Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.17
  3. Administration
  4. Managing device features
  5. Managing attestation for devices
  6. Manage attestation for Windows 10 devices

Manage attestation for
Windows 10
 devices

When you turn on attestation,
BlackBerry UEM
 sends challenges to test the authenticity and integrity of
Windows 10
 devices. The device communicates with the
Microsoft
 Health Attestation Service to check for compliance based on settings that you set in your organization’s compliance profile.
The
Windows 10
 attestation settings do not apply to
BlackBerry Desktop
 (
BlackBerry Access
 +
BlackBerry Work
).
  1. On the menu bar, click
    Settings > General settings > Attestation
    .
  2. To turn on attestation for
    Windows 10
     devices, select
    Enable periodic attestation challenges for Windows 10 devices
    .
  3. In the
    Challenge frequency
     section, specify, in days or hours, how often the device must return an attestation response to
    BlackBerry UEM
    .
  4. In the
    Grace period
     section, specify a grace period. After the grace period expires with no successful attestation response, a device is considered non-compliant and the device is subject to the conditions specified in the compliance profile that is assigned to the user. Also to consider, if a user's device is out of coverage, turned off, or has a dead battery, it cannot respond to the attestation challenges that
    BlackBerry UEM
     sends and
    BlackBerry UEM
     will consider the device to be non-compliant. If you have your organization's compliance policy set to wipe the device when it is out of compliance, when the device does not respond before the grace period expires, data on the device will be deleted.
  5. Click
    Save
    .
You can view any compliance violations on the device details page.
Create a compliance profile that specifies the actions that occur when a device is considered rooted. For instructions, see Enforcing compliance rules for devices