferred, but all devices may provision Microsoft Passport for Work using software if the TPM is non-functional or unavailable.

Supported on: At least Windows 10

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\PassportForWork
Value NameRequireSecurityDevice
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

passport.admx

Administrative Templates (Computers)

Administrative Templates (Users)