Enabling Device Health Attestation in Windows 10
Device Health Attestation (DHA) is a new Windows 10 feature that allows Windows 10 to do a health check to the cloud or to an on-premises server (requires Windows Server 2016) before gaining access to internal resources. It is a new health status that can be used as a rule in Conditional Access for Windows 10 devices.
Note
The compliance policy using DHA status as a rule is only available for Microsoft Intune managed Windows 10 devices for now. If you are managing your Windows 10 devices through the CM client agent, DHA will only be used for reporting.
DHAÂ lets the administrator ensure that client computers have the following trustworthy BIOS, TPM (1.2 or 2.0), and boot software configurations enabled:
Early launch anti-malware: Early launch anti-malware (ELAM) protects your computer when it starts up and before third-party drivers initialize.
BitLocker: Windows BitLocker Drive Encryption is the software that lets you encrypt all data stored...
