Explore Device Health Attestation, a new feature in Windows 10. Employ policies that check for device boot attributes like TPM chips and BitLocker, to protect the internal network from outside computers that are unhealthy or do not meet network requirements. Device Health Attestation is a new server role that will be available in Windows Server 2016.
- [Narrator] The health of client computers is a big concern for enterprises. Threats are everywhere, and include the familiar malware and physical attacks. There are viruses that spread through enterprises via email and other sources too. But there are persistent attacks as well, from hackers that target companies around the clock, day after day, month after month, and perhaps even year after year. As a result, companies spend a lot of time, effort, and money keeping their infrastructure secure. In previous videos in this course, I've talked about some of the newest security technologies Microsoft offers, and that companies are exploring, including Device Registration, Device Guard, and Credential Manager.
Here I'll introduce one more: Health Attestation. Health Attestation came about as the result of a change in thought regarding security. In the past, companies including Microsoft have focused on preventing security breaches. In this new era of persistent threats, the focus shifts to assuming breaches have already happened. Health Attestation is the process of measuring the health of a device during the boot process. If the computer is healthy, that computer can join the network and access resources on it.
If not, the user will be informed as to the reasons why. It might be because BitLocker, our secure boot, isn't enabled. But it can be other things. The network administrator configures the compliance requirements, so those requirements will vary. Secure Boot, Measured Boot, Trusted Boot, and more are options. BitLocker or TPM can be required as well. The Device Health Attestation Service, also called DHA, is used to validate device health.
There are three options. DHA cloud service is managed by Microsoft, and is free. DHA on-premises service is a new server role introduced in Windows Server 2016 technical preview five, and it's also free to users that have a valid Windows Server 2016 license. DHA Azure cloud service is available in Microsoft Azure. Enterprises will need a virtual host and licenses for the DHA on-premises service.
The DHA service integrates with MDM solutions, and collects information regarding device health, and creates reports. You can learn more about health attestation from TechNet here, among other places.
Note: The course also maps to the third part of MCSA exam 70-698, Installing and Configuring Windows 10. Taking this course will prepare you for objectives in the Manage and Maintain Windows domain of the test.
- Configuring Windows Update
- Updating Windows apps
- Reviewing event logs
- Using Resource Monitor and Performance Monitor
- Managing security with Windows Defender
- Creating a recovery drive
- Restoring and recovering files
- Recovering the OS with Windows Recovery
- Configuring authorization and authentication
- Securing Windows 10 with passwords
- Joining workgroups and domains
- Creating and using accounts
- Automating tasks with PowerShell