The "New" keyword implies ownership. When you call NcryptOpenStorageProvider New , you are responsible for the lifecycle of that handle.
: Using MS_PLATFORM_CRYPTO_PROVIDER may return NTE_DEVICE_NOT_READY if the TPM is busy or not initialized. ncryptopenstorageprovider new
return S_OK;
Unlike standard storage providers that just format a disk, ncryptopenstorageprovider new initiates a handshake with your KMS. The "New" keyword implies ownership