TPM Group Enrollment with Endorsement Certificate
Currently the TPM Endorsement Public Key and registration ID is used to perform individual enrollment.
It is desirable to have group enrollment with EK certificate as follow:
1. Allow user to register their CA/ICA- feature already in Azure portal
2. user create TPM group enrollment, choose the EK issuer CA/ICA
3. Azure DPS will check the Edge's TPM EK certificate(verify with CA/ICA) and perform TPM enrollment procedures as in the individual enrollment.
This feature allow easy enrollment with TPM and yet secure by the TPM enrolment protocol.