裝置健康證明Device Health Attestation

適用於:Windows Server 2016Applies To: Windows Server 2016

在 Windows 10 版本 1507,裝置健康證明 (DHA) 包含下列動作:Introduced in Windows 10, version 1507, Device Health Attestation (DHA) included the following:

  • 整合的 Windows 10 行動裝置管理 (MDM) 架構,以配合開放行動聯盟 (OMA) 標準Integrates with Windows 10 Mobile Device Management (MDM) framework in alignment with Open Mobile Alliance (OMA) standards.

  • 支援的裝置已信賴模組平台 (TPM) 提供給在不同的格式或韌體。Supports devices that have a Trusted Module Platform (TPM) provisioned in a firmware or discrete format.

  • 可讓企業增加硬體組織的安全性監視和 attested 最少使用的安全性或不會影響作業成本。Enables enterprises to raise the security bar of their organization to hardware monitored and attested security, with minimal or no impact on operation cost.

開始使用 Windows Server 2016,您現在可以執行 DHA 服務伺服器角色與在組織中。Starting with Windows Server 2016, you can now run the DHA service as a server role within your organization. 使用本主題以了解如何安裝及設定裝置健康證明伺服器角色。Use this topic to learn how to install and configure the Device Health Attestation server role.

概觀Overview

您可以使用 DHA 評估裝置健康適用於:You can use DHA to assess device health for:

  • TPM 1.2 或 2.0 支援的 Windows 10 和「Windows 10 行動裝置版的裝置。Windows 10 and Windows 10 Mobile devices that support TPM 1.2 or 2.0.
  • 先由使用 Active Directory 具有網際網路存取權,裝置使用 Active Directory 網際網路存取,而混合使用 Azure Active Directory 和 Active Directory 部署的 Azure Active Directory,受管理的裝置所管理的裝置。On-premises devices that are managed by using Active Directory with Internet access, devices that are managed by using Active Directory without Internet access, devices managed by Azure Active Directory , or a hybrid deployment using both Active Directory and Azure Active Directory.

DHA 服務DHA service

DHA 服務驗證 TPM 和 PCR 登的裝置,然後問題 DHA 報告。The DHA service validates the TPM and PCR logs for a device and then issues a DHA report. Microsoft 提供 DHA 服務三種方式:Microsoft offers the DHA service in three ways:

  • DHA 雲端服務A Microsoft 管理 DHA 服務,可免費、地理-負載平衡,以及適用於存取來自不同地區的世界最佳化。DHA cloud service A Microsoft-managed DHA service that is free, geo-load-balanced, and optimized for access from different regions of the world.

  • DHA 先服務在 Windows Server 2016 中引進了新的伺服器角色。DHA on-premises service A new server role introduced in Windows Server 2016. 可用來針對 Windows Server 2016 授權已使用。It's available for free to customers that have a Windows Server 2016 license.

  • DHA Azure 雲端服務Microsoft Azure virtual 主機。DHA Azure cloud service A virtual host in Microsoft Azure. 若要這樣做,您需要 virtual 主機和授權 DHA 先服務。To do this, you need a virtual host and licenses for the DHA on-premises service.

DHA 服務整合 MDM 方案,並提供下列動作:The DHA service integrates with MDM solutions and provides the following:

  • 結合時收到 DHA 報告(透過現有裝置管理的通訊通道)裝置的資訊Combine the info they receive from devices (through existing device management communication channels) with the DHA report
  • 決定更安全且信賴的安全性,根據硬體 attested 和受保護的資料Make a more secure and trusted security decision, based on hardware attested and protected data

以下是範例顯示如何使用 DHA 可協助您提高資產您組織的安全性防護列。Here's an example that shows how you can use DHA to help raise the security protection bar for your organization's assets.

  1. 您建立的原則,以檢查下列開機設定日屬性:You create a policy that checks the following boot configuration/attributes:
    • 安全開機Secure Boot
    • BitLockerBitLocker
    • ELAMELAM
  2. 執行這項原則 MDM 方案,以及修正動作,根據 DHA 報告資料觸發程序。The MDM solution enforces this policy and triggers a corrective action based on the DHA report data. 例如,它可能驗證:For example, it could verify the following:
    • 安全開機的功能、裝置載入受信任的程式碼是正版,並不竄改 Windows 開機 loader。Secure Boot was enabled, the device loaded trusted code that is authentic, and the Windows boot loader was not tampered with.
    • 信任的成功驗證開機的 Windows 核心和元件載入時開始使用裝置的數位簽章。Trusted Boot successfully verified the digital signature of the Windows kernel and the components that were loaded while the device started.
    • 測量的開機建立 TPM 受稽核可能會遠端驗證。Measured Boot created a TPM-protected audit trail that could be verified remotely.
    • BitLocker 已功能,並使其裝置已被時保護資料關閉。BitLocker was enabled and that it protected the data when the device was turned off.
    • ELAM 已功能的早期開機階段及監視執行階段。ELAM was enabled at early boot stages and is monitoring the runtime.

