Skip Navigation

Configure attestation for

When you enable attestation for
devices, it ensures that only authorized and uncompromised devices are being used in your organization. During attestation, the device's properties (for example, its serial number) or identifiers are verified to be legitimate and not spoofed. This feature requires unsupervised devices to be running
16 or
16.1 or later. For supervised devices,
17 or
17 or later is required.
  1. In the management console, on the menu bar, click
    Settings > General settings > Attestation
  2. Select the
    Enable periodic attestation challenges for Apple devices that are running iOS 16 or later
    check box.
  3. In the
    Challenge frequency
    section, specify how often the device must return an attestation response to
    . The minimum challenge frequency is 9 days.
  4. In the
    Grace period
    section, specify the grace period for devices. When the grace period expires with no successful attestation response, a device is considered out of compliance and is subject to the actions that you specify in the assigned compliance profile.
  5. Click
  • In the activation profile, specify whether the attestation occurs during device activation and/or periodically. Managed device attestation applies to the
    MDM controls
    and the
    User privacy
    activation types, but not the
    User privacy - User enrollment
    activation type. When you select the
    User privacy
    activation type in the activation profile, you must select at least one of the management options (such as "Allow VPN management").
  • In the compliance profile, select the "Managed device attestation failure" rule and specify the compliance actions that you want carried out against devices that fail attestation.
  • In the management console, you can view a device's attestation status in the device details.