deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add CertAttestation/MDMClientCertAttestation

Browse Source
This commit is contained in:
Vinay Pamnani
2022-09-09 15:00:10 -04:00
parent fc1cc56f45
commit efcfad2141
2 changed files with 861 additions and 812 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
windows/client-management/mdm/devicestatus-csp.md
View File

@ -1,7 +1,7 @@
---
title: DeviceStatus CSP
description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@ -71,12 +71,14 @@ DeviceStatus
--------VirtualizationBasedSecurityHwReq
--------VirtualizationBasedSecurityStatus
--------LsaCfgCredGuardStatus
----CertAttestation
--------MDMClientCertAttestation
```
<a href="" id="devicestatus"></a>**DeviceStatus**
<a href="" id="devicestatus"></a>**DeviceStatus**
The root node for the DeviceStatus configuration service provider.
<a href="" id="devicestatus-securebootstate"></a>**DeviceStatus/SecureBootState**
<a href="" id="devicestatus-securebootstate"></a>**DeviceStatus/SecureBootState**
Indicates whether secure boot is enabled. The value is one of the following values:
- 0 - Not supported
@ -85,67 +87,67 @@ Indicates whether secure boot is enabled. The value is one of the following valu
Supported operation is Get.
<a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities**
<a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities**
Required. Node for queries on the SIM cards.
>[!NOTE]
>Multiple SIMs are supported.
<a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong>
<a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong>
The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
<a href="" id="devicestatus-cellularidentities-imei-imsi"></a>**DeviceStatus/CellularIdentities/*IMEI*/IMSI**
<a href="" id="devicestatus-cellularidentities-imei-imsi"></a>**DeviceStatus/CellularIdentities/*IMEI*/IMSI**
The International Mobile Subscriber Identity (IMSI) associated with the IMEI number.
Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-iccid"></a>**DeviceStatus/CellularIdentities/*IMEI*/ICCID**
<a href="" id="devicestatus-cellularidentities-imei-iccid"></a>**DeviceStatus/CellularIdentities/*IMEI*/ICCID**
The Integrated Circuit Card ID (ICCID) of the SIM card associated with the specific IMEI number.
Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-phonenumber"></a>**DeviceStatus/CellularIdentities/*IMEI*/PhoneNumber**
<a href="" id="devicestatus-cellularidentities-imei-phonenumber"></a>**DeviceStatus/CellularIdentities/*IMEI*/PhoneNumber**
Phone number associated with the specific IMEI number.
Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-commercializationoperator"></a>**DeviceStatus/CellularIdentities/*IMEI*/CommercializationOperator**
<a href="" id="devicestatus-cellularidentities-imei-commercializationoperator"></a>**DeviceStatus/CellularIdentities/*IMEI*/CommercializationOperator**
The mobile service provider or mobile operator associated with the specific IMEI number.
Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-roamingstatus"></a>**DeviceStatus/CellularIdentities/*IMEI*/RoamingStatus**
<a href="" id="devicestatus-cellularidentities-imei-roamingstatus"></a>**DeviceStatus/CellularIdentities/*IMEI*/RoamingStatus**
Indicates whether the SIM card associated with the specific IMEI number is roaming.
Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-roamingcompliance"></a>**DeviceStatus/CellularIdentities/*IMEI*/RoamingCompliance**
<a href="" id="devicestatus-cellularidentities-imei-roamingcompliance"></a>**DeviceStatus/CellularIdentities/*IMEI*/RoamingCompliance**
Boolean value that indicates compliance with the enforced enterprise roaming policy.
Supported operation is Get.
<a href="" id="devicestatus-networkidentifiers"></a>**DeviceStatus/NetworkIdentifiers**
<a href="" id="devicestatus-networkidentifiers"></a>**DeviceStatus/NetworkIdentifiers**
Node for queries on network and device properties.
<a href="" id="devicestatus-networkidentifiers-macaddress"></a>**DeviceStatus/NetworkIdentifiers/**<strong>*MacAddress*</strong>
<a href="" id="devicestatus-networkidentifiers-macaddress"></a>**DeviceStatus/NetworkIdentifiers/**<strong>*MacAddress*</strong>
MAC address of the wireless network card. A MAC address is present for each network card on the device.
<a href="" id="devicestatus-networkidentifiers-macaddress-ipaddressv4"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4**
<a href="" id="devicestatus-networkidentifiers-macaddress-ipaddressv4"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4**
IPv4 address of the network card associated with the MAC address.
Supported operation is Get.
<a href="" id="devicestatus-networkidentifiers-macaddress-ipaddressv6"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV6**
<a href="" id="devicestatus-networkidentifiers-macaddress-ipaddressv6"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV6**
IPv6 address of the network card associated with the MAC address.
Supported operation is Get.
