The Health Attestation settings page allows you to configure the compromised status definitions for Windows Desktop devices.

Settings Descriptions
Compromised Status Definition
Use Custom Server

Select to configure a custom server for Health Attestation.

This option requires a server running Windows Server 2016 or newer.

Enabling this option displays the Server URL field.

Server URL Enter the URL for your custom Health Attestation server.
Secure Boot Disabled

Enable to flag compromised device status when Secure Boot is disabled on the device.

Secure Boot forces the system to boot to a factory trusted state. When Secure Boot is enabled, the core components used to boot the machine must have the correct cryptographic signatures that the OEM trusts. The UEFI firmware verifies the trust before it allows the machine to start. Secure boot prevents the startup if any it detects any tampered files.

Attestation Identity Key (AIK) Not Present

Enable to flag compromised device status when the AIK is not present on the device.

Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that does not have an EK certificate.

Data Execution Prevention (DEP) Policy Disabled

Enable to flag compromised device status when the DEP is disabled on the device.

The Data Execution Prevention (DEP) Policy is a memory protection feature built into the system level of the OS. The policy prevents running code from data pages such as the default heap, stacks, and memory pools. DEP is enforced by both hardware and software.

BitLocker Disabled

Enable to flag compromised device status when BitLocker encryption is disabled on the device.

Code Integrity Check Disabled

Enable to flag compromised device status when the code integrity check is disabled on the device.

Code integrity is a feature that validates the integrity of a driver or system file each time it is loaded into memory. Code integrity checks for unsigned drivers or system files before they load into the kernel. The check also scans for users with administrative privileges running system files modified by malicious software .

Early Launch Anti-Malware Disabled

Enable to flag compromised device status when the early launch anti-malware is disabled on the device.

Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.

Code Integrity Version Check Enable to flag compromised device status when the code integrity version check fails.
Boot Manager Version Check Enable to flag compromised device status when the boot manager version check fails.
Boot App Security Version Number Enable to flag compromised device status when the boot app security version number does not meet the entered number.
Boot Manager Security Version Number Check Enable to flag compromised device status when the boot manager security version number does not meet the entered number.
Advanced Settings Enable to configure advance settings including software version identifiers.
Software Version Identifiers
Code Integrity Policy Hash Check Enable to define a whitelist of known, valid hash values for the Code Integrity software. If the hash is not a whitelisted value, health attestation compliance fails.
Secure Boot Config Policy Hash Check Enable to define a whitelist of known, valid hash values for the Secure Boot Config software. If the hash is not a whitelisted value, health attestation compliance fails.
PCR0 Check Enable to define a whitelist of known, valid measurements for the PRC0 Check software. This measurement checks the BIOS trusted code to ensure that it has not been compromised. If the measurement is not a whitelisted value, health attestation compliance fails.