DHA 雲端服務DHA cloud service

DHA 雲端服務提供下列優點:The DHA cloud service provides the following benefits:

  • 審查 TCG 和 PCR 裝置開機登收到從已退出 MDM 方案的裝置。Reviews the TCG and PCR device boot logs it receives from a device that is enrolled with an MDM solution.
  • 建立竄改防並防明顯報告(DHA 報告),描述裝置如何開始使用根據受裝置的 TPM 晶片,所收集的資料。Creates a tamper resistant and tamper evident report (DHA report) that describes how the device started based on data that is collected and protected by a device's TPM chip.
  • MDM 伺服器要求受保護的通訊通道報告傳送 DHA 報告。Delivers the DHA report to the MDM server that requested the report in a protected communication channel.

DHA 先服務DHA on-premises service

DHA 先服務提供提供 DHA 雲端服務的所有功能。The DHA on-premises service offer all the capabilities that are offered by DHA cloud service. 它也會讓針對到:It also enables customers to:

  • 將效能最佳化 DHA 服務執行資料中心Optimize performance by running DHA service in your own data center
  • 請確定 DHA 報告不會讓您的網路Ensure that the DHA report does not leave your network

DHA Azure 雲端服務DHA Azure cloud service

這項服務提供 DHA 先服務,相同的功能,除了 DHA Azure 雲端服務執行中 Microsoft Azure virtual 主機。This service provides the same functionality as the DHA on-premises service, except that the DHA Azure cloud service runs as a virtual host in Microsoft Azure.

DHA 驗證模式DHA validation modes

您可以設定 DHA 先服務 EKCert 或 AIKCert 驗證模式執行。You can set up the DHA on-premises service to run in either EKCert or AIKCert validation mode. 當 DHA 服務問題報告時,表示它已發行 AIKCert 或 EKCert 驗證模式。When the DHA service issues a report, it indicates if it was issued in AIKCert or EKCert validation mode. AIKCert 和 EKCert 驗證模式提供的相同的安全性保證,只要信任 EKCert 鏈處於最新狀態。AIKCert and EKCert validation modes offer the same security assurance as long as the EKCert chain of trust is kept up-to-date.

EKCert 驗證模式EKCert validation mode

EKCert 驗證模式最適合裝置在組織中未連接到網際網路。EKCert validation mode is optimized for devices in organizations that are not connected to the Internet. 裝置連接到執行 EKCert 驗證模式中的 DHA 服務執行能直接存取網際網路。Devices connecting to a DHA service running in EKCert validation mode do not have direct access to the Internet.

DHA EKCert 驗證模式中執行時,它會依賴不定期的更新 (約 5-每 10 年倍) 必須信任管理企業鏈結。When DHA is running in EKCert validation mode, it relies on an enterprise managed chain of trust that needs to updated occasionally (approximately 5 - 10 times per year).

Microsoft 發行的受信任的根和中繼 CA 核准 TPM 製造商彙總的套件(推出時)在公開保存在.cab 保存。Microsoft publishes aggregated packages of trusted Roots and intermediate CA's for approved TPM manufacturers (as they become available) in a publicly accessible archive in .cab archive. 您需要下載摘要、驗證其完整性,以及執行裝置健康證明的伺服器上安裝它。You need to download the feed, validate its integrity, and install it on the server running Device Health Attestation.

範例保存是http://tpmsec.microsoft.com/OnPremisesDHA/TrustedTPM.cabAn example archive is http://tpmsec.microsoft.com/OnPremisesDHA/TrustedTPM.cab.

AIKCert 驗證模式AIKCert validation mode

AIKCert 驗證模式最適合作業環境具有網際網路存取權。AIKCert Validation Mode is optimized for operational environments that do have access to the Internet. 裝置連接到執行 AIKCert 驗證模式中的 DHA 服務必須直接存取網際網路,無法取得 Microsoft 的 AIK 憑證。Devices connecting to a DHA service running in AIKCert validation mode must have direct access to the Internet and are able to get an AIK certificate from Microsoft.

