![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 57.99999999999999%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,382 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Hi @Jon Kilner
To answer your question If you have a device with TPM 1.2, you must disable them before proceeding with Hybrid Azure AD join.
Microsoft will not be disabling FIPS mode for TPMs as it is dependent on the TPM manufacturer.
TPM 1.2 is not supported for storing the Primary Refresh Token (PRT) private key, this will be treated as the device has no TPM, even though TPM 1.2 is physically present.
If a device does not have a TPM2 chip, the private key for the Primary Refresh Token (PRT) is not stored on a TPM. In such cases, the device uses as software-based encryption or other or security software.
Hope this helps. Do let us know if you any further queries by responding in the comments section.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.