If you don't need to stay signed in to do this, I'd recommend creating a second throwaway account in windows, doing all that, and deleting the account when done. Less chance of any Microsoft account remnants polluting your main local account.
was going to ask if i can just create another admin account and link it with an ms account.. get enrolled and hope it doesn't do weird stuff to my normal admin account.
unfortunately the tpm settings on my skylake is hidden in the bios by asus. and they just ain't going to stick another bios up to reveal it. fiddlying around and edit the bios to reveal the switch doesn't appeal to me..
