Configure attestation for
iOS
devices

When you enable attestation for

iOS

devices, it ensures that only authorized and uncompromised devices are being used in your organization. During attestation, the device's properties (for example, its serial number) or identifiers are verified to be legitimate and not spoofed. This feature requires unsupervised devices to be running

iOS

16 or

iPadOS

16.1 or later. For supervised devices,

iOS

17 or

iPadOS

17 or later is required.

In the management console, on the menu bar, click

Settings > General settings > Attestation

Select the

Enable periodic attestation challenges for Apple devices that are running iOS 16 or later

check box.

In the

Challenge frequency

section, specify how often the device must return an attestation response to

UEM

. The minimum challenge frequency is 9 days.

In the

Grace period

section, specify the grace period for devices. When the grace period expires with no successful attestation response, a device is considered out of compliance and is subject to the actions that you specify in the assigned compliance profile.

Click

Save

In the activation profile, specify whether the attestation occurs during device activation and/or periodically. Managed device attestation applies to the

MDM controls

and the

User privacy

activation types, but not the

User privacy - User enrollment

activation type. When you select the

User privacy

activation type in the activation profile, you must select at least one of the management options (such as "Allow VPN management").

In the compliance profile, select the "Managed device attestation failure" rule and specify the compliance actions that you want carried out against devices that fail attestation.

In the management console, you can view a device's attestation status in the device details.

Section:

Configuring attestation for devices

Configure attestation for iOS devices

Configure attestation for
iOS
devices