安裝和 Windows Server 2016 上設定 DHA 服務Install and configure the DHA service on Windows Server 2016

使用下列的各節取得 DHA 安裝和 Windows Server 2016 上的設定。Use the following sections to get DHA installed and configured on Windows Server 2016.

必要條件Prerequisites

設定並確認 DHA 先服務,您必須:In order to set up and verify a DHA on-premises service, you need:

  • 執行 Windows Server 2016 的伺服器。A server running Windows Server 2016.
  • TPM(1.2 或 2.0)可在執行最新的 Windows 測試人員準備好清除日狀態的一(或多個)Windows 10 client 裝置組建。One (or more) Windows 10 client devices with a TPM (either 1.2 or 2.0) that is in a clear/ready state running the latest Windows Insider build.
  • 如果您要用來執行 EKCert 或 AIKCert 驗證模式中的選擇。Decide if you are going to run in EKCert or AIKCert validation mode.
  • 以下的憑證:The following certificates:
    • DHA SSL 憑證到企業受信任的根鏈結匯出私密金鑰 x.509 SSL 憑證。DHA SSL certificate An x.509 SSL certificate that chains to an enterprise trusted root with an exportable private key. 這個憑證保護 DHA 資料通訊傳輸包括伺服器(DHA 服務和 MDM 伺服器)和伺服器通訊 client(DHA 服務及 Windows 10 的裝置)。This certificate protects DHA data communications in transit including server to server (DHA service and MDM server) and server to client (DHA service and a Windows 10 device) communications.
    • DHA 專屬的簽署憑證x.509 匯出私密金鑰鏈結到企業受信任的根憑證。DHA signing certificate An x.509 certificate that chains to an enterprise trusted root with an exportable private key. DHA 服務會使用此憑證的數位簽章。The DHA service uses this certificate for digital signing.
    • DHA 加密憑證x.509 匯出私密金鑰鏈結到企業受信任的根憑證。DHA encryption certificate An x.509 certificate that chains to an enterprise trusted root with an exportable private key. DHA 服務也會使用此憑證的加密。The DHA service also uses this certificate for encryption.

安裝 Windows Server 2016Install Windows Server 2016

安裝 Windows Server 2016 使用您的慣用的安裝方法,Windows 部署服務,例如或執行安裝程式可開機媒體、USB 磁碟機或在本機檔案系統。Install Windows Server 2016 using your preferred installation method, such as Windows Deployment Services, or running the installer from bootable media, a USB drive, or the local file system. 如果這是您所設定的 DHA 先服務第一次,應該安裝 Windows Server 2016 使用桌面體驗安裝選項。If this is the first time you are configuring the DHA on-premises service, you should install Windows Server 2016 using the Desktop Experience installation option.

新增裝置健康證明伺服器角色Add the Device Health Attestation server role

您可以藉由伺服器管理員安裝裝置健康證明伺服器角色及其相依性。You can install the Device Health Attestation server role and its dependencies by using Server Manager.

您已安裝 Windows Server 2016 之後,裝置重新開機,開啟伺服器管理員。After you've installed Windows Server 2016, the device restarts and opens Server Manager. 如果在伺服器管理員不會自動開始,請按一下[開始],然後按一下 [伺服器管理員If Server manager doesn't start automatically, click Start, and then click Server Manager.

  1. 按一下新增角色與功能Click Add roles and features.
  2. 在您開始之前頁面上,按一下 [On the Before you begin page, click Next.
  3. 選取 [安裝類型頁面上,按一下 [以角色為基礎,或為基礎的功能的安裝,然後按一下 [下一步On the Select installation type page, click Role-based or feature-based installation, and then click Next.
  4. 選擇目的伺服器頁面上,按一下 [選取伺服器伺服器集區的,選取 [伺服器],然後按一下下一步On the Select destination server page, click Select a server from the server pool, select the server, and then click Next.
  5. 選擇伺服器角色頁面上,選取 [裝置健康證明核取方塊。On the Select server roles page, select the Device Health Attestation check box.
  6. 按一下[新增功能來安裝其他所需的角色服務及功能。Click Add Features to install other required role services and features.
  7. 按一下下一步Click Next.
  8. 選擇功能頁面上,按一下 [On the Select features page, click Next.
  9. 網頁伺服器角色 (IIS)頁面上,按On the Web Server Role (IIS) page, click Next.
  10. 選擇角色服務頁面上,按一下 [On the Select role services page, click Next.
  11. 裝置健康證明服務頁面上,按一下 [On the Device Health Attestation Service page, click Next.
  12. 確認安裝選項頁面上,按安裝On the Confirm installation selections page, click Install.
  13. 安裝完成時,按關閉When the installation is done, click Close.

