I actually had to work with Microsoft on this issue. Same scenario: Organization imaged a number of Surface Pro 3's with Windows 8.1 and it worked fine, then they shipped us several with Windows 10 and we get a TPM lockout after imaging.
They provided me with several Powershell commands which fix the issue, post-imaging, which include a reboot (allows you to clear TPM). After that reboot I am able to encrypt my devices.
Issue these commands, using Powershell (run as an Administrator) one at at time:
$tpm=get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm
Microsoft has yet to acknowledge this is a bug, which it clearly is.%uFEFF