Support tip: Recovering from Windows Autopilot error code 0x81039023 on Windows 11 SE

There is currently a known issue where some devices may fail TPM attestation on Windows 11 during the Windows Autopilot pre-provisioning technician flow or self-deploying mode with the error code 0x81039023. There is currently no workaround for this error code, but we are working to resolve the issue. In the meantime, we recommend not using self-deploying mode or pre-provisioned deployments on Windows 11 SE devices. Windows Autopilot user-driven mode is still supported. The below support tip provides recommendations for recovering a device that has received error code 0x81039023.

 

If you are using the Enrollment Status Page (ESP), ensure that users are allowed to reset the device if an installation error occurs.

 

Screenshot of the Microsoft Endpoint Manager admin center, on the 'Enrollment Status Page' > 'All users and all devices' > 'Edit profile' page. The image shows the setting 'Allow users to reset device if installation error occurs' which is toggled to 'Yes'.

 

If your users are not allowed to reset device if installation error occurs, and they receive error code 0x81039023, you will need to work with your OEM to put a clean image on the device. We recommend always allowing users to reset devices if an installation error occurs on Windows 11 SE. If you can reset the device, then you can move forward with another enrollment method, such as Windows Autopilot user-driven mode or Set up School PCs.

 

To use Autopilot user-driven mode, convert your existing Windows Autopilot deployment profile to user-driven mode. Then, delete the device record in Intune by going to Devices > All devices > choose the device you want to delete > Delete. You can also do this on several devices as a bulk action.  

Important: Do not use Intune for Education for this step because that will delete the Azure Active Directory (Azure AD) device record as well. Use Microsoft Endpoint Manager for this step.

 

Screenshot of the Microsoft Endpoint Manager admin center, on the 'Devices' page. This image shows the remote action 'Delete'.

 

To use Set up School PCs, you must deregister the device from Windows Autopilot and then create and apply a provisioning package.

 

Lastly, reset the device and move forward with the new enrollment method.

 

More information:

• Windows Autopilot scenarios and capabilities
• TPM attestation failure on Windows 11 error code 0x81039023
• Windows Autopilot resolved issues

If you have any feedback or questions reply to this post or reach out to @IntuneSuppTeam on Twitter.

 

 

Posted at https://sl.advdat.com/3vbCc0Ihttps://sl.advdat.com/3vbCc0I