When enabling SSL inspection and adding the WCG as a subordinate CA to the Windows Enterprise CA, the private key stored on the appliance introduces a security risk.
If the private key were to be compromised or obtained through some form or other,it can be used it to impersonate the rightful owner during communications and transactions. For this reason, many organisation's PKI policies require the use of hardware-based cryptography devices to store private keys.
Private keys are stored on tamper-resistant hardware rather than on the computer's hard disk drive. All cryptography takes place in the crypto-hardware, so private keys are never revealed to the operating system or cached in memory
Support for these sorts of devices would be a welcome inclusion to the WCG