Edit

deviceHealthAttestationState resource type

  • Article

Namespace: microsoft.graph

Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Properties

Property Type Description
lastUpdateDateTime String The Timestamp of the last update.
contentNamespaceUrl String The DHA report version. (Namespace version)
deviceHealthAttestationStatus String The DHA report version. (Namespace version)
contentVersion String The HealthAttestation state schema version
issuedDateTime DateTimeOffset The DateTime when device was evaluated or issued to MDM
attestationIdentityKey String TWhen an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate.
resetCount Int64 The number of times a PC device has hibernated or resumed
restartCount Int64 The number of times a PC device has rebooted
dataExcutionPolicy String DEP Policy defines a set of hardware and software technologies that perform additional checks on memory
bitLockerStatus String On or Off of BitLocker Drive Encryption
bootManagerVersion String The version of the Boot Manager
codeIntegrityCheckVersion String The version of the Boot Manager
secureBoot String When Secure Boot is enabled, the core components must have the correct cryptographic signatures
bootDebugging String When bootDebugging is enabled, the device is used in development and testing
operatingSystemKernelDebugging String When operatingSystemKernelDebugging is enabled, the device is used in development and testing
codeIntegrity String When code integrity is enabled, code execution is restricted to integrity verified code
testSigning String When test signing is allowed, the device does not enforce signature validation during boot
safeMode String Safe mode is a troubleshooting option for Windows that starts your computer in a limited state
windowsPE String Operating system running with limited services that is used to prepare a computer for Windows
earlyLaunchAntiMalwareDriverProtection String ELAM provides protection for the computers in your network when they start up
virtualSecureMode String Indicates whether the device has Virtual Secure Mode (VSM) enabled. Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. This property will be deprecated in beta from August 2023. Support for this property will end in August 2025 for v1.0 API. A new property virtualizationBasedSecurity is added and used instead. The value used for virtualSecureMode will be passed by virtualizationBasedSecurity during the deprecation process. Possible values are "enabled", "disabled" and "notApplicable". "enabled" indicates Virtual Secure Mode (VSM) is enabled. "disabled" indicates Virtual Secure Mode (VSM) is disabled. "notApplicable" indicates the device is not a Windows 11 device. Default value is "notApplicable".
pcrHashAlgorithm String Informational attribute that identifies the HASH algorithm that was used by TPM
bootAppSecurityVersion String The security version number of the Boot Application
bootManagerSecurityVersion String The security version number of the Boot Application
tpmVersion String The security version number of the Boot Application
pcr0 String The measurement that is captured in PCR[0]
secureBootConfigurationPolicyFingerPrint String Fingerprint of the Custom Secure Boot Configuration Policy
codeIntegrityPolicy String The Code Integrity policy that is controlling the security of the boot environment
bootRevisionListInfo String The Boot Revision List that was loaded during initial boot on the attested device
operatingSystemRevListInfo String The Operating System Revision List that was loaded during initial boot on the attested device
healthStatusMismatchInfo String This attribute appears if DHA-Service detects an integrity issue
healthAttestationSupportedStatus String This attribute indicates if DHA is supported for the device
memoryIntegrityProtection azureAttestationSettingStatus Indicates whether the device has Memory Integrity protection enabled. Memory Integrity is a feature of Virtualization-based security, also known as Hypervisor-protected code integrity (HVCI). It improves the threat mode of Windows and provides stronger protections against malware trying to exploit the Windows kernel. Possible values are "enabled", "disabled" and "notApplicable". "enabled" indicates Memory Integrity protection is enabled. "disabled" indicates Memory Integrity protection is disabled. "notApplicable" indicates the device is not a Windows 11 device. Default value is "notApplicable". Possible values are: notApplicable, enabled, disabled, unknownFutureValue.
memoryAccessProtection azureAttestationSettingStatus Indicates whether the device has Memory access protection enabled. A Windows security feature that protects against external peripherals from gaining unauthorized access to memory. Possible values are "enabled", "disabled" and "notApplicable". "enabled" indicates Memory access protection is enabled. "disabled" indicates Memory access protection is disabled. "notApplicable" indicates the device is not a Windows 11 device. Default value is "notApplicable". Possible values are: notApplicable, enabled, disabled, unknownFutureValue.
virtualizationBasedSecurity azureAttestationSettingStatus Indicates whether the device has Virtualization-based security (VBS) enabled. Virtualization-based security (VBS) uses hardware virtualization and the Windows hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. Possible values are "enabled", "disabled" and "notApplicable". "enabled" indicates Virtualization-based security (VBS) is enabled. "disabled" indicates Virtualization-based security (VBS) is disabled. "notApplicable" indicates the device is not a Windows 11 device. Default value is "notApplicable". Possible values are: notApplicable, enabled, disabled, unknownFutureValue.
firmwareProtection firmwareProtectionType Indicates whether the device has Firmware protection enabled. Firmware protection is a set of features that helps to ensure attackers can't get your device to start with untrusted or malicious firmware. Possible values are "systemGuardSecureLaunch", "firmwareAttackSurfaceReduction", "disabled" and "notApplicable". "systemGuardSecureLaunch" indicates System Guard Secure Launch is enabled for Firmware protection. "firmwareAttackSurfaceReduction" indicates Firmware Attack Surface Reduction is enabled for Firmware protection. "disabled" indicates Firmware protection is disabled. "notApplicable" indicates the device is not a Windows 11 device. Default value is "notApplicable". Possible values are: notApplicable, systemGuardSecureLaunch, firmwareAttackSurfaceReduction, disabled, unknownFutureValue.
systemManagementMode systemManagementModeLevel Indicates the device meets enhanced hardware security. Possible values are "level1", "level2", "level3" and "notApplicable". "level1" indicates that deny System Management Mode (SMM) read/write access to OS and Virtualization-based security (VBS) memory. "level2" indicates that in addition to the System Management Mode (SMM) Level 1 protections, this level prevents System Management Mode (SMM) from tampering with Input-Output Memory Management Unit (IOMMU) config. "level3" indicates that in addition to the System Management Mode (SMM) Level 2 protections, this level reduces System Management Mode (SMM) save state capabilities. "notApplicable" indicates that the device does not have Firmware protection (System Management Mode) enabled. Default value is "notApplicable". Possible values are: notApplicable, level1, level2, level3, unknownFutureValue.
securedCorePC azureAttestationSettingStatus Indicates whether the device has Secured-core PC enabled. Secured-core PCs provide protections that are useful against sophisticated attacks and provide increased assurance when handling mission-critical data. Possible values are "enabled", "disabled" and "notApplicable". "enabled" indicates Secured-core PC is enabled. "disabled" indicates Secured-core PC is disabled. "notApplicable" indicates the device is not a Windows 11 device. Default value is "notApplicable". Possible values are: notApplicable, enabled, disabled, unknownFutureValue.

