Trusted Platform Module has malfunctioned, 80090034, Encryption failed

This post features solutions to fix Your computer’s Trusted Platform Module has malfunctioned, Encryption failed, Error 80090034 Microsoft 365 apps Activation error. Microsoft 365 is a subscription-based service offering collaborative and up-to-date features. It offers different Office apps, including Word, PowerPoint, Excel, etc. But recently, some users have complained that their TPM malfunctions while trying to activate Microsoft 365. Fortunately, you can follow some suggestions to fix it.

Your computer’s Trusted Platform Module has malfunctioned. If this error persists, contact your system administrator.

The accompanying Server message you see could see with this Trusted Platform Module has malfunctioned error be any of these:

• Error 80090016, Keyset does not exist
• Error 80090030, The device that is required by this cryptographic device is not ready for use
• Error 80090034, Encryption failed

Fix Trusted Platform Module has malfunctioned, Encryption failed 80090034

To fix Trusted Platform Module has malfunctioned, Encryption failed, Error 80090034, on Windows 11 follow these suggestions:

1. Reset the Microsoft 365 activation state
2. Clear the TPM
3. Remove Office Credentials
4. Delete BrokerPlugin Data
5. Enable Office Protection Policy
6. Disconnect and connect to Azure Active Directory
7. Enable Memory Integrity
8. Check if TPM 2.0 is Active
9. Sign in using a Different Account
10. Update BIOS

Let us see these in detail.

1] Reset the Microsoft 365 activation state

Microsoft Support and Recovery Assistant can help resolve Microsoft 365, Outlook, OneDrive, & other Office-related problems. This tool can help resolve problems with Windows Activation, Updates, Upgrade, Office Installation, Activation, Uninstallation, Outlook email, folders, etc.

Run the Microsoft Support and Recovery Assistant (SaRA) to reset the Microsoft 365 activation state and see if it helps.

2] Clear the TPM

Clearing the TPM will reset it to its default state and remove the owner authorization value and stored keys. Here’s how you can clear your TPM:

• Press the Windows key + I to open Settings.
• Navigate to System > Recovery and click on Restart Now beside Advanced Startup.
• Once your device restarts, click on Troubleshoot > Advanced Options > UEFI Firmware Settings. This will take you to the BIOS.
• In BIOS, navigate to the Security tab, and here you’ll see an option Clear TPM.
• Select Clear TPM and save the changes.
• Once your device restarts, try activating Microsoft 365 again.

Before you clear your TPM, turn off BitLocker on all your drives or save the encryption password somewhere. You need to do so to avoid losing the encryption keys for your drives and won’t be able to reread them.

Alternatively, you can also clear TPM via Powershell.

3] Remove Office Credentials

Activation errors can occur if the Office credentials get corrupted. Removing these credentials can help fix the error. Here’s how:

• Click on the Windows key, search for Credential Manager, and open it.
• Navigate to Windows credentials, select the arrow next to MicrosoftOffice16, and then select Remove.
• Close the Credential Manager once done.
• Open Windows Settings and navigate to Accounts > Access work or school.
• Choose Disconnect if the account you use to log into office.com is listed there but not the one you use to log into Windows.
• Restart your device and try activating Microsoft 365 again.

4] Delete BrokerPlugin Data

BrokerPlugin.exe is an AAD token broker plugin file used to access virtualized applications from various devices. Sometimes its data gets corrupted, causing Microsoft 365 activation errors. Delete the Broker plugin data and then reinstall it to fix the issue. Here’s how:

• Open File Explorer and navigate to the following path.

  %LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts

• Press CTRL + A to select all the files and then hit the Delete button.
• Now navigate to this path.

  %LOCALAPPDATA%\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\TokenBroker\Accounts

• Select all the files and hit the Delete button.
• Restart your device, run the Support and Recovery Assistant, and try activating Microsoft 365 again.

5] Enable Office Protection Policy

The Office protection policy manages and protects your organization’s data. It manages most of the Microsoft Office applications. If this policy gets disabled, you may face trouble activating Microsoft 365. Enable the policy and see if the error gets fixed. Here’s how:

1. Open any Office app, select your name and profile picture at the top, and click Sign Out.
2. Press the Windows key + I to open Settings.
3. Navigate to Settings > Accounts > Access work or school.
4. Select the account you use for signing into Office.com and click on Disconnect.
   
5. Click the Start button, type regedit and hit Enter.
6. Once the Registry Editor opens, navigate to the following path:

   HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb

7. Right-click on the key, and select New > DWORD (32-bit) Value.
8. Name the newly created value as ProtectionPolicy, set the value data as 1 and click on Ok to save the changes.
   
9. Restart your device and see if the error gets fixed.

6] Disconnect and connect to Azure Active Directory

Azure Active Directory is a cloud-based identity service by Microsoft that offers single sign-on, multifactor authentication and guards against data breaches and cybersecurity attacks. Azure AD requires TPM with HMAC and EK certificates for key attestation support. Disconnecting and reconnecting to the Azure AD can help fix activation errors due to TPM malfunction. Here’s how:

1. Press the Windows key + I to open Settings.
2. Navigate to Accounts > Access work or school.
3. Select the Azure AD connection, click Disconnect, and restart your PC.
4. Again, navigate to the Access work or school page and select Join this device to Azure Active Directory.
5. Enter your account credentials and select Let my organization manage my device.
6. Restart your device once done, and try activating Office 365.

7] Enable Memory Integrity

Memory Integrity is a core isolation feature that prevents malicious code from accessing your device’s core processes in the event of an attack. If this feature gets disabled, users can face errors activating Microsoft 365. Enable it and try activating Microsoft 365 again. Here’s how:

1. Press the Windows key + I to open Settings.
2. Navigate to Update & Security > Windows Security > Device Security.
3. Select Core isolation details under Core Isolation and turn on Memory Integrity.

8] Check if TPM 2.0 is Active

Trusted Platform Module 2.0 offers various hardware-based, security-related functions. If facing activation errors, check if the feature is enabled on your PC. Here’s how:

• Press the Windows key + I to open Settings.
• Navigate to System > Recovery and click on Restart now beside Advanced Startup.
• Here click on Troubleshoot > Advanced Options > UEFI Firmware Settings > Restart.
• Navigate to Security and enable Trusted Platform Module(TPM).
• Save the changes, restart your system and try activating Microsoft 365 again.

9] Sign in using a Different Account

It’s possible the issue lies within your Microsoft Account. If that’s the case, try logging in with another account. However, you can also log in with a Local account and check if the issue gets fixed.

10] Update BIOS

If none of the above steps can help you, update the Motherboard’s BIOS. An outdated or corrupted BIOS may be the real culprit. On updating the BIOS, your TPM error should get resolved.

I hope this post helps you.

Read: Fix Event ID 14 and 17 – TPM command failure on Windows

How to fix Microsoft Trusted Platform Module has malfunctioned?

To fix Microsoft Trusted Platform Module malfunctioned error on Windows 11, firstly, check if TPM 2.0 is enabled in the BIOS. If it is enabled, try clearing the TPM. To do so, open the Run dialog box, type tpm.msc and hit Enter. Now, click on the Clear TPM option on the page that opens.

Does clearing TPM erase data?

Clearing the TPM resets the security chip back to its default state. This means all the keys associated with TPM and its protected data will be deleted. Before doing so, make sure to back up the data encrypted by the TPM.