Device HealthAttestation CSPDevice HealthAttestation CSP

设备运行状况附加配置服务提供程序 (DHA-CSP) 使企业 IT 经理能够评估设备是否启动到受信任的兼容状态,以及执行企业策略操作。The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.

以下是由 Device HealthAttestation CSP 执行的功能列表:The following is a list of functions performed by the Device HealthAttestation CSP:

  • 从托管设备收集设备启动日志、TPM 审核跟踪 (DHA-BootData) TPM 证书Collects device boot logs, TPM audit trails and the TPM certificate (DHA-BootData) from a managed device
  • 将DHA-BootData转发到设备运行状况证明服务 (DHA-Service) Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)
  • 从 DHA 服务 (DHA-encBlob) 加密的 blob,并存储到设备的本地缓存中Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
  • 从 (MDM (DHA 请求) ,使用 DHA-Enabled设备运行状况证明数据 (DHA 数据进行回复Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data

术语Terms

TPM (受信任的平台模块) TPM (Trusted Platform Module)

TPM 是一种专门的受硬件保护的逻辑,它执行一系列硬件保护的安全操作,包括提供受保护的存储、随机数字生成、加密和签名。TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption and signing.

DHA (设备运行状况附加) 功能DHA (Device HealthAttestation) feature

通过 Device HealthAttestation (DHA) 功能,企业 IT 管理员可以使用受管理设备的硬件 (TPM) 通过防篡改和防篡改的信道远程监视托管设备的安全状况。The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.

DHA-Enabled设备 (启用 Device HealthAttestation 的设备) DHA-Enabled device (Device HealthAttestation enabled device)

启用了 Device HealthAttestation (支持 DHA 的) 设备是运行 Windows 10 并支持 TPM 版本 1.2 或 2.0 的计算设备 (手机、台式机、笔记本电脑、平板电脑、服务器) 。A Device HealthAttestation enabled (DHA-Enabled) device is a computing device (phone, desktop, laptop, tablet, server) that runs Windows 10 and supports TPM version 1.2 or 2.0.

DHA-Session (设备运行状况附加会话) DHA-Session (Device HealthAttestation session)

Device HealthAttestation session (DHA-Session) 描述在一个设备运行状况证明会话中执行的端到端通信流。The Device HealthAttestation session (DHA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.

以下事务列表在一个 DHA 会话中执行:The following list of transactions is performed in one DHA-Session:

  • DHA 云解决方案提供商DHA-Service通信:DHA-CSP and DHA-Service communication:
    • DHA-CSP 将设备启动数据 (DHA-BootData) 转发DHA-ServiceDHA-CSP forwards device boot data (DHA-BootData) to DHA-Service
    • DHA-Service DHA-encBlob (加密数据 blob 进行) DHA-Service replies with an encrypted data blob (DHA-EncBlob)
  • DHA 云解决方案提供商MDM-Server通信:DHA-CSP and MDM-Server communication:
    • MDM-Server向 DHA-CSP 发送设备运行状况验证请求MDM-Server sends a device health verification request to DHA-CSP
    • DHA-CSP 使用名为 DHA-Data 的有效负载进行回复,其中包含加密的 (DHA-EncBlob) 和 (DHA-SignedBlob) 数据 blobDHA-CSP replies with a payload called DHA-Data that includes an encrypted (DHA-EncBlob) and a signed (DHA-SignedBlob) data blob
  • MDM-ServerDHA-Service通信:MDM-Server and DHA-Service communication:
    • MDM-Server从设备接收的数据张贴到DHA-ServiceMDM-Server posts data it receives from devices to DHA-Service
    • DHA-Service查看它接收的数据,使用设备运行状况报告 (DHA-Report) DHA-Service reviews the data it receives, and replies with a device health report (DHA-Report)

healthattestation session diagram
设备运行状况 (会话数据的 DHA 会话) DHA session data (Device HealthAttestation session data)

以下数据列表在一个 DHA 事务中生成或使用:The following list of data is produced or consumed in one DHA-Transaction:

  • DHA-BootData: (TCG 日志、PCR 值、设备/TPM 证书、启动和 TPM 计数器) 验证设备启动运行状况所需的设备启动数据。DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot and TPM counters) that are required for validating device boot health.
  • DHA-EncBlob:一个加密摘要DHA-Service报告,用于查看设备从设备DHA-BootData收到的问题。DHA-EncBlob: an encrypted summary report that DHA-Service issues to a device after reviewing the DHA-BootData it receives from devices.
  • DHA-SignedBlob:它是设备运行时的当前状态签名快照,由 DHA-CSP 在设备运行状况证明时捕获。DHA-SignedBlob: it is a signed snapshot of the current state of a device’s runtime that is captured by DHA-CSP at device health attestation time.
  • DHA-Data:一个 XML 格式的数据 blob,用于将设备运行状况验证转发到DHA-Service MDM-Server。DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data有 2 个部分:DHA-Data has 2 parts:
    • DHA-EncBlob:设备从邮件接收的加密DHA-ServiceDHA-EncBlob: the encrypted data blob that the device receives from DHA-Service
    • DHA-SignedBlob:由 DHA-CSP 生成的设备的当前安全状态的当前快照DHA-SignedBlob: a current snapshot of the current security state of the device that is generated by DHA-CSP
  • DHA 报告:由提交DHA-ServiceMDM-ServerDHA-Report: the report that is issued by DHA-Service to MDM-Server
  • Nonce:MDM-Server 生成的加密受保护号码,它DHA-Session中间人类型攻击Nonce: a crypto protected number that is generated by MDM-Server, which protects the DHA-Session from man-in-the-middle type attacks

DHA-Enabled MDM (Device HealthAttestation 启用的设备管理解决方案) DHA-Enabled MDM (Device HealthAttestation enabled device management solution)

Device HealthAttestation enabled (DHA-enabled) device management solution 是一个与 DHA 功能集成的设备管理工具。Device HealthAttestation enabled (DHA-Enabled) device management solution is a device management tool that is integrated with the DHA feature.

DHA-Enabled 设备管理解决方案使企业 IT 经理能够基于硬件 (TPM) 受保护数据提升其托管设备的安全保护栏,即使设备受到高级安全威胁或运行恶意 (越狱) 操作系统,这些受信任数据也受信任。DHA-Enabled device management solutions enable enterprise IT managers to raise the security protection bar for their managed devices based on hardware (TPM) protected data that can be trusted even if a device is compromised by advanced security threats or running a malicious (jailbroken) operating system.

以下操作列表由 DHA-Enabled-MDM 执行The following list of operations is performed by DHA-Enabled-MDM

  • 在设备上启用 DHA DHA-Enabled功能Enables the DHA feature on a DHA-Enabled device
  • 向注册/托管的设备发送设备运行状况证明请求Issues device health attestation requests to enrolled/managed devices
  • 从 DHA 数据 (设备运行状况证明数据) ,并将其发送到设备运行状况证明服务 (DHA-Service) 进行验证Collects device health attestation data (DHA-Data), and sends it to Device Health Attestation Service (DHA-Service) for verification
  • 从 DHA 服务 (DHA-Report) 设备运行状况报告,这将触发合规性操作Gets the device health report (DHA-Report) from DHA-Service, which triggers compliance action

DHA-CSP (Device HealthAttestation 配置服务提供程序) DHA-CSP (Device HealthAttestation Configuration Service Provider)

Device HealthAttestation 配置服务提供程序 (DHA-CSP) 使用设备的 TPM 和固件测量设备的 BIOS 和 Windows 启动的关键安全属性,这样即使在感染了内核级别恶意软件或 rootkit 的系统中,这些属性也不能欺骗。The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a device’s TPM and firmware to measure critical security properties of the device’s BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties cannot be spoofed.

以下操作列表由 DHA-CSP 执行:The following list of operations is performed by DHA-CSP:

  • 从托管设备 (DHA-BootData) 设备启动数据Collects device boot data (DHA-BootData) from a managed device
  • 将DHA-BootData转发到设备运行状况证明服务 (DHA-Service) Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)
  • 从 DHA 服务 (DHA-encBlob) 加密的 blob,并存储到设备的本地缓存中Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
  • 接收来自 DHA-Enabled MDM (DHA 请求) 的证明请求,以及使用设备运行状况证明数据 (DHA 数据) Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data)

DHA-Service (Device HealthAttestation Service) DHA-Service (Device HealthAttestation Service)

Device HealthAttestation Service (DHA-Service) 验证它从 DHA-CSP 接收的数据,并通过防篡改和篡改明显的通信通道向 DHA-Enabled 设备管理解决方案中向 DHA-Enabled 设备管理解决方案提供高度信任的硬件 (TPM) 保护报告 (DHA-Report) 。Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.

