Microsoft 365 Apps activation error Trusted Platform Module malfunctioned - Microsoft 365 Apps (2024)

Table of Contents
In this article Feedback In this article

Share via

  • Article
  • Applies to:
    Microsoft 365

When you try to activate Microsoft 365 apps, you encounter the error:

See Also
What causes TPMS sensors to fail?Re-activating the Trusted Platform Module (TPM) Security Feature After a System Board ReplacementWhen to Replace Your TPMS Sensor - A Complete GuideHow to Bypass Secure Boot & Trusted Platform Module to Install Windows 11

Trusted Platform Module malfunctioned

Try the following troubleshooting methods to solve the problem.

Note Some of these troubleshooting methods can only be performed by a Microsoft 365 admin. If you aren’t an admin, see How do I find my Microsoft 365 admin?


Reset Microsoft 365 activation state

Run the Microsoft Support and Recovery Assistant (SaRA) to reset the Microsoft 365 activation state.

For manual steps or more information, see Reset Microsoft 365 Apps for enterprise activation state.

Remove Office credentials
  1. From Start, type credential manager, and then select Credential Manager from the search results.
  2. Select Windows credentials.
  3. If there are any credentials for MicrosoftOffice16, select the arrow next to them and then select Remove.
  4. Close Credential Manager.
  5. From Start, select Settings (the gear icon) > Accounts > Access work or school.
  6. If the account you use to sign in to office.com is listed there, but it isn’t the account you use to sign in to Windows, select it, and then select Disconnect.
  7. Restart the device and try to activate Microsoft 365 again.
Check BrokerPlugin process

Some antivirus, proxy, or firewall software might block the following plug-in process:

Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

Temporarily disable your antivirus software. Contact your system administrator to find out if you are behind a proxy or firewall that is blocking this process. If so, you will also need to temporarily disable your proxy or firewall connection. If you connect through a Virtual Private Network (VPN), you might need to temporarily disable your VPN also.

If the process isn’t blocked, but you still can’t activate Microsoft 365, delete your BrokerPlugin data and then reinstall it using the following steps:

  1. Open File Explorer, and put the following location in the address bar:%LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts
  2. Press CTRL + A to select all.
  3. Right-click in the selected files and choose Delete.
  4. Put the following location in the File Explorer address bar:%LOCALAPPDATA%\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\TokenBroker\Accounts
  5. Select all files and delete them.
  6. Restart the device.
  7. Download and run the SaRA package for sign in issues.

For manual troubleshooting for step 7, or for more information, see Fix authentication issues in Office applications when you try to connect to a Microsoft 365 service.

Clear the Trusted Platform Module (TPM)
  1. From Start, select Settings (the gear icon) > Update & Security > Windows Security > Device Security.
  2. Under Security processor, select Security processor details > Security processor troubleshooting.
  3. Select Clear TPM.
  4. Restart the device and try to activate Microsoft 365 again.
Troubleshoot Microsoft Entra hybrid join

  1. Open a Command Prompt window as an administrator. From Start, type cmd.exe in the search box, right-click Command Prompt in the list, and then select Run as administrator.

  2. Type the following command, and then press Enter:

    dsregcmd /status

If EventID 220 is present in User Device Registration event logs, see Troubleshoot Microsoft Entra hybrid joined devices.

If error code 0x801c001d is present, configure a service connection point.

Enable Office Protection Policy
  1. Open an Office app, such as Word.
  2. Select your name and profile picture at the top, then select Sign out.
  3. Close the Office app.
  4. From Start, select Settings (the gear icon) > Accounts > Access work or school.
  5. Select the account you use to sign in to office.com is listed there, and then select Disconnect.
  6. From Start, type regedit, and then select Registry Editor from the search results.
  7. Use the arrows to expand selections and navigate to:HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb
  8. Right-click the registry value and select New, then select DWORD.
  9. Name the DWORD ProtectionPolicy and set the value to 1.
  10. Restart the device and try to activate Microsoft 365 again.
Disconnect from and then connect to Microsoft Entra ID
  1. From Start, select Settings (the gear icon) > Accounts > Access work or school.
  2. Select the Microsoft Entra ID connection.
  3. Select Disconnect.
  4. Restart the device.
  5. Return to the Access work or school page as described in step 1.
  6. Select Join this device to Microsoft Entra ID.
  7. Enter your credentials.
  8. Select Let my organization manage my device.
  9. Restart the device and try to activate Microsoft 365 again.
Enable Memory integrity
  1. From Start, select Settings (the gear icon) > Update & Security > Windows Security > Device Security.
  2. Under Core isolation, select Core isolation details.
  3. Turn Memory integrity on.
  4. Restart the device and try to activate Microsoft 365 again.
Enable or add the device in Microsoft Entra ID

If the device was disabled in Microsoft Entra ID, an administrator who has sufficient privileges can re-enable it from the Microsoft Entra admin center, as follows:

  1. Sign in to the Azure portal.
  2. Select Microsoft Entra ID > Devices.
  3. Examine the disabled devices list in Devices, by searching on the username or device name.
  4. Select the device, and then select Enable.

