This blog will show you how to deal with the 0x81039023 you could get when enrolling Windows 11 SE with Autopilot for pre-provisioning deployments.
I will divide this blog into multiple parts.
1. The 0x81039023 Error
When you are trying to enroll your Windows 11 SE (built for education) devices with Autopilot for pre-provisioning deployments you could stumble upon the 0x81039023 TPM attestation error.
Of course, not to be confused with the 0x81039024 TPM error even when it almost looks the same! In the past, I wrote a lot about TPM attestation errors and how you could start troubleshooting them. It’s worth reading!
2. The Workaround
Normally I would recommend making sure you are using the latest Windows build when you want to make use of the Autopilot for pre-provisioning deployment option but this time it’s not the solution. It almost sounds like the ongoing AMD TPM issue, right?
To make sure people could still enroll their device with Autopilot, we need to switch to the user-driven Autopilot and change some other settings
2.1 Autopilot Profile
First, let’s make sure we are converting our existing Windows Autopilot profile to a user-drive one
2.2 ESP Page
When we removed the ability to perform a pre-provisioning on the device we also need to make sure we are changing the Enrollment Status Page (ESP). As shown below, please make sure you change the option: “allow users to reset device if installation error occurs” to yes!
When you have configured this option, as shown above, you are making sure the end-user could reset the device on their own without the need to call in an IT guy/woman to reinstall the whole device
2.3 The Lingering Intune Object
When moving over to a user-driven Autopilot it’s always best practice to make sure you delete the Intune object first before retrying the Autopilot enrollment. Please make sure you remove this object from the endpoint.manager.com portal instead of the education portal as you don’t want to also remove the Azure object while doing so!
If you want to read more about the “Why” you need to remove the object, please read my blog below
Autopilot and disabling “set up local account” prompt (call4cloud.nl)
Changing the autopilot profile to a user-driven one is not exactly a fix but more like a workaround for now. Hopefully, MS will fix this issue in a future release!