Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
PKI Key Management Service
This service is responsible for generating Microsoft root and Intermediate certificates. It accepts the CSR from the AZCS Key Provisioning Service to deliver the Intermediate-1 certificate. It ensures that keys are secure, confidential, and accessible only to authorized parties.
AZCS Key Provisioning Service
This service is primarily responsible for accepting the CSR for the attestation public key, verifying the CSR request, signing the request, and delivering the certificate chain for provisioning onto the partner device. This service provides a mechanism to enroll partner certificates so that secure communication between partner devices and service can be established.
This service also provides a revocation mechanism in case any partner enrollment certificate gets compromised.
MAA Attestation Service
The Microsoft Azure Attestation (MAA) Service is an attestation verification service. It accepts attestation evidence (attestation certificate chain) from the caller and validates the trustworthiness of the attestation evidence per the Android defined attestation schema. If validation succeeds, it generates a signed JWT containing attestation claims (attestation result) and delivers it to the caller. This service provides an OpenID metadata endpoint the caller can query to get the public key which the token was signed with.
Device ID & DB Service
This service is responsible for generating a unique device ID (serial number) for partner devices. It is also responsible to get each device’s metadata (such as serial number, model, number, camera and display details, etc.) and store it in the database.