Relationships

None

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.deviceHealthAttestationState",
  "lastUpdateDateTime": "String",
  "contentNamespaceUrl": "String",
  "deviceHealthAttestationStatus": "String",
  "contentVersion": "String",
  "issuedDateTime": "String (timestamp)",
  "attestationIdentityKey": "String",
  "resetCount": 1024,
  "restartCount": 1024,
  "dataExcutionPolicy": "String",
  "bitLockerStatus": "String",
  "bootManagerVersion": "String",
  "codeIntegrityCheckVersion": "String",
  "secureBoot": "String",
  "bootDebugging": "String",
  "operatingSystemKernelDebugging": "String",
  "codeIntegrity": "String",
  "testSigning": "String",
  "safeMode": "String",
  "windowsPE": "String",
  "earlyLaunchAntiMalwareDriverProtection": "String",
  "virtualSecureMode": "String",
  "pcrHashAlgorithm": "String",
  "bootAppSecurityVersion": "String",
  "bootManagerSecurityVersion": "String",
  "tpmVersion": "String",
  "pcr0": "String",
  "secureBootConfigurationPolicyFingerPrint": "String",
  "codeIntegrityPolicy": "String",
  "bootRevisionListInfo": "String",
  "operatingSystemRevListInfo": "String",
  "healthStatusMismatchInfo": "String",
  "healthAttestationSupportedStatus": "String",
  "memoryIntegrityProtection": "String",
  "memoryAccessProtection": "String",
  "virtualizationBasedSecurity": "String",
  "firmwareProtection": "String",
  "systemManagementMode": "String",
  "securedCorePC": "String"
}