deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add CertAttestation/MDMClientCertAttestation

Browse Source
This commit is contained in:
Vinay Pamnani
2022-09-09 15:00:10 -04:00
parent fc1cc56f45
commit efcfad2141
2 changed files with 861 additions and 812 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
windows/client-management/mdm/devicestatus-csp.md
View File

@ -1,7 +1,7 @@
--- ---
title: DeviceStatus CSP title: DeviceStatus CSP
description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise. description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
ms.reviewer: ms.reviewer:
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.topic: article ms.topic: article
@ -71,12 +71,14 @@ DeviceStatus
--------VirtualizationBasedSecurityHwReq --------VirtualizationBasedSecurityHwReq
--------VirtualizationBasedSecurityStatus --------VirtualizationBasedSecurityStatus
--------LsaCfgCredGuardStatus --------LsaCfgCredGuardStatus
----CertAttestation
--------MDMClientCertAttestation
``` ```
<a href="" id="devicestatus"></a>**DeviceStatus** <a href="" id="devicestatus"></a>**DeviceStatus**
The root node for the DeviceStatus configuration service provider. The root node for the DeviceStatus configuration service provider.
<a href="" id="devicestatus-securebootstate"></a>**DeviceStatus/SecureBootState** <a href="" id="devicestatus-securebootstate"></a>**DeviceStatus/SecureBootState**
Indicates whether secure boot is enabled. The value is one of the following values: Indicates whether secure boot is enabled. The value is one of the following values:
- 0 - Not supported - 0 - Not supported
@ -85,67 +87,67 @@ Indicates whether secure boot is enabled. The value is one of the following valu
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities** <a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities**
Required. Node for queries on the SIM cards. Required. Node for queries on the SIM cards.
>[!NOTE] >[!NOTE]
>Multiple SIMs are supported. >Multiple SIMs are supported.
<a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong> <a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong>
The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device. The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
<a href="" id="devicestatus-cellularidentities-imei-imsi"></a>**DeviceStatus/CellularIdentities/*IMEI*/IMSI** <a href="" id="devicestatus-cellularidentities-imei-imsi"></a>**DeviceStatus/CellularIdentities/*IMEI*/IMSI**
The International Mobile Subscriber Identity (IMSI) associated with the IMEI number. The International Mobile Subscriber Identity (IMSI) associated with the IMEI number.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-iccid"></a>**DeviceStatus/CellularIdentities/*IMEI*/ICCID** <a href="" id="devicestatus-cellularidentities-imei-iccid"></a>**DeviceStatus/CellularIdentities/*IMEI*/ICCID**
The Integrated Circuit Card ID (ICCID) of the SIM card associated with the specific IMEI number. The Integrated Circuit Card ID (ICCID) of the SIM card associated with the specific IMEI number.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-phonenumber"></a>**DeviceStatus/CellularIdentities/*IMEI*/PhoneNumber** <a href="" id="devicestatus-cellularidentities-imei-phonenumber"></a>**DeviceStatus/CellularIdentities/*IMEI*/PhoneNumber**
Phone number associated with the specific IMEI number. Phone number associated with the specific IMEI number.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-commercializationoperator"></a>**DeviceStatus/CellularIdentities/*IMEI*/CommercializationOperator** <a href="" id="devicestatus-cellularidentities-imei-commercializationoperator"></a>**DeviceStatus/CellularIdentities/*IMEI*/CommercializationOperator**
The mobile service provider or mobile operator associated with the specific IMEI number. The mobile service provider or mobile operator associated with the specific IMEI number.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-roamingstatus"></a>**DeviceStatus/CellularIdentities/*IMEI*/RoamingStatus** <a href="" id="devicestatus-cellularidentities-imei-roamingstatus"></a>**DeviceStatus/CellularIdentities/*IMEI*/RoamingStatus**
Indicates whether the SIM card associated with the specific IMEI number is roaming. Indicates whether the SIM card associated with the specific IMEI number is roaming.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-cellularidentities-imei-roamingcompliance"></a>**DeviceStatus/CellularIdentities/*IMEI*/RoamingCompliance** <a href="" id="devicestatus-cellularidentities-imei-roamingcompliance"></a>**DeviceStatus/CellularIdentities/*IMEI*/RoamingCompliance**
Boolean value that indicates compliance with the enforced enterprise roaming policy. Boolean value that indicates compliance with the enforced enterprise roaming policy.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-networkidentifiers"></a>**DeviceStatus/NetworkIdentifiers** <a href="" id="devicestatus-networkidentifiers"></a>**DeviceStatus/NetworkIdentifiers**
Node for queries on network and device properties. Node for queries on network and device properties.
