They do have some kind of attestation mechanism to actually attest the device state: https://learn.microsoft.com/en-us/azure/attestation/tpm-atte...

It seems like the documentation for the feature is aimed entirely at MDM setups, though.

The basic API requirements are all there, and Windows 11 requires TPM 2.0, so I believe it should be possible for Google to build a Play Integrity equivalent around that.