簽署及加密憑證安裝Install the signing and encryption certificates

使用下列 Windows PowerShell 指令碼以安裝簽署及加密憑證。Using the following Windows PowerShell script to install the signing and encryption certificates. 如需指紋的詳細資訊,請查看的方式:擷取的憑證指紋For more information about the thumbprint, see How to: Retrieve the Thumbprint of a Certificate.

$key = Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Thumbprint -like "<thumbprint>"}
$keyname = $key.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$keypath = $env:ProgramData + "\Microsoft\Crypto\RSA\MachineKeys\" + $keyname
icacls $keypath /grant <username>`:R

#<thumbprint>: Certificate thumbprint for encryption certificate or signing certificate
#<username>: Username for web service app pool, by default IIS_IUSRS

安裝受信任的 TPM 根憑證套件Install the trusted TPM roots certificate package

若要安裝的受信任的 TPM 根憑證套件,您必須將它、移除所有信任的鏈結由您的組織,不受信任,然後執行 [setup.cmd。To install the trusted TPM roots certificate package, you must extract it, remove any trusted chains that are not trusted by your organization, and then run setup.cmd.

下載受信任的 TPM 根憑證套件Download the trusted TPM roots certificate package

安裝套件的憑證之前,您可以下載最新的來自信任的 TPM 根清單http://tpmsec.microsoft.com/OnPremisesDHA/TrustedTPM.cabBefore you install the certificate package, you can download the latest list of trusted TPM roots from http://tpmsec.microsoft.com/OnPremisesDHA/TrustedTPM.cab.

重要事項:安裝套件,請先確認它以數位簽署 Microsoft。Important: Before installing the package, verify that it is digitally signed by Microsoft.

擷取的受信任的憑證套件Extract the trusted certificate package

執行下列命令解壓縮受信任的憑證套件。Extract the trusted certificate package by running the following commands.

mkdir .\TrustedTpm
expand -F:* .\TrustedTpm.cab .\TrustedTpm

移除信任鏈結 TPM 廠商的受組織(選擇性)Remove the trust chains for TPM vendors that are not trusted by your organization (Optional)

Delete 任何不由您的組織受信任的 TPM 廠商信任鏈結的資料夾。Delete the folders for any TPM vendor trust chains that are not trusted by your organization.

注意: Microsoft 資料夾使用 AIK 憑證模式下,如果需要驗證 Microsoft 發出 AIK 憑證。Note: If using AIK Certificate mode, the Microsoft folder is required to validate Microsoft issued AIK certificates.

安裝受信任的憑證套件Install the trusted certificate package

從.cab 執行安裝指令碼安裝受信任的憑證套件。Install the trusted certificate package by running the setup script from the .cab file.

.\setup.cmd

設定裝置健康證明服務Configure the Device Health Attestation service

您可以使用 Windows PowerShell 來設定 DHA 先服務。You can use Windows PowerShell to configure the DHA on-premises service.

Install-DeviceHealthAttestation -EncryptionCertificateThumbprint <encryption> -SigningCertificateThumbprint <signing> -SslCertificateStoreName My -SslCertificateThumbprint <ssl> -SupportedAuthenticationSchema "<schema>"

#<encryption>: Thumbprint of the encryption certificate
#<signing>: Thumbprint of the signing certificate
#<ssl>: Thumbprint of the SSL certificate
#<schema>: Comma-delimited list of supported schemas including AikCertificate, EkCertificate, and AikPub

設定的憑證鏈結原則Configure the certificate chain policy

將憑證鏈結原則設定,執行下列 Windows PowerShell 指令碼。Configure the certificate chain policy by running the following Windows PowerShell script.

$policy = Get-DHASCertificateChainPolicy
$policy.RevocationMode = "NoCheck"
Set-DHASCertificateChainPolicy -CertificateChainPolicy $policy

DHA 管理命令DHA management commands

以下是 Windows PowerShell 範例可協助您管理 DHA 服務。Here are some Windows PowerShell examples that can help you manage the DHA service.