For more information, see Manage device identities using the Azure portal.

If the device was deleted in Microsoft Entra ID, you have to re-register it manually. For detailed steps to do this, see Re-enable or re-register the device.

Update your device’s BIOS

Update the BIOS for your device. If you need more information about doing so, contact the manufacturer of your device. If you are using a Microsoft Surface device, see Download drivers and firmware for Surface.

Make sure the TPM is set to Active
  1. Restart your device. Before Windows loads, press F1.
  2. Under the Security tab, check if TPM 1.2 is selected.
  3. If TPM 1.2 is selected, make sure that Security Chip is set to Active.
  4. Save and exit. When Windows starts, try to activate Microsoft 365 again.

Note Microsoft recommends using TPM 2.0 whenever possible.

Create a new Windows user account
  1. Perform a clean boot of Windows. For instructions, see How to perform a clean boot in Windows.
  2. Create a new user account, and then make that account an administrator. For instructions, see Create a local user or administrator account in Windows.
  3. Sign in to Windows with the new account.
  4. Download and install Office.
  5. Try to activate Microsoft 365 again.

Feedback

Was this page helpful?

Provide product feedback

Microsoft 365 Apps activation error Trusted Platform Module malfunctioned - Microsoft 365 Apps (2024)
Top Articles
California's Renters
How Many Hours Should You Work Per Week?
Umbc Baseball Camp
The UPS Store | Ship & Print Here > 400 West Broadway
CLI Book 3: Cisco Secure Firewall ASA VPN CLI Configuration Guide, 9.22 - General VPN Parameters [Cisco Secure Firewall ASA]
The Definitive Great Buildings Guide - Forge Of Empires Tips
Team 1 Elite Club Invite
oklahoma city for sale "new tulsa" - craigslist
Craigslist Parsippany Nj Rooms For Rent
Trade Chart Dave Richard
Miami Valley Hospital Central Scheduling
Help with Choosing Parts
How to Store Boiled Sweets
Char-Em Isd
Does Breckie Hill Have An Only Fans – Repeat Replay
Beebe Portal Athena
ELT Concourse Delta: preparing for Module Two
Halo Worth Animal Jam
Teacup Yorkie For Sale Up To $400 In South Carolina
Theater X Orange Heights Florida
Globle Answer March 1 2023
When Does Subway Open And Close
Inter Miami Vs Fc Dallas Total Sportek
CVS Health’s MinuteClinic Introduces New Virtual Care Offering
Craigslist Northern Minnesota
Tomb Of The Mask Unblocked Games World
Elijah Streams Videos
The Monitor Recent Obituaries: All Of The Monitor's Recent Obituaries
Mark Ronchetti Daughters
Delta Rastrear Vuelo
Nail Salon Open On Monday Near Me
About | Swan Medical Group
The Pretty Kitty Tanglewood
Rise Meadville Reviews
Go Smiles Herndon Reviews
Walgreens Agrees to Pay $106.8M to Resolve Allegations It Billed the Government for Prescriptions Never Dispensed
159R Bus Schedule Pdf
The Banshees Of Inisherin Showtimes Near Reading Cinemas Town Square
Discover Wisconsin Season 16
Let's co-sleep on it: How I became the mom I swore I'd never be
Appraisalport Com Dashboard Orders
VDJdb in 2019: database extension, new analysis infrastructure and a T-cell receptor motif compendium
Patricia And Aaron Toro
Thothd Download
This Doctor Was Vilified After Contracting Ebola. Now He Sees History Repeating Itself With Coronavirus
Scott Surratt Salary
A Snowy Day In Oakland Showtimes Near Maya Pittsburg Cinemas
Craigslist Pets Lewiston Idaho
O'reilly's On Marbach
Estes4Me Payroll
Latest Posts
4 Things To Know About Key Codes
Moving to Puerto Rico? Here's Everything You Need to Know
Article information

Author: Carmelo Roob

Last Updated:

Views: 6017

Rating: 4.4 / 5 (65 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Carmelo Roob

Birthday: 1995-01-09

Address: Apt. 915 481 Sipes Cliff, New Gonzalobury, CO 80176

Phone: +6773780339780

Job: Sales Executive

Hobby: Gaming, Jogging, Rugby, Video gaming, Handball, Ice skating, Web surfing

Introduction: My name is Carmelo Roob, I am a modern, handsome, delightful, comfortable, attractive, vast, good person who loves writing and wants to share my knowledge and understanding with you.