<a href="" id="devicestatus-networkidentifiers-macaddress-isconnected"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IsConnected**
<a href="" id="devicestatus-networkidentifiers-macaddress-isconnected"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IsConnected**
Boolean value that indicates whether the network card associated with the MAC address has an active network connection.
Supported operation is Get.
<a href="" id="devicestatus-networkidentifiers-macaddress-type"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type**
<a href="" id="devicestatus-networkidentifiers-macaddress-type"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type**
Type of network connection. The value is one of the following values:
- 2 - WLAN (or other Wireless interface)
@ -154,10 +156,10 @@ Type of network connection. The value is one of the following values:
Supported operation is Get.
<a href="" id="devicestatus-compliance"></a>**DeviceStatus/Compliance**
<a href="" id="devicestatus-compliance"></a>**DeviceStatus/Compliance**
Node for the compliance query.
<a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance**
<a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance**
Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following values:
- 0 - Not encrypted
@ -165,42 +167,42 @@ Boolean value that indicates compliance with the enterprise encryption policy fo
Supported operation is Get.
<a href="" id="devicestatus-tpm"></a>**DeviceStatus/TPM**
<a href="" id="devicestatus-tpm"></a>**DeviceStatus/TPM**
Added in Windows, version 1607. Node for the TPM query.
Supported operation is Get.
<a href="" id="devicestatus-tpm-specificationversion"></a>**DeviceStatus/TPM/SpecificationVersion**
<a href="" id="devicestatus-tpm-specificationversion"></a>**DeviceStatus/TPM/SpecificationVersion**
Added in Windows, version 1607. String that specifies the specification version.
Supported operation is Get.
<a href="" id="devicestatus-os"></a>**DeviceStatus/OS**
<a href="" id="devicestatus-os"></a>**DeviceStatus/OS**
Added in Windows, version 1607. Node for the OS query.
Supported operation is Get.
<a href="" id="devicestatus-os-edition"></a>**DeviceStatus/OS/Edition**
<a href="" id="devicestatus-os-edition"></a>**DeviceStatus/OS/Edition**
Added in Windows, version 1607. String that specifies the OS edition.
Supported operation is Get.
<a href="" id="devicestatus-os-mode"></a>**DeviceStatus/OS/Mode**
<a href="" id="devicestatus-os-mode"></a>**DeviceStatus/OS/Mode**
Added in Windows, version 1803. Read only node that specifies the device mode.
Valid values:
Valid values:
- 0 - The device is in standard configuration.
- 1 - The device is in S mode configuration.
Supported operation is Get.
<a href="" id="devicestatus-antivirus"></a>**DeviceStatus/Antivirus**
<a href="" id="devicestatus-antivirus"></a>**DeviceStatus/Antivirus**
Added in Windows, version 1607. Node for the antivirus query.
Supported operation is Get.
<a href="" id="devicestatus-antivirus-signaturestatus"></a>**DeviceStatus/Antivirus/SignatureStatus**
<a href="" id="devicestatus-antivirus-signaturestatus"></a>**DeviceStatus/Antivirus/SignatureStatus**
Added in Windows, version 1607. Integer that specifies the status of the antivirus signature.
Valid values:
@ -218,7 +220,7 @@ If more than one antivirus provider is active, this node returns:
This node also returns 0 when no antivirus provider is active.
<a href="" id="devicestatus-antivirus-status"></a>**DeviceStatus/Antivirus/Status**
<a href="" id="devicestatus-antivirus-status"></a>**DeviceStatus/Antivirus/Status**
Added in Windows, version 1607. Integer that specifies the status of the antivirus.
Valid values:
@ -231,12 +233,12 @@ Valid values:
Supported operation is Get.
<a href="" id="devicestatus-antispyware"></a>**DeviceStatus/Antispyware**
<a href="" id="devicestatus-antispyware"></a>**DeviceStatus/Antispyware**
Added in Windows, version 1607. Node for the anti-spyware query.
Supported operation is Get.
<a href="" id="devicestatus-antispyware-signaturestatus"></a>**DeviceStatus/Antispyware/SignatureStatus**
<a href="" id="devicestatus-antispyware-signaturestatus"></a>**DeviceStatus/Antispyware/SignatureStatus**
Added in Windows, version 1607. Integer that specifies the status of the anti-spyware signature.
Valid values:
@ -254,7 +256,7 @@ If more than one anti-spyware provider is active, this node returns:
This node also returns 0 when no anti-spyware provider is active.
<a href="" id="devicestatus-antispyware-status"></a>**DeviceStatus/Antispyware/Status**
<a href="" id="devicestatus-antispyware-status"></a>**DeviceStatus/Antispyware/Status**
Added in Windows, version 1607. Integer that specifies the status of the anti-spyware.
Valid values:
@ -266,12 +268,12 @@ Valid values:
Supported operation is Get.