DHA-Service有两种版本:"DHA-Cloud"和"DHA-Server2016"。DHA-Service is available in 2 flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service支持各种实现方案,包括云、本地、空顶式和混合方案。DHA-Service supports a variety of implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.

以下操作列表由 DHA 服务执行:The following list of operations is performed by DHA-Service:

  • 从设备接收 (DHA-BootData) 设备DHA-Enabled数据Receives device boot data (DHA-BootData) from a DHA-Enabled device
  • 将DHA-BootData转发到设备运行状况证明服务 (DHA-Service) Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)
  • 从 DHA 服务 (DHA-encBlob) 加密的 blob,并存储到设备的本地缓存中Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
  • 从 DHA-Enabled-MDM (DHA-Requests) 接收证明请求,使用设备运行状况报告 (DHA-Report) Receives attestation requests (DHA-Requests) from a DHA-Enabled-MDM, and replies with a device health report (DHA-Report)

healthattestation 服务图表

DHA-Service类型DHA-Service type 描述Description 操作成本Operation cost
设备运行状况证明 – 云Device Health Attestation – Cloud

(DHA 云) (DHA-Cloud)

DHA-Cloud是 Microsoft 拥有和DHA-Service运营的一家公司,即:DHA-Cloud is a Microsoft owned and operated DHA-Service that is:

  • 在 Windows 中免费提供Available in Windows for free
  • 在高可用性和地理位置平衡的云基础结构上运行Running on a high-availability and geo-balanced cloud infrastructure
  • 大多数设备DHA-Enabled解决方案作为默认设备证明服务提供商Supported by most DHA-Enabled device management solutions as the default device attestation service provider
  • 所有企业托管设备均可通过以下方式访问:Accessible to all enterprise-managed devices via following:
    • FQDN = has.spserv.microsoft.com) 端口FQDN = has.spserv.microsoft.com) port
    • 端口 = 443Port = 443
    • 协议 = TCPProtocol = TCP
无成本No cost
设备运行状况证明 – 本地Device Health Attestation – On Premise

(DHA-OnPrem) (DHA-OnPrem)

DHA-OnPrem是指DHA-Service运行于本地的组:DHA-OnPrem refers to DHA-Service that is running on premises:

  • 提供给 Windows Server 2016 客户 (/运行 DHA-Service 服务不会增加许可) Offered to Windows Server 2016 customer (no added licensing cost for enabling/running DHA-Service)
  • 托管在企业拥有和托管的服务器设备/硬件上Hosted on an enterprise owned and managed server device/hardware
  • 受支持本地和混合 DHA-Enabled 云 + OnPrem) 硬件证明方案的第 (一方和第三方设备管理解决方案提供商支持Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios
  • 所有企业托管设备均可通过以下方式访问:Accessible to all enterprise-managed devices via following:

    • FQDN = (企业分配) FQDN = (enterprise assigned)
    • Port = (企业分配) Port = (enterprise assigned)
    • 协议 = TCPProtocol = TCP
在本地运行 Server 2016 的一个或多个实例的操作成本。The operation cost of running one or more instances of Server 2016 on-premises.
设备运行状况证明 - Enterprise-Managed云Device Health Attestation - Enterprise-Managed Cloud

(DHA-EMC) (DHA-EMC)

DHA-EMC 是指作为虚拟主机/服务在 Windows Server 2016 兼容的 Windows Server 2016 -企业托管云服务(如 Microsoft Azure)上运行的企业托管的 DHA-Service。DHA-EMC refers to an enterprise-managed DHA-Service that is running as a virtual host/service on a Windows Server 2016 compatible - enterprise-managed cloud service, such as Microsoft Azure.

  • 为 Windows Server 2016 客户提供,无需额外许可 (启用/运行 DHA-Service) Offered to Windows Server 2016 customers with no additional licensing cost (no added licensing cost for enabling/running DHA-Service)
  • 受支持本地和混合 DHA-Enabled 云 + OnPrem) 硬件证明方案的第 (一方和第三方设备管理解决方案提供商支持Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios
  • 所有企业托管设备均可通过以下方式访问:Accessible to all enterprise-managed devices via following:

    • FQDN = (企业分配) FQDN = (enterprise assigned)
    • Port = (企业分配) Port = (enterprise assigned)
    • 协议 = TCPProtocol = TCP
在兼容的云服务(如 Microsoft Azure)上运行 Server 2016 的操作成本。The operation cost of running Server 2016 on a compatible cloud service, such as Microsoft Azure.

云解决方案提供商关系图和节点说明CSP diagram and node descriptions

下面以树格式显示 Device HealthAttestation 配置服务提供程序。The following shows the Device HealthAttestation configuration service provider in tree format.

./Vendor/MSFT
HealthAttestation
----VerifyHealth
----Status
----ForceRetrieve
----Certificate
----Nonce
----CorrelationID
----HASEndpoint
----TpmReadyStatus
----CurrentProtocolVersion
----PreferredMaxProtocolVersion
----MaxSupportedProtocolVersion

./Vendor/MSFT/HealthAttestation./Vendor/MSFT/HealthAttestation

设备 HealthAttestation 配置服务提供程序的根节点。The root node for the device HealthAttestation configuration service provider.

VerifyHealth (必需) VerifyHealth (Required)

通知设备准备设备运行状况验证请求。Notifies the device to prepare a device health verification request.

支持的操作是 Execute。The supported operation is Execute.

Status (Required) Status (Required)

提供设备运行状况请求的当前状态。Provides the current status of the device health request.

支持的操作是 Get。The supported operation is Get.

以下列表显示了一些受支持的值示例。The following list shows some examples of supported values. 有关状态的完整列表,请参阅 Device HealthAttestation CSP status and error codes For the complete list of status see Device HealthAttestation CSP status and error codes.

  • 0 - (HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED) :DHA-CSP 正在准备请求,从 DHA-EncBlob 获取DHA-Service0 - (HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service
  • 1 - (HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED) :DHA-CSP 正在等待 DHA-Service 做出响应,DHA-EncBlob向设备发出请求1 - (HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device
  • 2 - (HEALTHATTESTATION_CERT_RETRIEVAL_FAILED) :由于除 DHA 错误/状态代码讨论外的其他原因,无法从 DHA-Service 检索有效的 DHA-EncBlob2 - (HEALTHATTESTATION_CERT_RETRIEVAL_FAILED): A valid DHA-EncBlob could not be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes
  • 3 - (HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE) :DHA-Data准备进行选择3 - (HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE): DHA-Data is ready for pick up

ForceRetrieve (可选) ForceRetrieve (Optional)

指示客户端启动对 DHA 服务的新请求,并获取DHA-EncBlob (DHA-Service 服务发送的启动状态摘要的新) 。Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). 此选项应仅在 MDM 服务器强制执行证书新鲜度策略(需要强制设备从 DHA 服务获取新的加密 blob)时使用。This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.

布尔值。Boolean value. 支持的操作是 Replace。The supported operation is Replace.

证书 (必需) Certificate (Required)

指示 DHA-CSP 将DHA-Data转发到 MDM 服务器。Instructs the DHA-CSP to forward DHA-Data to the MDM server.

值类型为 b64。支持的操作是 Get。Value type is b64.The supported operation is Get.

Nonce (必需) Nonce (Required)

使用 MDM 服务器生成的受加密保护的随机值,使 MDM 能够保护设备运行状况证明通信免受中间人类型 (MITM) 攻击。Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server.

nonce 采用十六进制格式,最小大小为 8 字节,最大大小为 32 字节。The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes.

支持的操作是 Get 和 Replace。The supported operations are Get and Replace.

CorrelationId (必需) CorrelationId (Required)

标识唯一的设备运行状况证明会话。Identifies a unique device health attestation session. CorrelationId 用于将 DHA-Service日志与 MDM 服务器事件和客户端事件日志关联,以进行调试和故障排除。CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting.

值类型为整数,最小值为 - 2,147,483,648,最大值为 2,147,483,647。Value type is integer, the minimum value is - 2,147,483,648 and the maximum value is 2,147,483,647. 支持的操作是 Get。The supported operation is Get.

HASEndpoint (可选) HASEndpoint (Optional)

标识分配用于 (证明) 的DHA-Service FQDN 的完全限定域名。Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. 如果未分配 FQDN,DHA-Cloud (Microsoft 拥有和) 的云服务将用作默认证明服务。If an FQDN is not assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service.

