deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add backticks to apparent code blocks; label some

Browse Source
This commit is contained in:
Gary Moore 2021-10-19 12:24:14 -07:00
parent 8af64f7c30
commit 8f62eeb9d2
1 changed files with 98 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
windows/client-management/mdm/healthattestation-csp.md
View File

@ -103,27 +103,29 @@ This node will trigger attestation flow by launching an attestation process. If
<p>Templated SyncML Call:</p> <p>Templated SyncML Call:</p>
<SyncML xmlns="SYNCML:SYNCML1.2"> ```xml
<SyncBody> <SyncML xmlns="SYNCML:SYNCML1.2">
<Exec> <SyncBody>
<CmdID>VERIFYHEALTHV2</CmdID> <Exec>
<Item> <CmdID>VERIFYHEALTHV2</CmdID>
<Target> <Item>
<LocURI> <Target>
./Vendor/MSFT/HealthAttestation/TriggerAttestation <LocURI>
</LocURI> ./Vendor/MSFT/HealthAttestation/TriggerAttestation
</Target> </LocURI>
<Data> </Target>
{ <Data>
rpID : "rpID", serviceEndpoint : “MAA endpoint”, {
nonce : “nonce”, aadToken : “aadToken”, "cv" : "CorrelationVector" rpID : "rpID", serviceEndpoint : “MAA endpoint”,
} nonce : “nonce”, aadToken : “aadToken”, "cv" : "CorrelationVector"
</Data> }
</Item> </Data>
</Exec> </Item>
<Final/> </Exec>
</SyncBody> <Final/>
</SyncML> </SyncBody>
</SyncML>
```
<p>Data fields:</p> <p>Data fields:</p>
<ul> <ul>
@ -136,15 +138,17 @@ This node will trigger attestation flow by launching an attestation process. If
<p>Sample Data:</p> <p>Sample Data:</p>
<Data> ```json
{ <Data>
"rpid" : "https://www.contoso.com/attestation", {
"endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01", "rpid" : "https://www.contoso.com/attestation",
"nonce" : "5468697320697320612054657374204e6f6e6365", "endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01",
"aadToken" : "dummytokenstring", "nonce" : "5468697320697320612054657374204e6f6e6365",
"cv" : "testonboarded" "aadToken" : "dummytokenstring",
} "cv" : "testonboarded"
</Data> }
</Data>
```
<a href="" id="AttestStatus"></a>**AttestStatus** <a href="" id="AttestStatus"></a>**AttestStatus**
<p>Node type: GET <p>Node type: GET
@ -154,26 +158,30 @@ The status is always cleared prior to making the attest service call.
<p>Templated SyncML Call:</p> <p>Templated SyncML Call:</p>
<SyncML xmlns="SYNCML:SYNCML1.2"> ```xml
<SyncBody> <SyncML xmlns="SYNCML:SYNCML1.2">
<Get> <SyncBody>
<Item> <Get>
<Target> <Item>
<LocURI> <Target>
./Device/Vendor/MSFT/HealthAttestation/AttestStatus <LocURI>
</LocURI> ./Device/Vendor/MSFT/HealthAttestation/AttestStatus
</Target> </LocURI>
</Item> </Target>
</Get> </Item>
<Final/> </Get>
</SyncBody> <Final/>
</SyncML> </SyncBody>
</SyncML>
```
<p>Sample Data:</p> <p>Sample Data:</p>
If Successful: 0 ```
If Failed: A corresponding HRESULT error code If Successful: 0
Example: 0x80072efd, WININET_E_CANNOT_CONNECT If Failed: A corresponding HRESULT error code
Example: 0x80072efd, WININET_E_CANNOT_CONNECT
```
<a href="" id="getAttestReport"></a>**GetAttestReport** <a href="" id="getAttestReport"></a>**GetAttestReport**
<p>Node type: GET <p>Node type: GET
@ -182,28 +190,32 @@ This node will retrieve the attestation report per the call made by the TriggerA
<p>Templated SyncML Call:</p> <p>Templated SyncML Call:</p>
