--- title: HealthAttestation DDF description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider. ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/05/2017 --- # HealthAttestation DDF This topic shows the OMA DM device description framework (DDF) for the **HealthAttestation** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). The XML below is the current version for this CSP. ```xml 1.2 $(runtime.windows)\system32\hascsp.dll {9DCCCE22-C057-424E-B8D1-67935988B174} HealthAttestation ./Vendor/MSFT The root node for the device HealthAttestation configuration service provider. com.microsoft/1.4/MDM/HealthAttestation 10.0.10586 1.0 VerifyHealth Notifies the device to prepare a device health verification request. text/plain Status Provides the current status of the device health request. For the complete list of status see https://learn.microsoft.com/windows/client-management/mdm/healthattestation-csp#device-healthattestation-csp-status-and-error-codes text/plain ForceRetrieve False Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service. text/plain false False true True Certificate Instructs the DHA-CSP to forward DHA-Data to the MDM server. text/plain Nonce \0 Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server. The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes. text/plain CorrelationID Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting. text/plain HASEndpoint has.spserv.microsoft.com. Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. If an FQDN is not assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service. text/plain TpmReadyStatus Returns a bitmask of information describing the state of TPM. It indicates whether the TPM of the device is in a ready and trusted state. text/plain 10.0.14393 1.1 CurrentProtocolVersion Provides the current protocol version that the client is using to communicate with the Health Attestation Service. text/plain 10.0.16299 1.3 PreferredMaxProtocolVersion 3 Provides the maximum preferred protocol version that the client is configured to communicate over. If this is higher than the protocol versions supported by the client it will use the highest protocol version available to it. text/plain 10.0.16299 1.3 MaxSupportedProtocolVersion Returns the maximum protocol version that this client can support. text/plain 10.0.16299 1.3 TriggerAttestation Notifies the device to trigger an attestation session asynchronously. text/plain 99.9.99999 1.4 GetAttestReport Retrieve attestation session report if exists. 99.9.99999 1.4 AttestStatus AttestStatus maintains the success or failure status code for the last attestation session. text/plain 99.9.99999 1.4 GetServiceCorrelationIDs Retrieve service correlation IDs if exist. 99.9.99999 1.4 ``` ## Related topics [HealthAttestation configuration service provider](healthattestation-csp.md)