Security Parameters
The following parameters are checked for compliance by the Health Attestation Service.
Parameter | Description | Compliant Status |
---|---|---|
Early launch anti-malware | Protects computers in your network when they start up and before third-party drivers initialize | Enabled |
Attestation Identity Key (AIK) | Indicates that the device has an endorsement key certificate. | Present on device |
Boot Manager Version | Indicates the version of the Boot Manager and facilitates tracking of the security of the boot sequence and environment | Running latest version |
Code Integrity | Restricts code execution to integrity verified code. | Enabled |
Code Integrity Version | Helps in ensuring latest code is used for performing integrity checks during the boot sequence | Running latest version |
Data Execution Prevention (DEP) | DEP policy defines a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. | Enabled |
Boot debug is disabled |
Indicates a device used for development and testing, which is typically less secure. | Disabled |
Bitlocker Status | Protects data on the device drive from unauthorized access. | Enabled |
OS Kernel Debugging | Indicates a device used for development and testing, which is typically less secure. | Disabled |
Platform Configuration Register[0] | Represents a consistent view of the Host Platform between boot cycles |
|
Safe Mode | Starts your computer in a limited state. | Disabled |
Secure Boot | Forces system to boot to a factory trusted state. | Enabled |
Test Signing | Does not enforce signature validation during boot and allows unsigned drivers to load | Disabled |
Virtual Secure Mode | A container that protects high value assets from a compromised kernel. | Enabled |
Windows Pre-Installation Environment | Minimal operating system with limited services that is used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows Setup. | Disabled |
Code Integrity Policy Hash | Indicates the integrity of the policy that is controlling the security of the boot environment |
|
Secure Boot Configuration Policy (SBCP) Hash | Hash of a custom SBCP |
|