<SyncML xmlns="SYNCML:SYNCML1.2"> ```xml
<SyncBody> <SyncML xmlns="SYNCML:SYNCML1.2">
<Get> <SyncBody>
<Item> <Get>
<Target> <Item>
<LocURI> <Target>
./Device/Vendor/MSFT/HealthAttestation/GetAttestReport <LocURI>
</LocURI> ./Device/Vendor/MSFT/HealthAttestation/GetAttestReport
</Target> </LocURI>
</Item> </Target>
</Get> </Item>
<Final/> </Get>
</SyncBody> <Final/>
</SyncML> </SyncBody>
</SyncML>
```
<p>Sample data:</p> <p>Sample data:</p>
If Success: ```
JWT token: aaaaaaaaaaaaa.bbbbbbbbbbbbb.cccccccccc If Success:
If failed: JWT token: aaaaaaaaaaaaa.bbbbbbbbbbbbb.cccccccccc
Previously cached report if available (the token may have already expired per the attestation policy). If failed:
OR Sync ML 404 error if not cached report available. Previously cached report if available (the token may have already expired per the attestation policy).
OR Sync ML 404 error if not cached report available.
```
<a href="" id="getServiceCorrelationIDs"></a>**GetServiceCorrelationIDs** <a href="" id="getServiceCorrelationIDs"></a>**GetServiceCorrelationIDs**
<p>Node type: GET <p>Node type: GET
@ -211,20 +223,22 @@ This node will retrieve the service generated correlation IDs for the given MDM
</p> </p>
<p>Templated SyncML Call:</p> <p>Templated SyncML Call:</p>
<SyncML xmlns="SYNCML:SYNCML1.2"> ```xml
<SyncBody> <SyncML xmlns="SYNCML:SYNCML1.2">
<Get> <SyncBody>
<Item> <Get>
<Target> <Item>
<LocURI> <Target>
./Device/Vendor/MSFT/HealthAttestation/GetServiceCorrelationIDs <LocURI>
</LocURI> ./Device/Vendor/MSFT/HealthAttestation/GetServiceCorrelationIDs
</Target> </LocURI>
</Item> </Target>
</Get> </Item>
<Final/> </Get>
</SyncBody> <Final/>
</SyncML> </SyncBody>
</SyncML>
```
<p>Sample data:</p> <p>Sample data:</p>
@ -379,7 +393,8 @@ c1:[type=="bootAppSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events",
c:[type=="events", issuer=="AttestationService"] => issue(type="bootRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_BOOT_REVOCATION_LIST.RawData | @[0]"))); c:[type=="events", issuer=="AttestationService"] => issue(type="bootRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_BOOT_REVOCATION_LIST.RawData | @[0]")));
}; };
``` ```
</li> </li>
<br><li>Call TriggerAttestation with your rpid, AAD token and the attestURI:<br> <br><li>Call TriggerAttestation with your rpid, AAD token and the attestURI:<br>
Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Azure Attestation) | Microsoft Docs</li> Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Azure Attestation) | Microsoft Docs</li>
@ -387,7 +402,7 @@ Use the Attestation URL generated in step 1, and append the appropriate api vers
GetAttestReport return the signed attestation token as a JWT.The JWT can be decoded to parse the information per the attestation policy. GetAttestReport return the signed attestation token as a JWT.The JWT can be decoded to parse the information per the attestation policy.
<br> <br>
```json
{ {
"typ": "JWT", "typ": "JWT",
"alg": "RS256", "alg": "RS256",
@ -442,7 +457,7 @@ GetAttestReport return the signed attestation token as a JWT.The JWT can be deco
"testSigningDisabled": true, "testSigningDisabled": true,
"vbsEnabled": true "vbsEnabled": true
}.[Signature] }.[Signature]
```
</li> </li>
</ol> </ol>