值类型为字符串。Value type is string. 支持的操作是 Get 和 Replace。The supported operations are Get and Replace. 默认值为 has.spserv.microsoft.com。The default value is has.spserv.microsoft.com.

TpmReadyStatus (必需) TpmReadyStatus (Required)

已添加到 Windows 10 版本 1607 3 月服务版本中。Added in Windows 10, version 1607 March service release. 返回描述 TPM 状态的信息位掩码。Returns a bitmask of information describing the state of TPM. 它指示设备的 TPM 是否就绪且受信任状态。It indicates whether the TPM of the device is in a ready and trusted state.

值类型为整数。Value type is integer. 支持的操作是 Get。The supported operation is Get.

DHA-CSP 集成步骤DHA-CSP integration steps

以下验证和开发任务列表是将 Microsoft 设备运行状况证明功能与 MDM (Windows Mobile 设备管理解决方案) :The following list of validation and development tasks are required for integrating the Microsoft Device Health Attestation feature with a Windows Mobile device management solution (MDM):

  1. 验证 HTTPS 访问Verify HTTPS access
  2. 分配企业受信任DHA-ServiceAssign an enterprise trusted DHA-Service
  3. 指示客户端准备 DHA 数据进行验证Instruct client to prepare DHA-data for verification
  4. 根据客户端响应采取操作Take action based on the clients response
  5. 指示客户端转发 DHA 数据进行验证Instruct the client to forward DHA-data for verification
  6. 将 DHA 数据张贴到 DHA 服务Post DHA-data to DHA-service
  7. 接收来自 DHA 服务的响应Receive response from DHA-service
  8. 分析DHA-Report数据。Parse DHA-Report data. 根据评估结果采取相应的策略操作Take appropriate policy action based on evaluation results

本主题的以下各节详细介绍了每个步骤。Each step is described in detail in the following sections of this topic.

步骤 1:验证 HTTPS 访问Step 1: Verify HTTPS access

验证 MDM 服务器和设备 (MDM 客户端) 能否 has.spserv.microsoft.com TCP 协议通过端口 443 (HTTPS) 。Validate that both the MDM server and the device (MDM client) can access has.spserv.microsoft.com using the TCP protocol over port 443 (HTTPS).

可以使用 OpenSSL 验证对 DHA 服务的访问。You can use OpenSSL to validate access to DHA-Service. 下面是一个示例 OpenSSL 命令和由 DHA-Service 生成的响应:Here is a sample OpenSSL command and the response that was generated by DHA-Service:

PS C:\openssl> ./openssl.exe s_client -connect has.spserv.microsoft.com:443
CONNECTED(000001A8)
---
Certificate chain
 0 s:/CN=*.spserv.microsoft.com
   i:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2
 1 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGOTCCBCGgAwIBAgITWgAA1KJb40tpukQoewABAADUojANBgkqhkiG9w0BAQsFA4ICAQCJaKewFQuqQwR5fkAr9kZOmtq5fk03p82eHWLaftXlc4RDvVFp4a2ciSjZL8f3f+XWPVdUj9DAi3bCSddlrcNOPRXNepFC1OEmKtE9jM0r7M8qnqFkIfbNrVNUtPxHoraQeMIgbk0SHEOlShY2GXETVBqZdDZ5Rmk4rA+3ggoeV8hNzm2dfNp0iGSrZzawbLzWU1D2Tped1k5IV63yb+cU/TmM ……………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………………………………………………………………………………………………………………
……………2RXXwogn1UM8TZduCEjz+b05mAkvytugzzaI4wXkCP4OgNyy8gul2z5Gj/51pCTN
-----END CERTIFICATE-----
subject=/CN=*.spserv.microsoft.com
issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2
---
No client certificate CA names sent
Peer signing digest: SHA1
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 3681 bytes and written 561 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol: TLSv1.2
    Cipher: ECDHE-RSA-AES256-SHA384
    Session-ID: B22300009621370F84A4A3A7D9FC40D584E047C090604E5226083A02ED239C93
    Session-ID-ctx: 
    Master-Key: 9E3F6BE5B3D3B55C070470CA2B62EF59CC1D5ED9187EF5B3D1BBF4C101EE90BEB04F34FFD748A13C92A387104B8D1DE7
    Key-Arg: None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1432078420
    Timeout: 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

步骤 2:分配企业信任的 DHA 服务Step 2: Assign an enterprise trusted DHA-Service

有三种类型的 DHA 服务:There are three types of DHA-Service:

  • 设备运行状况证明 – 由 Microsoft (拥有和操作的云) Device Health Attestation – Cloud (owned and operated by Microsoft)
  • 设备运行状况证明 – 企业 (运营的 On Premise 证明,在 Windows Server 2016 本地服务器上) Device Health Attestation – On Premise (owned and operated by an enterprise, runs on Windows Server 2016 on premises)
  • 设备运行状况证明 - Enterprise-Managed企业 (运营的云证明,在 Windows Server 2016 兼容的企业托管云服务器上) Device Health Attestation - Enterprise-Managed Cloud (owned and operated by an enterprise, runs on Windows Server 2016 compatible enterprise-managed cloud)

DHA-Cloud是默认设置。DHA-Cloud is the default setting. 如果企业计划将 Microsoft DHA-Cloud受信任提供程序,则无需DHA-Service操作。No further action is required if an enterprise is planning to use Microsoft DHA-Cloud as the trusted DHA-Service provider.

For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint node to instruct a managed device to communicate with the enterprise trusted DHA-Service.For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint node to instruct a managed device to communicate with the enterprise trusted DHA-Service.

以下示例显示了一个示例调用,该调用指示托管设备与企业托管的 DHA-Service 进行通信。The following example shows a sample call that instructs a managed device to communicate with an enterprise-managed DHA-Service.

<Replace>
    <CmdID>1</CmdID>
    <Item>
      <Target>
          <LocURI>./Vendor/MSFT/HealthAttestation/HASEndpoint</LocURI>
      </Target>
      <Data> www.ContosoDHA-Service</Data>
    </Item>
</Replace>

步骤 3:指示客户端准备运行状况数据进行验证Step 3: Instruct client to prepare health data for verification

发送 SyncML 调用以启动 DHA-Data 集合。Send a SyncML call to start collection of the DHA-Data.

以下示例显示了一个示例调用,该调用触发从托管设备收集和验证运行状况证明数据。The following example shows a sample call that triggers collection and verification of health attestation data from a managed device.

<Exec>
    <CmdID>1</CmdID>
    <Item>
      <Target>
          <LocURI>./Vendor/MSFT/HealthAttestation/VerifyHealth</LocURI>
      </Target>
    </Item>
</Exec>

<Get>
    <CmdID>2</CmdID>
    <Item>
      <Target>
          <LocURI>./Vendor/MSFT/HealthAttestation/Status</LocURI>
      </Target>
    </Item>
</Get>

步骤 4:根据客户端响应采取操作Step 4: Take action based on the clients response

客户端收到运行状况证明请求后,会发送响应。After the client receives the health attestation request, it sends a response. 以下列表介绍了响应以及要采取的建议操作。The following list describes the responses, along with a recommended action to take.

  • 如果响应是 HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE (3) 则继续下一节。If the response is HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE (3) then proceed to the next section.
  • 如果响应为 HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED (1) 或 HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED (0) 等待警报,则继续下一部分。If the response is HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED (1) or HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED (0) wait for an alert, then proceed to the next section.

下面是由以下组发出的示例DHA_CSP:Here is a sample alert that is issued by DHA_CSP:

<Alert>
    <CmdID>1</CmdID>
    <Data>1226</Data>
    <Item>
        <Source>
            <LocURI>./Vendor/MSFT/HealthAttestation/VerifyHealth</LocURI>
        </Source>
        <Meta>
            <Type xmlns="syncml:metinf">com.microsoft.mdm:HealthAttestation.Result</Type>
            <Format xmlns="syncml:metinf">int</Format>
        </Meta>
        <Data>3</Data>
    </Item>
</Alert>

步骤 5:指示客户端转发运行状况证明数据进行验证Step 5: Instruct the client to forward health attestation data for verification

创建对Nonce、Certificate****** 和CorrelationId**节点的调用,并选取包含运行状况证书和设备的相关数据的加密有效负载。Create a call to the Nonce, Certificate and CorrelationId nodes, and pick up an encrypted payload that includes a health certificate and related data from the device.

