Next to smart lock support for Android, another update that came with the new Microsoft Intune release of January is Health Attestation Reports and the ability to check compliance based on the Health Attestation.
The compliance part I could not find yet but the reports are already there and usable to get a view if your Windows 10 devices are healthy or not.
Also the ability to fully wipe (factory reset) a Windows 10 device is new. Let’s have a look!
A report can be build by going in the Intune Admin Portal to Reports > Health Attestation Reports.
Processing the report result in the following report;
The information listed below is in the report;
| Device name | Tim_WindowsPhone_12/30/2015_6:22 PM |
| Device OS | Unknown |
| BitLocker | Yes |
| Code Integrity | Yes |
| Early Launch Antimalware | No |
| Boot Debugging | No |
| Attestation Identity Key (AIK) | Yes |
| Secure Boot | Yes |
| Data Execution Prevention Policy | 3 |
| Health Certificate Issued | 1/27/2016 13:40 |
| Kernel Debugging | No |
| PCR Value | 0Bxxxxx |
| Reset Count | 0 |
| Restart Count | 1237542219 |
| Safe Mode | No |
| Test Signing | No |
| Virtual Secure Mode (VSM) | No |
| WinPE Environment | No |
| Boot Manager Version | 0 |
| Code Integrity Check Version | 0 |
Update 5/Feb/2016: Next to the reporting, a compliance rule is added to the Compliance Policy in Intune. This way you are able to force that only healthy Windows 10 devices are allowed to connect to company resources.
Also new for Windows 10 support is the ability to completely wipe the device and let it return to the factory default settings.
After the Wipe command the device is rebooted and reset to the factory default like shown below.