<a href="" id="devicestatus-networkidentifiers-macaddress"></a>**DeviceStatus/NetworkIdentifiers/**<strong>*MacAddress*</strong> <a href="" id="devicestatus-networkidentifiers-macaddress"></a>**DeviceStatus/NetworkIdentifiers/**<strong>*MacAddress*</strong>
MAC address of the wireless network card. A MAC address is present for each network card on the device. MAC address of the wireless network card. A MAC address is present for each network card on the device.
<a href="" id="devicestatus-networkidentifiers-macaddress-ipaddressv4"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4** <a href="" id="devicestatus-networkidentifiers-macaddress-ipaddressv4"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4**
IPv4 address of the network card associated with the MAC address. IPv4 address of the network card associated with the MAC address.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-networkidentifiers-macaddress-ipaddressv6"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV6** <a href="" id="devicestatus-networkidentifiers-macaddress-ipaddressv6"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV6**
IPv6 address of the network card associated with the MAC address. IPv6 address of the network card associated with the MAC address.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-networkidentifiers-macaddress-isconnected"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IsConnected** <a href="" id="devicestatus-networkidentifiers-macaddress-isconnected"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/IsConnected**
Boolean value that indicates whether the network card associated with the MAC address has an active network connection. Boolean value that indicates whether the network card associated with the MAC address has an active network connection.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-networkidentifiers-macaddress-type"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type** <a href="" id="devicestatus-networkidentifiers-macaddress-type"></a>**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type**
Type of network connection. The value is one of the following values: Type of network connection. The value is one of the following values:
- 2 - WLAN (or other Wireless interface) - 2 - WLAN (or other Wireless interface)
@ -154,10 +156,10 @@ Type of network connection. The value is one of the following values:
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-compliance"></a>**DeviceStatus/Compliance** <a href="" id="devicestatus-compliance"></a>**DeviceStatus/Compliance**
Node for the compliance query. Node for the compliance query.
<a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance** <a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance**
Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following values: Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following values:
- 0 - Not encrypted - 0 - Not encrypted
@ -165,42 +167,42 @@ Boolean value that indicates compliance with the enterprise encryption policy fo
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-tpm"></a>**DeviceStatus/TPM** <a href="" id="devicestatus-tpm"></a>**DeviceStatus/TPM**
Added in Windows, version 1607. Node for the TPM query. Added in Windows, version 1607. Node for the TPM query.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-tpm-specificationversion"></a>**DeviceStatus/TPM/SpecificationVersion** <a href="" id="devicestatus-tpm-specificationversion"></a>**DeviceStatus/TPM/SpecificationVersion**
Added in Windows, version 1607. String that specifies the specification version. Added in Windows, version 1607. String that specifies the specification version.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-os"></a>**DeviceStatus/OS** <a href="" id="devicestatus-os"></a>**DeviceStatus/OS**
Added in Windows, version 1607. Node for the OS query. Added in Windows, version 1607. Node for the OS query.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-os-edition"></a>**DeviceStatus/OS/Edition** <a href="" id="devicestatus-os-edition"></a>**DeviceStatus/OS/Edition**
Added in Windows, version 1607. String that specifies the OS edition. Added in Windows, version 1607. String that specifies the OS edition.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-os-mode"></a>**DeviceStatus/OS/Mode** <a href="" id="devicestatus-os-mode"></a>**DeviceStatus/OS/Mode**
Added in Windows, version 1803. Read only node that specifies the device mode. Added in Windows, version 1803. Read only node that specifies the device mode.
