Getting started with Windows enrollment attestation

This week is all about adding an additional layer of protection to the enrollment of Windows devices. That additional layer of protection is Windows enrollment attestation. Windows enrollment attestation is focused on making the process of enrolling into Microsoft Intune more secure and trustworthy for Windows devices. It relies on using the Trusted Platform Module (TPM) to store the private keys of the MDM certificate from Microsoft Intune and the access token from Microsoft Entra. That information is attested during the enrollment of Windows devices, making it less prone to tampering. That should provide better protection against attackers that for example steal an Intune MDM certificate. This blog post will start with a brief introduction about Windows enrollment attestation, followed with the central insights and …

Read more