Reasons for failed automatic device encryption: Un-allowed DMA capable

Well MS rep was wrong this error is normal for a TPM 1.2 model for anyone wanting more info on this error check this out. so if you got this error Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not InstantGo, Un-allowed DMA capable bus/device(s) detected, Disabled by policy, make sure you have a TPM 2.0 model and not a TPM 1.2 as the error is related to your TPM chip not beeing compatible see chart below. This is something new according to the page would explain why it use to be supported and is now not according to the page the changed it to TPM 2.0 going forward but kept some of the stuff compatible for older systems all new system will need TPM 2.0 is what i read and understand. Hope this helps others god bless all.

taken from TPM recommendations (Windows 10) | Microsoft Docs
TPM and Windows Features

The following table defines which Windows features require TPM support.

Windows Features	TPM Required	Supports TPM 1.2	Supports TPM 2.0	Details
Measured Boot	Yes	Yes	Yes	Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot
BitLocker	Yes	Yes	Yes	TPM 1.2 or 2.0 is required
Device Encryption	Yes	N/A	Yes	Device Encryption requires InstantGo/Connected Standby certification, which requires TPM 2.0.
Device Guard	No	Yes	Yes
Credential Guard	No	Yes	Yes	Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported.
Device Health Attestation	Yes	Yes	Yes
Windows Hello/Windows Hello for Business	No	Yes	Yes	Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support.
UEFI Secure Boot	No	Yes	Yes
TPM Platform Crypto Provider Key Storage Provider	Yes	Yes	Yes
Virtual Smart Card	Yes	Yes	Yes
Certificate storage	No	Yes	Yes	TPM is only required when the certificate is stored in the TPM.

Tonyb said:

guys facing same issue as well have this error in system info and my secure boot is now disabled and stuff any way to fix ?? called ms they just point me to device manufacture , no help at all, the article looks to be removed ??

Just to update an old thread - that article seems to be back at
https://docs.microsoft.com/en-us/win...yption-for-oem

I don't know if it had all the same information as before?

This time I'm right-clicking the download option bottom-left to keep a PDF copy!

Thanks much after reading this i understand why :)

Tonyb said:

Well MS rep was wrong this error is normal for a TPM 1.2 model for anyone wanting more info on this error check this out. so if you got this error Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not InstantGo, Un-allowed DMA capable bus/device(s) detected, Disabled by policy, make sure you have a TPM 2.0 model and not a TPM 1.2 as the error is related to your TPM chip not beeing compatible see chart below. This is something new according to the page would explain why it use to be supported and is now not according to the page the changed it to TPM 2.0 going forward but kept some of the stuff compatible for older systems all new system will need TPM 2.0 is what i read and understand. Hope this helps others god bless all.

taken from TPM recommendations (Windows 10) | Microsoft Docs
TPM and Windows Features

The following table defines which Windows features require TPM support.

Windows Features	TPM Required	Supports TPM 1.2	Supports TPM 2.0	Details
Measured Boot	Yes	Yes	Yes	Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot
BitLocker	Yes	Yes	Yes	TPM 1.2 or 2.0 is required
Device Encryption	Yes	N/A	Yes	Device Encryption requires InstantGo/Connected Standby certification, which requires TPM 2.0.
Device Guard	No	Yes	Yes
Credential Guard	No	Yes	Yes	Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported.
Device Health Attestation	Yes	Yes	Yes
Windows Hello/Windows Hello for Business	No	Yes	Yes	Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support.
UEFI Secure Boot	No	Yes	Yes
TPM Platform Crypto Provider Key Storage Provider	Yes	Yes	Yes
Virtual Smart Card	Yes	Yes	Yes
Certificate storage	No	Yes	Yes	TPM is only required when the certificate is stored in the TPM.

Now yea can fix this with Out reinstalling you're windows :)
Device Encryption Support Reasons for failed automatic device encryption: TPM is not usable, PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected, TPM is not usable


it can be fixed microsoft said it couldn't lol the old way we had to take back up of stuff to relaod everything this new way we don't :) YouTube tells yea I hope this finally solves this don't microsoft over the phone they still claim yea can't do this One Up on them lololol