下面是一个示例:Here is an example:

<Replace>
    <CmdID>1</CmdID>
    <Item>
        <Target>
            <LocURI>./Vendor/MSFT/HealthAttestation/Nonce</LocURI>
        </Target>
        <Data>AAAAAAAAAFFFFFFF</Data>
    </Item>
</Replace>

<Get>
    <CmdID>2</CmdID>
    <Item>
        <Target>
            <LocURI>./Vendor/MSFT/HealthAttestation/Certificate</LocURI>
        </Target>
    </Item>
</Get>

<Get>
    <CmdID>3</CmdID>
    <Item>
        <Target>
            <LocURI>./Vendor/MSFT/HealthAttestation/CorrelationId </LocURI>
        </Target>
    </Item>
</Get>

步骤 6:将设备运行状况证明数据转发到 DHA 服务Step 6: Forward device health attestation data to DHA-service

为了响应上一步中发送的请求,MDM 客户端将来自 ./Vendor/MSFT/HealthAttestation/Certificate 节点) 的 XML 格式的 blob (响应和名为 CorrelationId (响应的调用标识符转发到 ./Vendor/MSFT/HealthAttestation/CorrelationId 节点) 。In response to the request that was sent in the previous step, the MDM client forwards an XML formatted blob (response from ./Vendor/MSFT/HealthAttestation/Certificate node) and a call identifier called CorrelationId (response to ./Vendor/MSFT/HealthAttestation/CorrelationId node).

当MDM-Server接收上述数据时,它必须:When the MDM-Server receives the above data, it must:

  • 记录它从设备服务接收的 CorrelationId (将来疑难解答/参考) 与呼叫相关。Log the CorrelationId it receives from the device (for future troubleshooting/reference), correlated to the call.
  • 解码从设备接收的 XML 格式数据 blobDecode the XML formatted data blob it receives from the device
  • Append the nonce that was generated by MDM service (add the nonce that was forwarded to the device in Step 5) to the XML structure that was forwarded by the device in following format:Append the nonce that was generated by MDM service (add the nonce that was forwarded to the device in Step 5) to the XML structure that was forwarded by the device in following format:
<?xml version='1.0' encoding='utf-8' ?>
<HealthCertificateValidationRequest ProtocolVersion='1' xmlns='http://schemas.microsoft.com/windows/security/healthcertificate/validation/request/v1'>
    <Nonce>[INT]</Nonce>
    <Claims> [base64 blob, eg ‘ABc123+/…==’] </Claims>
    <HealthCertificateBlob> [base64 blob, eg ‘ABc123+/...==’]
    </HealthCertificateBlob>
</HealthCertificateValidationRequest>

步骤 7:接收来自 DHA 服务的响应Step 7: Receive response from the DHA-service

当 Microsoft 设备运行状况证明服务收到验证请求时,它会执行以下步骤:When the Microsoft Device Health Attestation Service receives a request for verification, it performs the following steps:

  • 解密它收到的加密数据。Decrypts the encrypted data it receives.
  • 验证已接收的数据Validates the data it has received
  • 创建报告,然后通过 XML 格式的 SSL 将评估结果共享到 MDM 服务器Creates a report, and shares the evaluation results to the MDM server via SSL in XML format

步骤 8:根据评估结果采取相应的策略操作Step 8: Take appropriate policy action based on evaluation results

MDM 服务器收到已验证的数据后,该信息可用于通过评估数据做出策略决策。After the MDM server receives the verified data, the information can be used to make policy decisions by evaluating the data. 一些可能的操作包括:Some possible actions would be:

  • 允许设备访问。Allow the device access.
  • 允许设备访问资源,但标记设备以便进一步调查。Allow the device to access the resources, but flag the device for further investigation.
  • 阻止设备访问资源。Prevent a device from accessing resources.

以下数据点列表由版本 3 中的DHA-ServiceDHA-Report验证:The following list of data points are verified by the DHA-Service in DHA-Report version 3:

* 仅 TPM 2.0* TPM 2.0 only
** 报告在初始启动期间是否已启用 Bitlocker。** Reports if Bitlocker was enabled during initial boot.
必须在设备上禁用"混合恢复"。*** The “Hybrid Resume” must be disabled on the device. 报告启动期间加载了第一方 ELAM"Defender"。Reports 1st party ELAM “Defender” was loaded during boot.

以下各节将详细介绍其中每个操作,以及要采取的建议操作。Each of these are described in further detail in the following sections, along with the recommended actions to take.

IssuedIssued

评估 DHA 报告或将 DHA 报告颁发给 MDM 的日期和时间。The date and time DHA-report was evaluated or issued to MDM.

AIKPresentAIKPresent

当设备上存在 AIK (AIK) 时,它表示设备具有认可密钥 (EK) 证书。When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. 它可以信任多个没有 EK 证书的设备。It can be trusted more than a device that doesn’t have an EK certificate.

如果 AIKPresent = True (1) ,则允许访问。If AIKPresent = True (1), then allow access.

如果 AIKPresent = False (0) ,则执行符合企业策略的下列操作之一:If AIKPresent = False (0), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 允许基于评估时存在的其他数据点的条件访问。Allow conditional access based on other data points that are present at evaluation time. 例如,运行状况证书上的其他属性,或设备过去的活动和信任历史记录。For example, other attributes on the health certificate, or a devices past activities and trust history.
  • 执行之前的操作之一,此外将设备放在监视列表中,以更密切地监视设备是否具有潜在风险。Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.

ResetCount (仅针对支持 TPM 2.0) ResetCount (Reported only for devices that support TPM 2.0)

此属性报告电脑设备休眠或恢复次数。This attribute reports the number of times a PC device has hibernated or resumed.

RestartCount (仅针对支持 TPM 2.0) RestartCount (Reported only for devices that support TPM 2.0)

此属性报告电脑设备重新启动次数This attribute reports the number of times a PC device has rebooted

DEPPolicyDEPPolicy

如果在设备上启用了 DEP 策略,则设备可信任更多。A device can be trusted more if the DEP Policy is enabled on the device.

DATA Execution Prevention (DEP) Policy 定义是一组硬件和软件技术,这些技术对内存执行其他检查,以帮助防止恶意代码在系统上运行。Data Execution Prevention (DEP) Policy defines is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. 安全启动允许在 x86/amd64 和 ARM NTOS 锁定它的受限列表。Secure boot allows a limited list on x86/amd64 and on ARM NTOS locks it to on.

可以使用 WMI 或 PowerShell 脚本中的以下命令禁用或启用 DEPPolicy:DEPPolicy can be disabled or enabled by using the following commands in WMI or a PowerShell script:

  • 若要禁用 DEP,请 ** 键入bcdedit.exe /set {current} nx AlwaysOff**To disable DEP, type bcdedit.exe /set {current} nx AlwaysOff
  • 若要启用 DEP,请键入 bcdedit.exe /set {current} nx AlwaysOnTo enable DEP, type bcdedit.exe /set {current} nx AlwaysOn

如果 DEPPolicy = 1 (On) ,则允许访问。If DEPPolicy = 1 (On), then allow access.

如果 DEPPolicy = 0 (Off) ,则执行符合企业策略的下列操作之一:If DEPPolicy = 0 (Off), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 允许基于评估时存在的其他数据点的条件访问。Allow conditional access based on other data points that are present at evaluation time. 例如,运行状况证书上的其他属性,或设备过去的活动和信任历史记录。For example, other attributes on the health certificate, or a devices past activities and trust history.
  • 执行之前的操作之一,此外将设备放在监视列表中,以更密切地监视设备是否具有潜在风险。Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.

BitlockerStatus (启动时) BitlockerStatus (at boot time)

在启动时报告 Bitlocker 时,当系统关闭或进入休眠时,设备能够保护存储在驱动器上的数据,防止未经授权的 " " 访问。When Bitlocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.

Windows BitLocker 驱动器加密,加密存储在 Windows 操作系统卷上的所有数据。Windows BitLocker Drive Encryption, encrypts all data stored on the Windows operating system volume. BitLocker 使用 TPM 帮助保护 Windows 操作系统和用户数据,并帮助确保计算机不被篡改,即使计算机被无人值守、丢失或被盗。BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.

如果计算机配备了兼容的 TPM,BitLocker 将使用 TPM 锁定保护数据的加密密钥。If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. 因此,在 TPM 验证计算机状态之前,无法访问密钥。As a result, the keys cannot be accessed until the TPM has verified the state of the computer.

如果 BitLockerStatus = 1 (On) ,则允许访问。If BitLockerStatus = 1 (On), then allow access.