<a href="" id="devicestatus-firewall"></a>**DeviceStatus/Firewall**
<a href="" id="devicestatus-firewall"></a>**DeviceStatus/Firewall**
Added in Windows, version 1607. Node for the firewall query.
Supported operation is Get.
<a href="" id="devicestatus-firewall-status"></a>**DeviceStatus/Firewall/Status**
<a href="" id="devicestatus-firewall-status"></a>**DeviceStatus/Firewall/Status**
Added in Windows, version 1607. Integer that specifies the status of the firewall.
Valid values:
@ -284,75 +286,75 @@ Valid values:
Supported operation is Get.
<a href="" id="devicestatus-uac"></a>**DeviceStatus/UAC**
<a href="" id="devicestatus-uac"></a>**DeviceStatus/UAC**
Added in Windows, version 1607. Node for the UAC query.
Supported operation is Get.
<a href="" id="devicestatus-uac-status"></a>**DeviceStatus/UAC/Status**
<a href="" id="devicestatus-uac-status"></a>**DeviceStatus/UAC/Status**
Added in Windows, version 1607. Integer that specifies the status of the UAC.
Supported operation is Get.
<a href="" id="devicestatus-battery"></a>**DeviceStatus/Battery**
<a href="" id="devicestatus-battery"></a>**DeviceStatus/Battery**
Added in Windows, version 1607. Node for the battery query.
Supported operation is Get.
<a href="" id="devicestatus-battery-status"></a>**DeviceStatus/Battery/Status**
<a href="" id="devicestatus-battery-status"></a>**DeviceStatus/Battery/Status**
Added in Windows, version 1607. Integer that specifies the status of the battery
Supported operation is Get.
<a href="" id="devicestatus-battery-estimatedchargeremaining"></a>**DeviceStatus/Battery/EstimatedChargeRemaining**
<a href="" id="devicestatus-battery-estimatedchargeremaining"></a>**DeviceStatus/Battery/EstimatedChargeRemaining**
Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
Supported operation is Get.
<a href="" id="devicestatus-battery-estimatedruntime"></a>**DeviceStatus/Battery/EstimatedRuntime**
<a href="" id="devicestatus-battery-estimatedruntime"></a>**DeviceStatus/Battery/EstimatedRuntime**
Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
Supported operation is Get.
<a href="" id="devicestatus-domainname"></a>**DeviceStatus/DomainName**
<a href="" id="devicestatus-domainname"></a>**DeviceStatus/DomainName**
Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device isn't domain-joined, it returns an empty string.
Supported operation is Get.
<a href="" id="devicestatus-deviceguard"></a>**DeviceStatus/DeviceGuard**
<a href="" id="devicestatus-deviceguard"></a>**DeviceStatus/DeviceGuard**
Added in Windows, version 1709. Node for Device Guard query.
Supported operation is Get.
<a href="" id="devicestatus-deviceguard-virtualizationbasedsecurityhwreq"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**
<a href="" id="devicestatus-deviceguard-virtualizationbasedsecurityhwreq"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**
Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask.
- 0x0: System meets hardware configuration requirements
- 0x1: SecureBoot required
- 0x1: SecureBoot required
- 0x2: DMA Protection required
- 0x4: HyperV not supported for Guest VM
- 0x8: HyperV feature isn't available
Supported operation is Get.
<a href="" id="devicestatus-deviceguard-virtualizationbasedsecuritystatus"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
<a href="" id="devicestatus-deviceguard-virtualizationbasedsecuritystatus"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
Added in Windows, version 1709. Virtualization-based security status. Value is one of the following:
- 0 - Running
- 1 - Reboot required
- 2 - 64-bit architecture required
- 3 - Not licensed
- 4 - Not configured
- 5 - System doesn't meet hardware requirements
- 1 - Reboot required
- 2 - 64-bit architecture required
- 3 - Not licensed
- 4 - Not configured
- 5 - System doesn't meet hardware requirements
- 42 Other. Event logs in Microsoft-Windows-DeviceGuard have more details.
Supported operation is Get.
<a href="" id="devicestatus-deviceguard-lsacfgcredguardstatus"></a>**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**
<a href="" id="devicestatus-deviceguard-lsacfgcredguardstatus"></a>**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**
Added in Windows, version 1709. Local System Authority (LSA) credential guard status.
- 0 - Running
@ -363,6 +365,11 @@ Added in Windows, version 1709. Local System Authority (LSA) credential guard s
Supported operation is Get.
<a href="" id="devicestatus-certattestation-mdmclientcertattestation"></a>**DeviceStatus/CertAttestation/MDMClientCertAttestation**
Added in Windows 11, version 22H2. MDM Certificate attestation information. This will return an XML blob containing the relevant attestation fields.
Supported operation is Get.
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)

1566
windows/client-management/mdm/devicestatus-ddf.md
View File

File diff suppressed because it is too large Load Diff