Do you keep receiving a “Trusted platform module has malfunctioned” error in Windows 11 or 10 while attempting to activate Microsoft 365 apps? We will show you how to fix it.

Microsoft 365 apps like Word, Outlook, and Teams will throw out a “Trusted platform module has malfunctioned” warning during authentication if they run into issues communicating with the TPM (Trusted Platform Module) chipset on your PC. You may also see error codes like 80090030, 80090016, and 80284001 accompany it.

Table of Contents

    Work through the instructions below to fix the “Trusted platform module has malfunctioned” error on a Windows 10 or 11 PC. Make sure to re-activate your Microsoft 365 products after each fix. You may have to set up Windows Hello or your PIN repeatedly after some fixes.

    Reset Microsoft 365 Activation State

    It’s best to begin by using Microsoft’s Support and Recovery Assistant to reset the current Office 365 activation state. That allows you to re-activate your Office apps with a fresh slate.

    1. Download the Support and Recovery Assistant from the Microsoft website.

    2. Run the downloaded executable file and select Install. The Support and Recovery Assistant will launch soon after.

    3. Select Office > Next. Pick Microsoft Teams or Outlook if the issue is limited to either product.

    4. Follow the on-screen instructions to reset the Microsoft 365 activation state.

    5. Select Restart to complete resetting the Office activation state.

    Disable Your Antivirus Software

    Third-party security software tends to create various errors while activating Microsoft 365 apps. If you use an anti-malware utility on your computer, briefly disable it and check if that makes a difference.

    Clear the TPM Keys in Windows

    If the TPM error persists, try resetting the Trusted Platform Module to its default state. Microsoft recommends that you save your work and back up the personal data on your PC before you begin.

    1. Open the Start menu and select Windows Security.

    2. Select Device Security on the Windows Security sidebar. Then, select Security processor details.

    3. Select Security processor troubleshooting.

    4. Select the Clear TPM button

    5. Select Clear and restart to confirm you want to reset the security processor on your Windows PC.

    Another way to reset the TPM on your PC is to:

    1. Press Windows Key + R to open a Run box. Then, type tpm.msc and select OK.

    2. Select Action > Clear TPM on the menu bar.

    3. Select Restart.

    Remove Your Microsoft Office Credentials

    The following fix involves removing any existing Microsoft Office credentials from Windows before your next attempt at activating Office products.

    1. Press Windows + S, type Control Panel, and select Credential Manager among the search results.

    2. Select Windows credentials.

    3. Under Generic credentials, expand any credentials for Office applications and select Remove.

    4. Select Yes to confirm.

    5. Restart your computer.

    If your Microsoft 365 account differs from the Microsoft Account you use to sign in to Windows, it’s best to remove it before restarting your computer.

    1. Open the Start menu and select Settings.

    2. Go to Accounts > Access work or school.

    3. Select the work or school account you use to sign in to your Microsoft 365 apps and select Disconnect.

    Turn On Memory Integrity

    Memory integrity is a native security feature in Windows that protects high-security processes from malicious attacks. Turning it on may make the “Trusted platform module has malfunctioned” error disappear.

    1. Open Windows Security and select Device Security on the sidebar.

    2. Select Core isolation details.

    3. Activate the Memory integrity switch and restart your computer.

    Update Your Computer’s Trusted Platform Module Drivers

    Outdated TPM drivers can be another reason why the “Trusted platform module has malfunctioned” error appears on your PC. Check for and install any new TPM updates.

    1. Press Windows + R to open a Run box. Then, type devmgmt.msc and select OK.

    2. Expand the Security devices category.

    3. Right-click Trusted Platform Module and select Update driver.

    4. Select Search automatically for drivers.

    5. Wait until Windows detects and installs new TPM drivers.

    If the Device Manager fails to find newer drivers, try Windows Update instead. To do that:

    1. Open your computer’s Settings app and select Windows Update.

    2. Select Check for updates.

    3. Select View optional updates > Driver updates and install any pending hardware driver updates.

    Uninstall and Reinstall TPM Drivers

    If your PC has no new TPM drivers, consider uninstalling and reinstalling them next. That will resolve possible instances of driver corruption. To do that:

    1. Open the Device Manager and expand Security devices.

    2. Double-click Trusted Platform Module and select Uninstall device.

    3. Select Uninstall to confirm.

    4. Restart your computer.

    5. Re-open the Device Manager, right-click Security devices, and select Scan for Hardware Changes.

    Disable Modern Authentication Protocols

    By default, Microsoft 365 uses modern account authentication protocols like OAuth and SAML for activation. However, despite the enhanced security, they can also result in the “Trusted platform module has malfunctioned” error. Disabling them using the following registry hack might fix it.

    1. Press the Windows + R keys to open a Run box. Then, type regedit and press Enter.

    2. Copy and paste the following path into the top of the Registry Editor window and press Enter:


    3. Right-click the vacant area to the right and select New > DWORD (32-bit) Value.

    4. Rename the new entry as EnableADAL.

    5. Open the new registry entry and make sure that the Value data field has a value of O.

    6. Restart your computer.

    Take Ownership of Ngc Folder

    “Ngc” is a system folder that stores your Windows Hello security information. Sometimes, it can corrupt and generate the “Trusted platform module has malfunctioned” error. Deleting the folder’s contents will force Windows to recreate everything from scratch.

    1. Open File Explorer. Then, copy and paste the following path and press Enter:


    2. Right-click the Ngc folder and select Properties.

    3. Switch to the Security tab and select Advanced.


    4. Select Change next to Owner.

    5. Enter your Windows user account name into the vacant box and select OK.

    6. Check the box next to Replace owners on subcontainers and objects checkbox and select Apply > OK.

    7. Select Yes.

    8. Open the NGC folder and delete all contents inside.

    9. Restart your computer.

    Delete BrokerPlugin and CloudExperienceHost Account Data

    Next, remove all account-related data related to the BrokerPlugin and CloudExperienceHost processes. To do that:

    1. Open File Explorer and visit the following locations:

    • %LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts
    • %LOCALAPPDATA%\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\TokenBroker\Accounts

    2. Delete all files inside both directories.

    3. Reboot your PC and run the Microsoft Support and Recovery Assistant again.

    • Perform a Clean Boot

    Clean booting Windows will prevent conflicts from third-party startup processes during the Microsoft 365 activation process. To do that:

    1. Open a Run box. Then, type msconfig and select OK.

    2. Check the box next to Hide all Microsoft services and select Disable all.

    3. Switch to the Startup tab and select Open Task Manager.

    4. Disable all non-Microsoft processes.

    5. Restart your PC and re-activate Microsoft 365.

    6. Re-activate the disabled services and startup programs.

    Create a New User Account in Windows

    Windows profile corruption is another plausible reason for TPM errors. Hence, try setting up Microsoft 365 in a new Windows user account. To do that:

    1. Open the Settings app and select Accounts.

    2. Select Family & other users on the Settings sidebar. Then, select Add someone else to this PC under Other users.

    3. Select I don’t have this person’s sign-in information > Add a user without a Microsoft account.

    4. Insert a username and password and create a new local account.

    5. Sign in to the new account.

    6. Install Microsoft 365 and activate it. If that helps, migrate your data into the new account and delete your old profile.

    Trusted Platform Module Has Malfunctioned Fixed

    The “Trusted Platform Module Has Malfunctioned” error can be tricky to resolve. However, take the time to work your way through the fixes above, and you should be able to get rid of it eventually.

    If none of the fixes above help, check if the BIOS or UEFI needs an update. If that’s not an issue, consider resetting Windows to factory defaults.