如果 BitLockerStatus = 0 (Off) ,则执行符合企业策略的下列操作之一:If BitLockerStatus = 0 (Off), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 允许基于评估时存在的其他数据点的条件访问。Allow conditional access based on other data points that are present at evaluation time. 例如,运行状况证书上的其他属性,或设备过去的活动和信任历史记录。For example, other attributes on the health certificate, or a devices past activities and trust history.
  • 执行之前的操作之一,此外将设备放在监视列表中,以更密切地监视设备是否具有潜在风险。Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.

BootManagerRevListVersionBootManagerRevListVersion

此属性指示在设备上运行的启动管理器的版本,以便你可以跟踪和管理启动序列/环境的安全性。This attribute indicates the version of the Boot Manager that is running on the device, to allow you to track and manage the security of the boot sequence/environment.

如果 BootManagerRevListVersion = [CurrentVersion],则允许访问。If BootManagerRevListVersion = [CurrentVersion], then allow access.

如果 BootManagerRevListVersion != [CurrentVersion],则执行符合企业策略的下列操作之一:If BootManagerRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 和 MBI 资产Disallow access to HBI and MBI assets
  • 将设备放在监视列表中,以更密切地监视设备的潜在风险。Place the device in a watch list to monitor the device more closely for potential risks.
  • 触发更正操作,例如通知技术支持团队联系所有者以调查问题。Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.

CodeIntegrityRevListVersionCodeIntegrityRevListVersion

此属性指示在启动序列期间执行完整性检查的代码的版本。This attribute indicates the version of the code that is performing integrity checks during the boot sequence. 使用此属性可帮助你检测设备是否正在运行执行完整性检查的最新版本的代码,或者它是否面临安全风险 (被吊销) 强制执行适当的策略操作。Using this attribute can help you detect if the device is running the latest version of the code that performs integrity checks, or if it is exposed to security risks (revoked) and enforce an appropriate policy action.

如果 CodeIntegrityRevListVersion = [CurrentVersion],则允许访问。If CodeIntegrityRevListVersion = [CurrentVersion], then allow access.

如果 CodeIntegrityRevListVersion != [CurrentVersion],则执行符合企业策略的下列操作之一:If CodeIntegrityRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 和 MBI 资产Disallow access to HBI and MBI assets
  • 将设备放在监视列表中,以更密切地监视设备的潜在风险。Place the device in a watch list to monitor the device more closely for potential risks.
  • 触发更正操作,例如通知技术支持团队联系所有者以调查问题。Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.

SecureBootEnabledSecureBootEnabled

启用安全启动后,用于启动计算机的核心组件必须具有制造设备的组织信任的正确加密签名。When Secure Boot is enabled the core components used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. UEFI 固件先验证这一点,然后再让计算机启动。The UEFI firmware verifies this before it lets the machine start. 如果任何文件已被篡改,破坏其签名,系统将不会启动。If any files have been tampered with, breaking their signature, the system will not boot.

如果 SecureBootEnabled = 1 (True) ,则允许访问。If SecureBootEnabled = 1 (True), then allow access.

如果 SecurebootEnabled = 0 (False) ,则执行符合企业策略的下列操作之一:If SecurebootEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 允许基于评估时存在的其他数据点的条件访问。Allow conditional access based on other data points that are present at evaluation time. 例如,运行状况证书上的其他属性,或设备过去的活动和信任历史记录。For example, other attributes on the health certificate, or a devices past activities and trust history.
  • 执行之前的操作之一,此外将设备放在监视列表中,以更密切地监视设备是否具有潜在风险。Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.

BootDebuggingEnabledBootDebuggingEnabled

启动调试启用指向开发和测试中使用的设备。Boot debug enabled points to a device that is used in development and testing. 用于测试和开发的设备通常安全性较低:设备可能运行不稳定的代码,或者配置为具有测试和开发所需的较少安全限制。Devices that are used for test and development typically are less secure: the device may run unstable code, or be configured with fewer security restrictions that is required for testing and development.

可以使用 WMI 或 PowerShell 脚本中的以下命令禁用或启用启动调试:Boot debugging can be disabled or enabled by using the following commands in WMI or a PowerShell script:

  • 若要禁用启动调试,请 ** 键入bcdedit.exe /set {current} bootdebug off**To disable boot debugging, type bcdedit.exe /set {current} bootdebug off
  • 若要启用启动调试,请键入 bcdedit.exe /set {current} bootdebug onTo enable boot debugging, type bcdedit.exe /set {current} bootdebug on

如果 BootdebuggingEnabled = 0 (False) ,则允许访问。If BootdebuggingEnabled = 0 (False), then allow access.

如果 BootDebuggingEnabled = 1 (True) ,则执行符合企业策略的下列操作之一:If BootDebuggingEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 将设备放在监视列表中,以更密切地监视设备的潜在风险。Place the device in a watch list to monitor the device more closely for potential risks.
  • 触发更正操作,例如使用 WMI 或 Powershell 脚本启用 VSM。Trigger a corrective action, such as enabling VSM using WMI or a Powershell script.

OSKernelDebuggingEnabledOSKernelDebuggingEnabled

OSKernelDebuggingEnabled 指向用于开发和测试的设备。OSKernelDebuggingEnabled points to a device that is used in development and testing. 用于测试和开发的设备通常安全性较低:它们可能会运行不稳定的代码,或配置为具有测试和开发所需的较少安全限制。Devices that are used for test and development typically are less secure: they may run unstable code, or be configured with fewer security restrictions required for testing and development.

如果 OSKernelDebuggingEnabled = 0 (False) ,则允许访问。If OSKernelDebuggingEnabled = 0 (False), then allow access.

如果 OSKernelDebuggingEnabled = 1 (True) ,则执行符合企业策略的下列操作之一:If OSKernelDebuggingEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 将设备放在监视列表中,以更密切地监视设备的潜在风险。Place the device in a watch list to monitor the device more closely for potential risks.
  • 触发更正操作,例如通知技术支持团队联系所有者以调查问题。Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.

CodeIntegrityEnabledCodeIntegrityEnabled

启用代码完整性后,代码执行仅限于完整性验证代码。When code integrity is enabled, code execution is restricted to integrity verified code.

代码完整性是一项功能,它每次加载到内存中时验证驱动程序或系统文件的完整性。Code integrity is a feature that validates the integrity of a driver or system file each time it is loaded into memory. 代码完整性检测未签名的驱动程序或系统文件是否正在加载到内核中,或者系统文件是否已由具有管理员权限的用户帐户运行的恶意软件修改。Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrator privileges.

在基于 x64 的操作系统版本上,内核模式驱动程序必须进行数字签名。On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.

如果 CodeIntegrityEnabled = 1 (True) ,则允许访问。If CodeIntegrityEnabled = 1 (True), then allow access.

如果 CodeIntegrityEnabled = 0 (False) ,则执行符合企业策略的下列操作之一:If CodeIntegrityEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 允许基于评估时存在的其他数据点的条件访问。Allow conditional access based on other data points that are present at evaluation time. 例如,运行状况证书上的其他属性,或设备过去的活动和信任历史记录。For example, other attributes on the health certificate, or a devices past activities and trust history.
  • 执行之前的操作之一,此外将设备放在监视列表中,以更密切地监视设备是否具有潜在风险。Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.

TestSigningEnabledTestSigningEnabled

启用测试签名后,设备不会在启动期间强制执行签名验证,并允许未签名的驱动程序 (如未签名的 UEFI 模块) 启动期间加载。When test signing is enabled, the device does not enforce signature validation during boot, and allows the unsigned drivers (such as unsigned UEFI modules) to load during boot.

可以使用 WMI 或 PowerShell 脚本中的以下命令禁用或启用测试签名:Test signing can be disabled or enabled by using the following commands in WMI or a PowerShell script:

  • 若要禁用启动调试,请 ** 键入bcdedit.exe /set {current} testsigning off**To disable boot debugging, type bcdedit.exe /set {current} testsigning off
  • 若要启用启动调试,请键入 bcdedit.exe /set {current} testsigning onTo enable boot debugging, type bcdedit.exe /set {current} testsigning on

如果 TestSigningEnabled = 0 (False) ,则允许访问。If TestSigningEnabled = 0 (False), then allow access.

如果 TestSigningEnabled = 1 (True) ,则执行符合企业策略的下列操作之一:If TestSigningEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 和 MBI 资产Disallow access to HBI and MBI assets
  • 将设备放在监视列表中,以更密切地监视设备的潜在风险。Place the device in a watch list to monitor the device more closely for potential risks.
  • 触发更正操作,例如使用 WMI 或 Powershell 脚本启用测试签名。Trigger a corrective action, such as enabling test signing using WMI or a Powershell script.

