@Josh Ronsen, Thanks for posting in Q&A. For the device enrolled into Intune, could you confirm if the device is enrolled using Autopilot and if it is set using self-deploying mode or pre-provisioning mode.
https://learn.microsoft.com/en-us/autopilot/pre-provision
If yes, there's a known issue with TPM attestation in 'Securing your hardware' during the enrollment.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.