Valid values: Valid values:
- 0 - The device is in standard configuration. - 0 - The device is in standard configuration.
- 1 - The device is in S mode configuration. - 1 - The device is in S mode configuration.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-antivirus"></a>**DeviceStatus/Antivirus** <a href="" id="devicestatus-antivirus"></a>**DeviceStatus/Antivirus**
Added in Windows, version 1607. Node for the antivirus query. Added in Windows, version 1607. Node for the antivirus query.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-antivirus-signaturestatus"></a>**DeviceStatus/Antivirus/SignatureStatus** <a href="" id="devicestatus-antivirus-signaturestatus"></a>**DeviceStatus/Antivirus/SignatureStatus**
Added in Windows, version 1607. Integer that specifies the status of the antivirus signature. Added in Windows, version 1607. Integer that specifies the status of the antivirus signature.
Valid values: Valid values:
@ -218,7 +220,7 @@ If more than one antivirus provider is active, this node returns:
This node also returns 0 when no antivirus provider is active. This node also returns 0 when no antivirus provider is active.
<a href="" id="devicestatus-antivirus-status"></a>**DeviceStatus/Antivirus/Status** <a href="" id="devicestatus-antivirus-status"></a>**DeviceStatus/Antivirus/Status**
Added in Windows, version 1607. Integer that specifies the status of the antivirus. Added in Windows, version 1607. Integer that specifies the status of the antivirus.
Valid values: Valid values:
@ -231,12 +233,12 @@ Valid values:
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-antispyware"></a>**DeviceStatus/Antispyware** <a href="" id="devicestatus-antispyware"></a>**DeviceStatus/Antispyware**
Added in Windows, version 1607. Node for the anti-spyware query. Added in Windows, version 1607. Node for the anti-spyware query.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-antispyware-signaturestatus"></a>**DeviceStatus/Antispyware/SignatureStatus** <a href="" id="devicestatus-antispyware-signaturestatus"></a>**DeviceStatus/Antispyware/SignatureStatus**
Added in Windows, version 1607. Integer that specifies the status of the anti-spyware signature. Added in Windows, version 1607. Integer that specifies the status of the anti-spyware signature.
Valid values: Valid values:
@ -254,7 +256,7 @@ If more than one anti-spyware provider is active, this node returns:
This node also returns 0 when no anti-spyware provider is active. This node also returns 0 when no anti-spyware provider is active.
<a href="" id="devicestatus-antispyware-status"></a>**DeviceStatus/Antispyware/Status** <a href="" id="devicestatus-antispyware-status"></a>**DeviceStatus/Antispyware/Status**
Added in Windows, version 1607. Integer that specifies the status of the anti-spyware. Added in Windows, version 1607. Integer that specifies the status of the anti-spyware.
Valid values: Valid values:
@ -266,12 +268,12 @@ Valid values:
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-firewall"></a>**DeviceStatus/Firewall** <a href="" id="devicestatus-firewall"></a>**DeviceStatus/Firewall**
Added in Windows, version 1607. Node for the firewall query. Added in Windows, version 1607. Node for the firewall query.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-firewall-status"></a>**DeviceStatus/Firewall/Status** <a href="" id="devicestatus-firewall-status"></a>**DeviceStatus/Firewall/Status**
Added in Windows, version 1607. Integer that specifies the status of the firewall. Added in Windows, version 1607. Integer that specifies the status of the firewall.