SafeModeSafeMode

安全模式是 Windows 的疑难解答选项,用于以有限状态启动计算机。Safe mode is a troubleshooting option for Windows that starts your computer in a limited state. 仅启动运行 Windows 所需的基本文件和驱动程序。Only the basic files and drivers necessary to run Windows are started.

如果 SafeMode = 0 (False) ,则允许访问。If SafeMode = 0 (False), then allow access.

如果 SafeMode = 1 (True) ,则执行符合企业策略的下列操作之一:If SafeMode = 1 (True), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 触发更正操作,例如通知技术支持团队与所有者联系以调查问题。Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.

WinPEWinPE

Windows 预安装环境 (Windows PE) 是具有有限服务(用于准备计算机以用于 Windows 安装、从网络文件服务器复制磁盘映像以及启动 Windows 安装程序)的最少操作系统。Windows pre-installation Environment (Windows PE) is a minimal operating system with limited services that is used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows Setup.

如果 WinPE = 0 (False) ,则允许访问。If WinPE = 0 (False), then allow access.

如果 WinPE = 1 (True) ,则限制对 Windows OS 安装所需的远程资源的访问权限。If WinPE = 1 (True), then limit access to remote resources that are required for Windows OS installation.

ELAMDriverLoaded (Windows Defender) ELAMDriverLoaded (Windows Defender)

若要使用此报告功能,必须在设备上 " " 禁用混合恢复。To use this reporting feature you must disable "Hybrid Resume" on the device. 提前启动反恶意软件 (ELAM) 启动时和第三方驱动程序初始化之前为网络中计算机提供保护。Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.

在当前版本中,此属性仅监视/报告 Microsoft 第一方 ELAM (Windows Defender) 初始启动期间是否加载。In the current release, this attribute only monitors/reports if a Microsoft 1st party ELAM (Windows Defender) was loaded during initial boot.

如果设备预期使用第三方防病毒程序,则忽略报告的状态。If a device is expected to use a 3rd party antivirus program, ignore the reported state.

如果预计设备使用 Windows Defender ELAMDriverLoaded = 1 (True) ,则允许访问。If a device is expected to use Windows Defender and ELAMDriverLoaded = 1 (True), then allow access.

如果预计设备使用 Windows Defender 且 ELAMDriverLoaded = 0 (False) ,则执行符合企业策略的下列操作之一,还要考虑设备是桌面设备还是移动设备:If a device is expected to use Windows Defender and ELAMDriverLoaded = 0 (False), then take one of the following actions that align with your enterprise policies, also accounting for whether it is a desktop or mobile device:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 触发更正操作,例如通知技术支持团队与所有者联系以调查问题。Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.

Bcdedit.exe /set {current} vsmlaunchtype autoBcdedit.exe /set {current} vsmlaunchtype auto

如果 ELAMDriverLoaded = 1 (True) ,则允许访问。If ELAMDriverLoaded = 1 (True), then allow access.

如果 ELAMDriverLoaded = 0 (False) ,则执行符合企业策略的下列操作之一:If ELAMDriverLoaded = 0 (False), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 触发更正操作,例如通知技术支持团队与所有者联系以调查问题。Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.

VSMEnabledVSMEnabled

VSM (虚拟) 是保护高价值资产免受损坏内核的容器。Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM 需要大约 1GB 的内存 , 它有足够的功能来运行用于所有身份验证代理的 LSA 服务。VSM requires about 1GB of memory – it has just enough capability to run the LSA service that is used for all authentication brokering.

可以使用 WMI 中的以下命令或 PowerShell 脚本启用 VSM:VSM can be enabled by using the following command in WMI or a PowerShell script:

bcdedit.exe /set {current} vsmlaunchtype autobcdedit.exe /set {current} vsmlaunchtype auto

如果 VSMEnabled = 1 (True) ,则允许访问。If VSMEnabled = 1 (True), then allow access.

如果 VSMEnabled = 0 (False) ,则执行符合企业策略的下列操作之一:If VSMEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 禁止访问 HBI 资产Disallow access to HBI assets
  • 触发更正操作,例如通知技术支持团队联系所有者以调查问题Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue

PCRHashAlgorithmIDPCRHashAlgorithmID

此属性是标识 TPM 使用的 HASH 算法的信息属性;无需合规性操作。This attribute is an informational attribute that identifies the HASH algorithm that was used by TPM; no compliance action required.

BootAppsVNBootAppSVN

此属性标识在已证明设备上的初始启动期间加载的启动应用程序的安全版本号This attribute identifies the security version number of the Boot Application that was loaded during initial boot on the attested device

如果报告的 BootAppSVN 等于接受值,则允许访问。If reported BootAppSVN equals an accepted value, then allow access.

如果报告的 BootAppSVN 不等于接受的值,则执行符合企业策略的下列操作之一:If reported BootAppSVN does not equal an accepted value, then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 将设备引导到企业金子,以进一步监视设备的活动。Direct the device to an enterprise honeypot, to further monitor the device's activities.

BootManagerSVNBootManagerSVN

此属性标识在已证明设备上的初始启动期间加载的启动管理器的安全版本号。This attribute identifies the security version number of the Boot Manager that was loaded during initial boot on the attested device.

如果报告的 BootManagerSVN 等于接受值,则允许访问。If reported BootManagerSVN equals an accepted value, then allow access.

如果报告的 BootManagerSVN 不等于接受值,则执行符合企业策略的下列操作之一:If reported BootManagerSVN does not equal an accepted value, then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 将设备引导到企业金子,以进一步监视设备的活动。Direct the device to an enterprise honeypot, to further monitor the device's activities.

TPMVersionTPMVersion

此属性标识在已证明设备上运行的 TPM 的版本。This attribute identifies the version of the TPM that is running on the attested device.

TPMVersion 节点提供对答复 " 1 " 和 " " 2:TPMVersion node provides to replies "1" and "2":

  • 1 表示 TPM 规范版本 1.21 means TPM specification version 1.2
  • 2 表示 TPM 规范版本 2.02 means TPM specification version 2.0

根据从 TPMVersion 节点收到的答复:Based on the reply you receive from TPMVersion node:

  • 如果报告的 TPMVersion 等于接受值,则允许访问。If reported TPMVersion equals an accepted value, then allow access.
  • 如果报告的 TPMVersion 不等于接受的值,则执行符合企业策略的下列操作之一:If reported TPMVersion does not equal an accepted value, then take one of the following actions that align with your enterprise policies:
    • 禁止所有访问Disallow all access
    • 将设备引导到企业金子,以进一步监视设备的活动。Direct the device to an enterprise honeypot, to further monitor the device's activities.

PCR0PCR0

PCR[0] 中捕获的度量通常表示启动周期之间的主机平台的一致视图。The measurement that is captured in PCR[0] typically represents a consistent view of the Host Platform between boot cycles. 它包含由主机平台制造商提供的组件的度量。It contains a measurement of components that are provided by the host platform manufacturer.

企业经理可以创建受信任的 PCR[0] 值的允许列表,将托管设备的 PCR[0] 值 (HAS) 验证并报告的值与允许列表进行比较,然后根据比较结果做出信任决策。Enterprise managers can create a allow list of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allow list, and then make a trust decision based on the result of the comparison.

如果您的企业没有接受的 PCR[0] 值的允许列表,则不采取措施。If your enterprise does not have a allow list of accepted PCR[0] values, then take no action.

如果 PCR[0] 等于接受的允许列表值,则允许访问。If PCR[0] equals an accepted allow list value, then allow access.

如果 PCR[0] 不等于任何接受的列出值,则执行符合企业策略的下列操作之一:If PCR[0] does not equal any accepted listed value, then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 将设备引导到企业金子,以进一步监视设备的活动。Direct the device to an enterprise honeypot, to further monitor the device's activities.

SBCPHashSBCPHash

SBCPHash 是在 Windows 设备中启动期间加载的自定义安全启动配置策略 (SBCP) (电脑除外)的指纹。SBCPHash is the finger print of the Custom Secure Boot Configuration Policy (SBCP) that was loaded during boot in Windows devices, except PCs.

如果 SBCPHash 不存在或是允许列出的接受值,则允许访问。If SBCPHash is not present, or is an accepted allow-listed value, then allow access.

如果 SBCPHash 存在于 DHA 报告中,并且不是允许列出的值,则执行符合企业策略的下列操作之一:If SBCPHash is present in DHA-Report, and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 将设备放在监视列表中,以更密切地监视设备的潜在风险。Place the device in a watch list to monitor the device more closely for potential risks.

CIPolicyCIPolicy

此属性指示控制启动环境安全性的代码完整性策略。This attribute indicates the Code Integrity policy that is controlling the security of the boot environment.

