I'm currently using client certificates as authentication for windows clients. 
Our security team requires that the key is stored on TPM.

As far as I can tell, RedHat supports storing keys on TPM as well TPM RedHat 

Does anyone know if Globalprotect supports using certificates where the key is stored on TPM?

The current Globalprotect linux documentation, seem to just store the key and cert in /opt/paloaltonetworks/globalprotect