設定 DHA 服務第一次Configure the DHA service for the first time

Install-DeviceHealthAttestation -SigningCertificateThumbprint "<HEX>" -EncryptionCertificateThumbprint "<HEX>" -SslCertificateThumbprint "<HEX>" -Force

移除 DHA 服務設定Remove the DHA service configuration

Uninstall-DeviceHealthAttestation -RemoveSslBinding -Force

取得使用專屬的簽署憑證Get the active signing certificate

Get-DHASActiveSigningCertificate

設定「active 專屬的簽署憑證Set the active signing certificate

Set-DHASActiveSigningCertificate -Thumbprint "<hex>" -Force

注意:這個憑證必須部署 DHA 服務執行的伺服器上LocalMachine\My憑證存放區。Note: This certificate must be deployed on the server running the DHA service in the LocalMachine\My certificate store. 使用中的專屬的簽署憑證設定時,使用現有專屬的簽署憑證移到非使用中的簽署憑證的清單。When the active signing certificate is set, the existing active signing certificate is moved to the list of inactive signing certificates.

非使用中的簽署憑證的清單List the inactive signing certificates

Get-DHASInactiveSigningCertificates

移除所有非使用中的專屬的簽署憑證Remove any inactive signing certificates

Remove-DHASInactiveSigningCertificates -Force
Remove-DHASInactiveSigningCertificates  -Thumbprint "<hex>" -Force

注意:(的任何類型)非使用中的憑證可能會在任何時候存在於服務。Note: Only one inactive certificate (of any type) may exist in the service at any time. 憑證應該之後已不再需要的非使用中的憑證清單中移除。Certificates should be removed from the list of inactive certificates once they are no longer required.

取得使用中的加密憑證Get the active encryption certificate

Get-DHASActiveEncryptionCertificate

設定的使用中的加密憑證Set the active encryption certificate

Set-DHASActiveEncryptionCertificate -Thumbprint "<hex>" -Force

您必須在裝置上部署憑證LocalMachine\My憑證存放區。The certificate must be deployed on the device in the LocalMachine\My certificate store.

使用中的加密憑證設定時,使用現有的作用中的加密憑證移到非使用中的加密憑證的清單。When the active encryption certificate is set, the existing active encryption certificate is moved to the list of inactive encryption certificates.

非使用中的加密憑證的清單List the inactive encryption certificates

Get-DHASInactiveEncryptionCertificates

移除所有非使用中的加密憑證Remove any inactive encryption certificates

Remove-DHASInactiveEncryptionCertificates -Force
Remove-DHASInactiveEncryptionCertificates -Thumbprint "<hex>" -Force 

取得 X509ChainPolicy 設定Get the X509ChainPolicy configuration

Get-DHASCertificateChainPolicy

變更 X509ChainPolicy 設定Change the X509ChainPolicy configuration

$certificateChainPolicy = Get-DHASInactiveEncryptionCertificates
$certificateChainPolicy.RevocationFlag = <X509RevocationFlag>
$certificateChainPolicy.RevocationMode = <X509RevocationMode>
$certificateChainPolicy.VerificationFlags = <X509VerificationFlags>
$certificateChainPolicy.UrlRetrievalTimeout = <TimeSpan>
Set-DHASCertificateChainPolicy = $certificateChainPolicy

DHA 服務報告DHA service reporting

以下是一份郵件回報 DHA 服務 MDM 方案:The following are a list of messages that are reported by the DHA service to the MDM solution:

  • 200 HTTP [確定]。200 HTTP OK. 憑證會傳回。The certificate is returned.
  • 400錯誤的要求。400 Bad request. 格式不正確的要求,健康無效的憑證,並不會憑證簽章相符項目、無效健康證明 Blob 或不正確的健康狀態 Blob。Invalid request format, invalid health certificate, certificate signature does not match, invalid Health Attestation Blob, or an invalid Health Status Blob. 回應也包含訊息,依回應區結構描述與錯誤碼的錯誤訊息,可用於診斷所述。The response also contains a message, as described by the response schema, with an error code and an error message that can be used for diagnostics.
  • 500內部伺服器錯誤。500 Internal server error. 如果這情形避免服務發行憑證的問題。This can happen if there are issues that prevent the service from issuing certificates.
  • 503 Throttling 拒絕要求,以防止載伺服器。503 Throttling is rejecting requests to prevent server overloading.