Health Attestation scans devices during startup to for failures in device integrity. Use Health Attestation to detect compromised Windows Desktop devices.

In both BYOD and Corporate-Owned device deployments, it is important to know that devices are healthy when accessing corporate resources. The Windows Health Attestation Service accesses device boot information from the cloud through secure communications. This information is measured and checked against related data points to ensure that the device booted up as intended and is not victim to security vulnerabilities or threat. Measurements include Secure Boot, Code Integrity, BitLocker, and Boot Manager.

AirWatch enables you to configure the Windows Health Attestation service to ensure device compliance. If any of the enabled checks fail, the AirWatch compliance policy engine applies security measures based on the configured compliance policy. This functionality allows you to keep your enterprise data secure from compromised devices. Since AirWatch pulls the necessary information from the device hardware and not the OS, compromised devices are detected even when the OS kernel is compromised.