This document describes the provisioning details used by the Trusted Platform to provision a new platform.
The Trusted Platform uses the "less complex" implementation mentioned in Section 7.2.2 - Implementation options - from the TCG TPM 2.0 Keys for Device Identity and Attestation.
An enterprise may safely configure the TPM per the "most complex" implementation option using a Delegation Policy following provisioning the platform using the TSS command line tools.
Likewise, the "simplest implementation" may also be safely implemented by the Platform Administrator or Owner following provisioning by using the same TSS command line tools.
https://reference.opcfoundation.org/Onboarding/v105/docs/5.1
https://datatracker.ietf.org/doc/html/draft-acme-device-attest-03