Valid values: Valid values:
@ -284,75 +286,75 @@ Valid values:
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-uac"></a>**DeviceStatus/UAC** <a href="" id="devicestatus-uac"></a>**DeviceStatus/UAC**
Added in Windows, version 1607. Node for the UAC query. Added in Windows, version 1607. Node for the UAC query.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-uac-status"></a>**DeviceStatus/UAC/Status** <a href="" id="devicestatus-uac-status"></a>**DeviceStatus/UAC/Status**
Added in Windows, version 1607. Integer that specifies the status of the UAC. Added in Windows, version 1607. Integer that specifies the status of the UAC.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-battery"></a>**DeviceStatus/Battery** <a href="" id="devicestatus-battery"></a>**DeviceStatus/Battery**
Added in Windows, version 1607. Node for the battery query. Added in Windows, version 1607. Node for the battery query.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-battery-status"></a>**DeviceStatus/Battery/Status** <a href="" id="devicestatus-battery-status"></a>**DeviceStatus/Battery/Status**
Added in Windows, version 1607. Integer that specifies the status of the battery Added in Windows, version 1607. Integer that specifies the status of the battery
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-battery-estimatedchargeremaining"></a>**DeviceStatus/Battery/EstimatedChargeRemaining** <a href="" id="devicestatus-battery-estimatedchargeremaining"></a>**DeviceStatus/Battery/EstimatedChargeRemaining**
Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status). Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1. The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-battery-estimatedruntime"></a>**DeviceStatus/Battery/EstimatedRuntime** <a href="" id="devicestatus-battery-estimatedruntime"></a>**DeviceStatus/Battery/EstimatedRuntime**
Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status). Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1. The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-domainname"></a>**DeviceStatus/DomainName** <a href="" id="devicestatus-domainname"></a>**DeviceStatus/DomainName**
Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device isn't domain-joined, it returns an empty string. Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device isn't domain-joined, it returns an empty string.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-deviceguard"></a>**DeviceStatus/DeviceGuard** <a href="" id="devicestatus-deviceguard"></a>**DeviceStatus/DeviceGuard**
Added in Windows, version 1709. Node for Device Guard query. Added in Windows, version 1709. Node for Device Guard query.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-deviceguard-virtualizationbasedsecurityhwreq"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq** <a href="" id="devicestatus-deviceguard-virtualizationbasedsecurityhwreq"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**
Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask. Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask.
- 0x0: System meets hardware configuration requirements - 0x0: System meets hardware configuration requirements
- 0x1: SecureBoot required - 0x1: SecureBoot required
- 0x2: DMA Protection required - 0x2: DMA Protection required
- 0x4: HyperV not supported for Guest VM - 0x4: HyperV not supported for Guest VM
- 0x8: HyperV feature isn't available - 0x8: HyperV feature isn't available
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-deviceguard-virtualizationbasedsecuritystatus"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus** <a href="" id="devicestatus-deviceguard-virtualizationbasedsecuritystatus"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
Added in Windows, version 1709. Virtualization-based security status. Value is one of the following: Added in Windows, version 1709. Virtualization-based security status. Value is one of the following:
- 0 - Running - 0 - Running
- 1 - Reboot required - 1 - Reboot required
- 2 - 64-bit architecture required - 2 - 64-bit architecture required
- 3 - Not licensed - 3 - Not licensed
- 4 - Not configured - 4 - Not configured
- 5 - System doesn't meet hardware requirements - 5 - System doesn't meet hardware requirements
- 42 Other. Event logs in Microsoft-Windows-DeviceGuard have more details. - 42 Other. Event logs in Microsoft-Windows-DeviceGuard have more details.
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-deviceguard-lsacfgcredguardstatus"></a>**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus** <a href="" id="devicestatus-deviceguard-lsacfgcredguardstatus"></a>**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**
Added in Windows, version 1709. Local System Authority (LSA) credential guard status. Added in Windows, version 1709. Local System Authority (LSA) credential guard status.
- 0 - Running - 0 - Running
@ -363,6 +365,11 @@ Added in Windows, version 1709. Local System Authority (LSA) credential guard s
Supported operation is Get. Supported operation is Get.
<a href="" id="devicestatus-certattestation-mdmclientcertattestation"></a>**DeviceStatus/CertAttestation/MDMClientCertAttestation**
Added in Windows 11, version 22H2. MDM Certificate attestation information. This will return an XML blob containing the relevant attestation fields.
Supported operation is Get.
## Related topics ## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md) [Configuration service provider reference](configuration-service-provider-reference.md)

1566
windows/client-management/mdm/devicestatus-ddf.md
View File

File diff suppressed because it is too large Load Diff