如果 CIPolicy 不存在或是允许列出的接受值,则允许访问。If CIPolicy is not present, or is an accepted allow-listed value, then allow access.

如果 CIPolicy 存在且不是允许列出的值,则执行符合企业策略的下列操作之一:If CIPolicy is present and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 将设备放在监视列表中,以更密切地监视设备的潜在风险。Place the device in a watch list to monitor the device more closely for potential risks.

BootRevListInfoBootRevListInfo

此属性标识在已证明设备上的初始启动期间加载的启动修订列表。This attribute identifies the Boot Revision List that was loaded during initial boot on the attested device.

如果报告的 BootRevListInfo 版本等于接受值,则允许访问。If reported BootRevListInfo version equals an accepted value, then allow access.

如果报告的 BootRevListInfo 版本不等于接受值,则执行符合企业策略的下列操作之一:If reported BootRevListInfo version does not equal an accepted value, then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 将设备引导到企业金子,以进一步监视设备的活动。Direct the device to an enterprise honeypot, to further monitor the device's activities.

OSRevListInfoOSRevListInfo

此属性标识在已证明设备上初始启动期间加载的操作系统修订列表。This attribute identifies the Operating System Revision List that was loaded during initial boot on the attested device.

如果报告的 OSRevListInfo 版本等于接受值,则允许访问。If reported OSRevListInfo version equals an accepted value, then allow access.

如果报告的 OSRevListInfo 版本不等于接受值,则执行符合企业策略的下列操作之一:If reported OSRevListInfo version does not equal an accepted value, then take one of the following actions that align with your enterprise policies:

  • 禁止所有访问Disallow all access
  • 将设备引导到企业金子,以进一步监视设备的活动。Direct the device to an enterprise honeypot, to further monitor the device's activities.

HealthStatusMismatchFlagsHealthStatusMismatchFlags

如果 DHA-Service 在从设备管理解决方案接收到的 (中检测到完整性问题) 不匹配DHA-Data则 HealthStatusMismatchFlags 属性将出现,进行验证。HealthStatusMismatchFlags attribute appears if DHA-Service detects an integrity issue (mismatch) in the DHA-Data it receives from device management solutions, for validation.

如果检测到问题,将在 HealthStatusMismatchFlags 属性下列出影响 DHA 报告元素的列表。In case of a detected issue a list of impacted DHA-report elements will be listed under the HealthStatusMismatchFlags attribute.

设备运行状况Attestation CSP 状态和错误代码Device HealthAttestation CSP status and error codes

错误代码Error code 错误名称Error name 描述Description
00 HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZEDHEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED 这是从未参与 DHA 会话的设备的初始状态。This is the initial state for devices that have never participated in a DHA-Session.
11 HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTEDHEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED 此状态表示已触发节点 VerifyHealth 上的 MDM 客户端的 Exec 调用,现在操作系统正在尝试从 DHA-Server DHA-EncBlob请求。This state signifies that MDM client’s Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.
22 HEALTHATTESTATION_CERT_RETRIEVAL_FAILEDHEALTHATTESTATION_CERT_RETRIEVAL_FAILED 此状态表示设备无法从 DHA-DHA-EncBlob检索邮件。This state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.
33 HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETEHEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE 此状态表示设备已成功检索DHA-EncBlob DHA-Server 的证书。This state signifies that the device has successfully retrieved DHA-EncBlob from the DHA-Server.
44 HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAILHEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAIL 在 Windows 10 版本 1607 中已弃用。Deprecated in Windows 10, version 1607.
55 HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAILHEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAIL DHA-CSP 未能获得声明报价。DHA-CSP failed to get a claim quote.
66 HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READYHEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READY DHA-CSP 无法打开 Microsoft 平台加密提供程序的句柄。DHA-CSP failed in opening a handle to Microsoft Platform Crypto Provider.
77 HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAILHEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAIL DHA CSP 检索 Windows AIK 失败DHA-CSP failed in retrieving Windows AIK
88 HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAILHEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAIL 在 Windows 10 版本 1607 中已弃用。Deprecated in Windows 10, version 1607.
99 HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSIONHEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSION TPM 版本 (TPM 版本不是 1.2 或 2.0 版本) Invalid TPM version (TPM version is not 1.2 or 2.0)
1010 HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAILHEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAIL 在注册表中找不到 Nonce。Nonce was not found in the registry.
1111 HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAILHEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAIL 在注册表中未找到相关 ID。Correlation ID was not found in the registry.
1212 HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAILHEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAIL 在 Windows 10 版本 1607 中已弃用。Deprecated in Windows 10, version 1607.
1313 HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAILHEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAIL 在 Windows 10 版本 1607 中已弃用。Deprecated in Windows 10, version 1607.
1414 HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAILHEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAIL 编码函数失败。Failure in Encoding functions. (极不可能的方案) (Extremely unlikely scenario)
1515 HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAILHEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAIL 在 Windows 10 版本 1607 中已弃用。Deprecated in Windows 10, version 1607.
1616 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XMLHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XML DHA-CSP 无法加载从云解决方案提供商收到的DHA-ServiceDHA-CSP failed to load the payload it received from DHA-Service
1717 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XMLHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XML DHA-CSP 收到来自 DHA-Service 的损坏响应。DHA-CSP received a corrupted response from DHA-Service.
1818 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XMLHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XML DHA-CSP 收到来自 DHA-Service 的空响应。DHA-CSP received an empty response from DHA-Service.
1919 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EKHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EK DHA-CSP 无法从 EK 质询中解密 AES 密钥。DHA-CSP failed in decrypting the AES key from the EK challenge.
2020 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EKHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EK DHA-CSP 使用 AES 密钥解密运行状况证书失败。DHA-CSP failed in decrypting the health cert with the AES key.
2121 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUBHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUB DHA-CSP 导出 AIK 公钥失败。DHA-CSP failed in exporting the AIK Public Key.
2222 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_CLAIMAUTHORITYONLYHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_CLAIMAUTHORITYONLY DHA-CSP 尝试创建包含 AIK 证明数据声明失败。DHA-CSP failed in trying to create a claim with AIK attestation data.
2323 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKPUBHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKPUB DHA-CSP 未能将 AIK Pub 追加到请求 blob。DHA-CSP failed in appending the AIK Pub to the request blob.
2424 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKCERTHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKCERT DHA-CSP 未能将 AIK 证书追加到请求 blob。DHA-CSP failed in appending the AIK Cert to the request blob.
2525 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_INIT_HTTPHANDLEHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_INIT_HTTPHANDLE DHA-CSP 未能获取会话句柄。DHA-CSP failed to obtain a Session handle.
2626 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_GETTARGET_HTTPHANDLEHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_GETTARGET_HTTPHANDLE DHA-CSP 无法连接到 DHA 服务。DHA-CSP failed to connect to the DHA-Service.
2727 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_HTTPHANDLEHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_HTTPHANDLE DHA-CSP 无法创建 HTTP 请求句柄。DHA-CSP failed to create a HTTP request handle.
2828 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SET_INTERNETOPTIONHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SET_INTERNETOPTION DHA-CSP 未能设置选项。DHA-CSP failed to set options.
2929 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ADD_REQUESTHEADERSHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ADD_REQUESTHEADERS DHA-CSP 无法添加请求标头。DHA-CSP failed to add request headers.
3030 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SEND_REQUESTHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SEND_REQUEST DHA-CSP 无法发送 HTTP 请求。DHA-CSP failed to send the HTTP request.
3131 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_RECEIVE_RESPONSEHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_RECEIVE_RESPONSE DHA-CSP 无法收到来自 DHA 服务的响应。DHA-CSP failed to receive a response from the DHA-Service.
3232 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_QUERY_HEADERSHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_QUERY_HEADERS DHA-CSP 在尝试获取 HTTP 状态代码时未能查询标头。DHA-CSP failed to query headers when trying to get HTTP status code.
3333 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_RESPONSEHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_RESPONSE DHA-CSP 收到来自 DHA-Service空响应,即使 HTTP 状态为正常。DHA-CSP received an empty response from DHA-Service even though HTTP status was OK.
3434 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_MISSING_RESPONSEHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_MISSING_RESPONSE DHA-CSP 收到空响应以及来自 DHA-Service 的 HTTP 错误代码。DHA-CSP received an empty response along with a HTTP error code from DHA-Service.
3535 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_IMPERSONATE_USERHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_IMPERSONATE_USER DHA-CSP 无法模拟用户。DHA-CSP failed to impersonate user.
3636 HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ACQUIRE_PDCNETWORKACTIVATORHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ACQUIRE_PDCNETWORKACTIVATOR 当设备处于连接待机模式时,DHA-CSP 无法获取网络通信所需的 PDC 激活器。DHA-CSP failed to acquire the PDC activators that are needed for network communication when the device is in Connected standby mode.
0xFFFF0xFFFF HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_UNKNOWNHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_UNKNOWN DHA CSP 由于未知原因失败,不太可能发生此错误。DHA-CSP failed due to an unknown reason, this error is highly unlikely to occur.
400400 Bad_Request_From_ClientBad_Request_From_Client DHA-CSP 收到错误 (错误) 证明请求。DHA-CSP has received a bad (malformed) attestation request.
404404 Endpoint_Not_ReachableEndpoint_Not_Reachable DHA-Service DHA-CSP 无法到达DHA-Service is not reachable by DHA-CSP

