What a TPM does
A TPM is a specialised microchip designed to secure hardware by integrating cryptographic keys into the device. It supports functions like BitLocker key storage, Windows Hello credentials, and secure boot processes. Discrete TPMs are separate physical chips, while firmware TPMs are software-based emulations, though discrete TPMs offer greater security. TPMs provide a root of trust, verifying the integrity of the system before boot and protecting sensitive data from unauthorised access.
TPM in Australian tenants today
In AU mid-market environments, TPMs are becoming essential. The ACSC Essential Eight Maturity Level 2 (ML2) explicitly requires hardware-key protected encryption, often necessitating a TPM. Intune compliance policies can leverage TPM presence for device health validation. Furthermore, Conditional Access policies can enforce device-based controls, leveraging TPM attestation to verify device integrity before granting access to corporate resources. APRA CPS 234’s focus on cyber resilience also aligns with the secure boot capabilities TPMs provide.