How To Fix Trusted Platform Module Has Malfunctioned

When an Microsoft 365 app fail to activate, it could provide the error “Your computer’s Trusted Platform Module has malfunctioned.”

It can include completely different codes like 80090016, 80090030, 80284001, and so forth. All particular person error codes symbolize numerous causes and might have completely different options.

In common, you need to troubleshoot the activation state, reconnect to the Microsoft 365 work account, and resolve any credential/authentication points. You also needs to look out for doable TPM points.

If all these strategies fail, create a brand new consumer account and begin using Microsoft 365 from scratch.

Now, let’s focus on all these options intimately.

Reset Microsoft 365 Activation State

The very first thing you need to do is obtain and run the Microsoft Support and Recovery Assistant (SaRA) to reset the Microsoft 365 activation state. It will search for most points with the activation course of and mechanically cope with them.

Disconnect and Reconnect to the Work Account

An straightforward repair that has labored for many customers is to disconnect and reconnect to the Active Directory or Work Account that you just use for Microsoft 365. It will refresh the connection and will let you enter your credentials and activation keys afresh.

For this course of,

1. Press Windows + I to open Settings.
2. Go to Accounts > Access work or faculty.
3. Expand the Active Directory (AD) or Work account and choose Disconnect > Yes.
4. Restart your laptop.
5. Go back to Settings > Accounts > Access work or faculty.
6. Click on Connect and observe the on-screen directions to affix the identical AD or work account.
7. Make positive to decide on Let my group handle my device whereas doing so.

Note: You also needs to contact the admin for the Active Directory or the work account in case your laptop is disabled on the Domain Controller’s finish.

Remove Office Credentials

If merely disconnecting and reconnecting with the Microsoft 365 work account didn’t assist, repeat the method after eradicating all of the Office credentials. This manner, the present credentials gained’t have an effect on the reactivation course of.

For this answer,

1. Open Run.
2. Type management keymgr.dll or management /title Microsoft.CredentialManager and press Enter. It will load the Credential Manager.
3. Go to Windows Credentials.
4. Expand all credentials for Microsoft Office apps and choose Remove > Yes.
5. Restart your laptop.
6. Then, disconnect and reconnect to the work account for Microsoft 365.

Enable Office Protection Policy

Microsoft additionally recommends enabling office safety policy earlier than reconnecting with the work account in case the above options don’t work.

Here are the entire steps:

1. Go to Windows Settings > Accounts > Access work or faculty.
2. Disconnect from the work account for Microsoft 365.
3. Now, open the Registry Editor.
4. Go to HKEY_LOCAL_MACHINESoftwareMicrosoftCryptographyProtectProvidersdf9d8cd0-1501-11d1-8c7a-00c04fc297eb
5. Right-click on an empty space and choose New > DWORD (32-bit) Value.
6. Set its title to ProtectionPolicy and worth to 1.
7. Restart your laptop.

Disable Security Software

You may encounter this problem when an antivirus or safety app blocks the Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy plugin required for the activation. In such circumstances, quickly disable your antivirus, firewall or any safety app.

You also needs to contact your Microsoft 365 admin in case a proxy or firewall on their finish is obstructing this plugin.

Delete and Reinstall BrokerPlugin Data

You’ll additionally encounter this error if the Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy plugin itself has some points. In such circumstances, delete any associated information and run the Microsoft Support and Recovery Assistant to recreate them from scratch.

The full course of contains,

1. Open Run.
2. Type %LOCALAPPDATApercentPackagesMicrosoft.AAD.BrokerPlugin_cw5n1h2txyewyACTokenBrokerAccounts and press Enter. It will load this folder within the File Explorer.
3. Select all of its contents and delete them.
4. Now, do the identical to the contents of the %LOCALAPPDATApercentPackagesMicrosoft.Windows.CloudExperienceHost_cw5n1h2txyewyACTokenBrokerAccounts folder.
5. Restart your laptop.
6. Download the Microsoft Support and Recovery Assistant (SaRA) package deal for check in points and run it.

