Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Windows 11 to Get Support for Microsoft Azure Attestation Service

Microsoft is getting ready to introduce support for the Microsoft Azure Attestation (MAA) service on Windows 11. The company announced yesterday that the feature will begin rolling out to all commercial customers in mid-August.

Currently, Windows 11 and Windows 10 use the Windows Device Health Attestation (DHA) service for client device attestation. The configuration service provider (CSP) collects boot logs and auditing information from Trusted Platform Module (TPM) on Windows devices. TPM is a hardware-based security component that helps to protect the Windows boot-up process from rootkit or bootkit malware. The device health attestation data is then forwarded to DHA-Enabled mobile device management solutions.

Microsoft explained that the new Azure Attestation service offers a simplified approach to attestation on Windows 11. The unified solution is designed to remotely verify the trustworthiness of a platform. This release will also bring several improvements for mobile device management solutions providers.

“If you set any of the Windows 10/11 Compliance policy – Device Health settings, Windows 11 devices will begin to use a MAA attestation provider based on your Intune tenant location. You may need to ensure there are no firewall policies preventing access to the new Intune MAA attestation providers for Windows 11. Windows 11 devices with assigned compliance policies using any of the device health settings will fall out of compliance if they are unable to reach the MAA attestation endpoints for their location,” Microsoft explained.

Microsoft Azure Attestation service doesn’t support Windows 10

Microsoft only plans to add Azure Attestation support for Windows 11 devices. The company confirmed that this change won’t impact Windows 10 clients, which will continue to use DHA for device health attestation reporting.

Microsoft notes that IT admins will need to ensure that firewall rules don’t block outbound HTTPS/443 traffic to the specific endpoints based on the Intune tenant’s location. You can head to the Intune admin center >> Tenant administration >> Tenant status >> Tenant details to track their tenant location.

by Rabia Noureen
Aug 4, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Upgrade to Windows 11 – The Road Ahead

Nov 28, 2023
What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
How to Configure Windows LAPS in an Azure Active Directory Scenario

May 3, 2023
Jul 17, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.