Fix TPM Error in Office 365 Cloud Step-by-Step

When attempting to activate or sign in to Microsoft 365 applications, some users encounter a “Trusted Platform Module (TPM) has malfunction” or TPM Error in Office 365.

This issue, often accompanied by error codes like 80090016, 80090030, or c0090016.

If this happens, users can’t use any of the O365 apps like Word, Outlook, Teams, etc. Don’t worry if you face this problem; we have a list of solutions you can try out. Note that some solutions need admin intervention, so put them on speed dial.

Before we get to the solutions themselves, let us discuss the situations in which this problem happens.

Why Does TPM Error Occur in Office 365?

There is no one single root cause that results in the Trusted Platform Module malfunctioning. Instead, whenever the TPM fails to communicate with the security chip present in a device’s motherboard, you see an error pop-up. It can be due to, but is not limited to:

• Corrupted TPM keys
• Misconfiguration during the first installation.
• Outdated TPM drivers
• Firmware may be old and thus mismatched.
• Problems inside the NGC folder that monitor the Windows Hello PIN setup.
• Conflicts with services like Antivirus/Firewall/Proxy/VPN present on the system.
• The device may not be registered in the Azure Portal.

Now that we know the reasons, let’s start the remedy.

Start Fixing the TPM Error in Office 365 by Resetting the Activation State

If you are an admin, you can set up and use the Enterprise version of Microsoft Support and Recovery Assistant.

Unlike the personal SaRA, which is now fully integrated into the Get Help troubleshooter, the enterprise edition is still available as an independent installation. Admins need to be aware that the Enterprise version of Microsoft Support and Recovery Assistant is a command-line tool with no GUI component, but it allows creation of custom scripts.

Users can run the built-in Microsoft 365 Troubleshooter on their device if the admin is absent/busy.

Other than that Trusted Platform Module malfunction can be resolved with the help of the OLicenseCleanup.vbs and signoutofwamaccounts.ps1 scripts, plus there is also the WPJCleanUp.cmd, use it only when your device is connected to the Workplace.

All of these can be found in Microsoft’s official guide for resetting the activation state.

On that page, you can find the steps to manually clear any prior activation information persisting and causing the message with error code 80090030 to appear.

Resolve the Office 365 Activation TPM Error by Removing the Credentials

• Open Start > Search and open Credential Manager.
  
• Switch to Windows credentials.
• Use the small drop-down arrow to expand any credentials for “MicrosoftOffice16”
  
• Click Remove > Confirm > close Credential Manager.
• Press Windows Key > Settings > Accounts > Access work or school.
  
• Disconnect the O365 account > Restart device and reattempt Microsoft 365 activation.

BrokerPlugin May Cause the TPM Error! Here’s How You Fix It

Your security systems, like antivirus, firewall, and proxy, may misidentify Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy processes and labels it as a threat.

Effectively stopping it. Without this plugin, the authentication can’t happen, and you see the Trusted Platform Module error show up on your screen.

Also Read: 7 Ways to Access Microsoft 365 Admin Center?

You should disable your antivirus, and if this does not fix the issue, contact your system admin. It is possible that it is the proxy or firewall that is blocking the broker plugin. In that case, disable them as well. It is also possible that you are using a VPN, which causes the blockage, so turn the VPN off and try again.

If you still can’t make the broker work, the problem is with the plugin itself. Delete and reinstall.

Open File Explorer and put the following in the address bar:

%LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts

Hold Ctrl + A and Delete.

Repeat this on the following location as well:
%LOCALAPPDATA%\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\TokenBroker\Accounts

Restart your device and use the Get help troubleshooter.

Clear the Problematic Trusted Platform Module (TPM) from Your System

Press Windows Key > Settings > Update & Security > Windows Security > Device Security.

Under Security processor, you will find Security processor details. Click on Security processor troubleshooting.

Click the Clear TPM button, restart your device, and activate M365 again. If your organization operates a Hybrid setup, you have a command-line checkup function you can use to fix the issue.

 

Fix TPM Error in Hybrid Connection

Launch a new command-line instance as the admin.

Type dsregcmd /status

For users facing EventID 220 (Check User Device Registration), follow the guidelines for Microsoft Entra hybrid joined devices.

On the other hand, if you see a 0x801c001d code, it would be better to make a service connection point.

Make an O365 Protection Policy to Bypass TPM Malfunction

• Open Word(or any other M365 app you have on your system, it doesn’t matter).
• Tap on your profile and sign out, then close the app.
  
• Hit the Windows key > in the Start menu, click on the Settings gear > Accounts > Access work or school.
• Select your account and Disconnect.
• Press Windows + R, type regedit and press Enter (a pop-up might appear asking “Do you want to allow this app to make changes on your device?”, press Yes)
• In the Registry editor, replace the default path name with
• HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb
• Right click on any white space, hit New, then select DWORD (32 bit).
• Set the name as ProtectionPolicy and the value to 1.
  
• Restart the device and activate Office 365

Disconnect from and then Reconnect to Microsoft Entra ID

• Windows key > in the Start menu, click on the Settings gear > Accounts > Access work or school.
• Select your Microsoft Entra ID connection > Disconnect.
• Restart.
• Windows key > in the Start menu, click on the Settings gear > Accounts > Access work or school.
• Press “Join this device to Microsoft Entra ID.”
• Type in the account credentials.
• Click “Let my organization manage my device”.
• Restart and activate.

Enable Memory Integrity to Fix TPM Error in Office 365

• Windows key > in the Start menu, click on the Settings gear > Update & Security > Windows Security > Device Security.
• See Core isolation > open Core isolation details.
• Set  Memory integrity to on.
• Restart and activate

How Admins can Enable or Add a Device in Microsoft Entra ID to fix the TPM Error?

• Open the Azure portal.
• On the left side menu, Microsoft Entra ID > Devices.
• Check the list of Disabled devices, select the one where the user is reporting a TPM error in Office 365 > and Enable
• Note: Deleted devices must be re-registered.

Also Read: Can You BCC on an Outlook Calendar Invite Yes! Here’s How

Please make sure that you have the latest BIOS for your device. If not, update ASAP.

Make TPM Active and Fix TPM Error in Office 365

• Restart > Before Windows Loads, press and hold the F1 key.
• Go to the Security tab and select TPM 1.2 (Microsoft recommends TPM 2.0) and set the Security chip in Active position.
• Save and exit > Restart, let Windows load fully > log in and activate your Office 365 > you should no longer encounter the TPM malfunction.

Create a New Windows User Account

Do a clean boot of Windows. Make a new User account and assign it admin privileges.

Sign in and activate M365.

Conclusion

Now you know why a TPM Error in Office 365 happens and how to solve it. Once you do it is recommended that you use a professional Office 365 backup tool to keep a safe copy of data. Although making a backup won’t stop the Trusted Platform Module from malfunctioning, it will be your safety net in case any data loss incidents occur.