Enable Multi-Factor Authentication on Admin

To enhance safety, Microsoft 365 apps requires multi-factor authentication (MFA) by default. This authentication should be enabled from the admin’s safety properties. Otherwise, the customers might expertise “Trusted Platform Module has malfunctioned” error when activating the Microsoft 365 apps.

If you don’t have entry to the admin account, contact the system administrator and have them make the required modifications.

1. Open a Web browser and go to Microsoft 365 admin heart.
2. Click on Show All on the left pane and choose Azure Active Directory Admin Center.
3. Here, undergo Azure Active Directory > Properties > Manage Security defaults.
4. Set Enable Security defaults to Yes and hit Save.

Disable Azure Active Directory Authentication Library (ADAL) Authentication

If the above technique is just not possible, you possibly can disable Azure Active Directory Authentication Library (ADAL) authentication to take away the native want for MFA. 

However, remember that the requirement for MFA is an enchancment to the safety so disabling ADAL will not be the very best answer.

Regardless, you should utilize the Registry Editor for this function.

1. Open Run.
2. Type regedit and press Enter to open the Registry Editor.
3. Go to ComputerHKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonIdentity
4. Right-click on an empty space and choose New > DWORD (32-bit) Value.
5. Name it as EnableADAL and set its worth to 0.

Enable TPM

Now, you need to begin troubleshooting for TPM points. But earlier than shifting to different TPM associated options, ensure it’s truly enabled in your BIOS.

You will discover it as TPM State, Intel PTT, AMD PSP fTPM, Intel Platform Trust Technology or an identical choice beneath Security tabs inside your BIOS.

You also can use our devoted motherboard BIOS guides for ASRock, ASUS, MSI and Gigabyte motherboards in the event you want further assist.

You may must put together the TPM after enabling it within the BIOS. After logging in to your system,

1. Open Run.
2. Type tpm.msc and press Enter to open Trusted Platform Module (TPM) Management on Local Computer.
3. Select Prepare the TPM and ensure all following prompts.
4. Restart your laptop.

After that, it’s higher to manually set up Windows updates to update the TPM drivers alongside.

Clear TPM Keys

You also can attempt clearing the TPM keys and reset TPM to its default state to resolve any points inside.

Cleaning the TPM keys might end in information loss. Before clearing it, ensure to back up any essential information that your system is encrypting with the TPM or BitLocker.

Then,

1. Open Trusted Platform Module (TPM) Management on Local Computer.
2. Select Clean TPM > Restart.

Uninstall and Reinstall TPM Drivers

Another manner you possibly can attempt to troubleshoot your TPM is to uninstall and reinstall its driver. This course of will refresh the device and resolve most errors with it.

1. Open Run.
2. Type devmgmt.msc and press Enter to open the Device Manager.
3. Expand Security Devices.
4. Right-click on Trusted Platform Module and choose Uninstall device > Uninstall.
5. Right-click on Security Devices or the pc title and choose Scan for {hardware} modifications.

Create New User Account

If you couldn’t resolve the problem by the above options, your consumer profile might need develop into corrupt. Rather than going by all nooks and corners to restore it, it’s higher to create a brand new admin account and the corresponding profile.

For that,

1. Open Windows Settings.
2. Go to Accounts > Other customers and click on Add account beneath Other customers.
3. If it asks you to create a Microsoft account, choose I don’t have this particular person’s sign-in info > Add a consumer and not using a Microsoft account.
4. Enter the brand new username and password. Click Next.
5. Expand the brand new account and choose Change account sort. 
6. Set Account sort to Administrator and click on OK.
7. Sign it to the new account, set up Office or Microsoft 365, and attempt to activate it once more.

If you might be profitable, switch all non-hidden contents out of your outdated consumer profile folder inside C:Users to the brand new one. Then, take away your outdated account together with the consumer profile.

Update BIOS

TPM might not work with sure BIOS variations in some motherboards. So verify the BIOS update web page in your motherboard’s help platform and search for any TMP associated enhancements or fixes. If a later BIOS model carries such options set up the most recent steady BIOS update.

Since the precise course of varies for various motherboards, I like to recommend testing our devoted guides for the motherboards under: