diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index d7209b1cf2..651900e2d8 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -22,193 +22,430 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic The XML below is the current version for this CSP. ```xml - -]> - - 1.2 - + + + + + 1.2 + $(runtime.windows)\system32\hascsp.dll + + {9DCCCE22-C057-424E-B8D1-67935988B174} + HealthAttestation ./Vendor/MSFT - - - - - - - - - - - - - - com.microsoft/1.2/MDM/HealthAttestation - + + + + The root node for the device HealthAttestation configuration service provider. + + + + + + + + + + + com.microsoft/1.4/MDM/HealthAttestation + + + 10.0.10586 + 1.0 + + + + + - VerifyHealth - - - - - - - - - - - - - - + VerifyHealth + + + + + Notifies the device to prepare a device health verification request. + + + + + + + + + + + text/plain + + + - Status - - - - - - - - - - - - - - - text/plain - - + Status + + + + + Provides the current status of the device health request. For the complete list of status see https://docs.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp#device-healthattestation-csp-status-and-error-codes + + + + + + + + + + + text/plain + + - ForceRetrieve - - - - - - False - - - - - - - - - - - text/plain - - + ForceRetrieve + + + + + + False + Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service. + + + + + + + + + + + text/plain + + + + false + False + + + true + True + + + - Certificate - - - - - - - - - - - - - - - - - + Certificate + + + + + Instructs the DHA-CSP to forward DHA-Data to the MDM server. + + + + + + + + + + + text/plain + + - Nonce - - - - - - \0 - - - - - - - - - - - text/plain - - + Nonce + + + + + + \0 + Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server. The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes. + + + + + + + + + + + text/plain + + + + - CorrelationID - - - - - - - - - - - - - - - text/plain - - + CorrelationID + + + + + Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting. + + + + + + + + + + + text/plain + + + + - HASEndpoint - - - - - - - - - - - - - text/plain - - + HASEndpoint + + + + + + has.spserv.microsoft.com. + Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. If an FQDN is not assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service. + + + + + + + + + + + text/plain + + + + - TpmReadyStatus - - - - - - - - - - - - - - - text/plain - - + TpmReadyStatus + + + + + Returns a bitmask of information describing the state of TPM. It indicates whether the TPM of the device is in a ready and trusted state. + + + + + + + + + + + text/plain + + + 10.0.14393 + 1.1 + + - - + + CurrentProtocolVersion + + + + + Provides the current protocol version that the client is using to communicate with the Health Attestation Service. + + + + + + + + + + + text/plain + + + 10.0.16299 + 1.3 + + + + + PreferredMaxProtocolVersion + + + + + + 3 + Provides the maximum preferred protocol version that the client is configured to communicate over. If this is higher than the protocol versions supported by the client it will use the highest protocol version available to it. + + + + + + + + + + + text/plain + + + 10.0.16299 + 1.3 + + + + + + + MaxSupportedProtocolVersion + + + + + Returns the maximum protocol version that this client can support. + + + + + + + + + + + text/plain + + + 10.0.16299 + 1.3 + + + + + TriggerAttestation + + + + + Notifies the device to trigger an attestation session asynchronously. + + + + + + + + + + + text/plain + + + 99.9.99999 + 1.4 + + + + + + + GetAttestReport + + + + + Retrieve attestation session report if exists. + + + + + + + + + + + + + + 99.9.99999 + 1.4 + + + + + AttestStatus + + + + + AttestStatus maintains the success or failure status code for the last attestation session. + + + + + + + + + + + text/plain + + + 99.9.99999 + 1.4 + + + + + GetServiceCorrelationIDs + + + + + Retrieve service correlation IDs if exist. + + + + + + + + + + + + + + 99.9.99999 + 1.4 + + + + + + + + ```