DHA-Report V3 架构DHA-Report V3 schema

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
           xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validation/response/v3"
           targetNamespace="http://schemas.microsoft.com/windows/security/healthcertificate/validation/response/v3"
           elementFormDefault="qualified">

    <xs:element name="HealthCertificateValidationResponse" type="HealthCertificateValidationResponse_T"/>
    <xs:complexType name="ResponseCommon_T">
        <xs:attribute name="ErrorCode" type="xs:int" use="required"/>
        <xs:attribute name="ErrorMessage" type="xs:string" use="required"/>
        <xs:attribute name="ProtocolVersion" use="required">
          <xs:simpleType>
            <xs:restriction base="xs:int">
              <xs:minInclusive value="3"/>
            </xs:restriction>
          </xs:simpleType>
        </xs:attribute>
    </xs:complexType>
    <xs:complexType name="HealthCertificatePublicProperties_T">
        <xs:annotation>
            <xs:documentation>Health certificate non machine identifiable properties </xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="Issued"                       type="xs:dateTime"/>
            <xs:element name="AIKPresent"                   type="Boolean_T" />
            <xs:element name="ResetCount"                   type="xs:unsignedInt"/>
            <xs:element name="RestartCount"                 type="xs:unsignedInt"/>
            <xs:element name="DEPPolicy"                    type="xs:unsignedInt"/>
            <xs:element name="BitlockerStatus"              type="xs:unsignedInt"/>
            <xs:element name="BootManagerRevListVersion"    type="xs:unsignedInt"/>
            <xs:element name="CodeIntegrityRevListVersion"  type="xs:unsignedInt"/>
            <xs:element name="SecureBootEnabled"            type="Boolean_T"/>
            <xs:element name="BootDebuggingEnabled"         type="Boolean_T"/>
            <xs:element name="OSKernelDebuggingEnabled"     type="Boolean_T"/>
            <xs:element name="CodeIntegrityEnabled"         type="Boolean_T"/>
            <xs:element name="TestSigningEnabled"           type="Boolean_T"/>
            <xs:element name="SafeMode"                     type="Boolean_T"/>
            <xs:element name="WinPE"                        type="Boolean_T"/>
            <xs:element name="ELAMDriverLoaded"             type="Boolean_T"/>
            <xs:element name="VSMEnabled"                   type="Boolean_T"/>
            <xs:element name="PCRHashAlgorithmID"           type="xs:unsignedInt"/>
            <xs:element name="BootAppSVN"                   type="xs:unsignedInt"/>
            <xs:element name="BootManagerSVN"               type="xs:unsignedInt"/>
            <xs:element name="TpmVersion"                   type="xs:unsignedInt"/>
            <xs:element name="PCR0"                         type="xs:hexBinary"/>
            <xs:element name="CIPolicy"                     type="xs:hexBinary" minOccurs ="0" maxOccurs ="1"/>
            <xs:element name="SBCPHash"                     type="xs:hexBinary" minOccurs ="0" maxOccurs ="1"/>
            <xs:element name="BootRevListInfo"              type="xs:hexBinary" minOccurs ="0" maxOccurs ="1"/>
            <xs:element name="OSRevListInfo"                type="xs:hexBinary" minOccurs ="0" maxOccurs ="1"/>

          <!--
<xs:element name="PCRCount"                     type="xs:unsignedInt"/>
<xs:element name="PCRSize"                      type="xs:unsignedShort"/>
<xs:element name="PCRHashAlgorithmID"           type="xs:unsignedShort"/>

<xs:element name="PCR"                          type="xs:hexBinary"/>
            -->
        </xs:sequence>
    </xs:complexType>

    <xs:complexType name="HealthStatusMismatchFlags_T">
        <xs:annotation>
            <xs:documentation>If there's a status mismatch, these flags will be set</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <!-- Hibernate/Resume count -->
            <xs:element name="ResumeCount"                   type="Boolean_T"/>
            <!-- Reboot count -->
            <xs:element name="RebootCount"                   type="Boolean_T"/> 
            <xs:element name="PCR"                           type="Boolean_T"/>
            <xs:element name="BootAppSVN"                   type="Boolean_T"/>
            <xs:element name="BootManagerSVNChain"           type="Boolean_T"/>
            <xs:element name="BootAppSVNChain"              type="Boolean_T"/>
        </xs:sequence>
    </xs:complexType>

    <xs:complexType name="HealthCertificateValidationResponse_T" >
        <xs:annotation>
            <xs:documentation>Health certificate validation response </xs:documentation>
        </xs:annotation>
        <xs:complexContent>
            <xs:extension base="ResponseCommon_T">
<xs:sequence>
    <!--Optional element, present only when the certificate can be verified and decrypted-->
    <xs:element name="HealthCertificateProperties"  type="HealthCertificatePublicProperties_T"  minOccurs="0"/>
    <!--Optional element, present only when the reason for a validation failure is a mismatch between the 
                    current health state and the certificate health state-->
    <xs:element name="HealthStatusMismatchFlags"       type="HealthStatusMismatchFlags_T"             minOccurs="0"/>
</xs:sequence>
            </xs:extension>
        </xs:complexContent>
    </xs:complexType>
    <xs:simpleType name="Boolean_T">
        <xs:restriction base="xs:boolean">
            <xs:pattern value="true|false"/>
        </xs:restriction>
    </xs:simpleType>
</xs:schema>

DHA-Report示例DHA-Report example

<?xml version="1.0" encoding="utf-8"?>
<HealthCertificateValidationResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ErrorCode="0" ProtocolVersion="0"
xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validation/response/v3">
<HealthCertificateProperties>
     <Issued>2016-10-21T02:12:58.6656577Z</Issued>
     <AIKPresent>false</AIKPresent>
     <ResetCount>2107533174</ResetCount>
     <RestartCount>2749041230</RestartCount>
     <DEPPolicy>0</DEPPolicy>
     <BitlockerStatus>0</BitlockerStatus>
     <BootManagerRevListVersion>0</BootManagerRevListVersion>
     <CodeIntegrityRevListVersion>0</CodeIntegrityRevListVersion>
     <SecureBootEnabled>false</SecureBootEnabled>
     <BootDebuggingEnabled>false</BootDebuggingEnabled>
     <OSKernelDebuggingEnabled>false</OSKernelDebuggingEnabled>
     <CodeIntegrityEnabled>true</CodeIntegrityEnabled>
     <TestSigningEnabled>true</TestSigningEnabled>
     <SafeMode>false</SafeMode>
     <WinPE>false</WinPE>
     <ELAMDriverLoaded>true</ELAMDriverLoaded>
     <VSMEnabled>false</VSMEnabled>
     <PCRHashAlgorithmID>0</PCRHashAlgorithmID>
     <BootAppSVN>1</BootAppSVN>
     <BootManagerSVN>1</BootManagerSVN>
     <TpmVersion>2</TpmVersion>
     <PCR0>4ACCBE0ADB9627FFD6285C2E06EC5AC59ABF62C7</PCR0> 
     <CIPolicy>00000000000001001A000B00200000005300690050006F006C006900630079002E007000370062000000A4BF7EF05585876A61CBFF7CAE8123BE756D58B1BBE04F9719D15D6271514CF5</CIPolicy>
     <BootRevListInfo>005D447A7CC6D101200000000B00CBB56E8B19267E24A2986C4A616CCB58B4D53F6020AC8FD5FC205C20F2AB00BC</BootRevListInfo>
     <OSRevListInfo>8073EEA7F8FAD001200000000B00A8285B04DE618ACF4174C59F07AECC002D11DD7D97FA5D464F190C9D9E3479BA</OSRevListInfo>
 </HealthCertificateProperties>
</HealthCertificateValidationResponse>

配置服务提供程序参考Configuration service provider reference