Now that your Windows 7 to 10 migration is complete, you may want to upgrade the TPM Spec version from 1.2 to 2.0 to take full advantage of Windows 10's security features, like Device Guard and Credential Guard.
This article will cover the TPM Firmware Switch Tool that was released to remedy affected ThinkCentres described in the LEN-15552 Security Advisory.
What follows is a brief look at what is possible and not necessarily recommended for everyone. Hopefully someone finds it useful.
Earlier at MMS this year (2017), a fantastic session on modern driver management in OS deployments was presented by Kim Oppalfens and Tom Degreef. This method and what it entails can be found here.
There are some definite advantages to pre-provisioning BitLocker. Pre-provisioning the disk will encrypt only used space, so when this step executes, the drive will be encrypted before the operating system has been laid down to the client, saving a ton of time.
The catch here is that in order for pre-provisioning to work, a TPM has to be present on the system AND enabled, as stated in the Pre-provision BitLocker step.
A new Task Sequence Variable, TSUEFIDrive, was introduced in Configuration Manager Current Branch version 1610. This variable will prepare the hard drive for transition to UEFI from legacy BIOS, in one task sequence. This is extremely helpful if you're migrating systems from Windows 7 to Windows 10 in a refresh scenario.
A detailed walk-through by the Microsoft team on how to configure your Task Sequence for use with this variable can be found here. We want to focus on step 5 from this guide: