Abstract: A device boots in a secure manner that allows measurements reflecting which components are loaded during booting to be generated. Measurements of such components, as well as of a device management agent and the security state of the device, are also obtained. The device management agent accesses an attestation service for an enterprise, which is a collection of resources managed by a management service. The device management agent provides the obtained measurements to the attestation service, which evaluates the measurements and based on the evaluation determines whether the device is verified for use in the enterprise. The management service uses this verification to ensure that the device management agent is running in a secure manner, is accurately providing indications of the state of the device to the management service, and is implementing policy received from the management service.

Abstract: A device boots in a secure manner that allows measurements reflecting which components are loaded during booting to be generated. Measurements of such components, as well as of a device management agent and the security state of the device, are also obtained. The device management agent accesses an attestation service for an enterprise, which is a collection of resources managed by a management service. The device management agent provides the obtained measurements to the attestation service, which evaluates the measurements and based on the evaluation determines whether the device is verified for use in the enterprise. The management service uses this verification to ensure that the device management agent is running in a secure manner, is accurately providing indications of the state of the device to the management service, and is implementing policy received from the management service.

Abstract: Contextually aware device management techniques are described. Identifying data is provided via a communication connection by a client device to a service provider via a network that is usable by the service provider to identify the client device or functionality of the client device. One or more contexts are received at the client device from the service provider via the network that correspond to the identifying data. Each of the one or more contexts includes management objects along with one or more triggers configured to cause the context to transition to a corresponding one of a plurality of context states and thereby cause performance of one or more actions corresponding to the context state. The one or more contexts are implemented locally by the client device effective to identify and perform the one or more actions corresponding to the context state by the client device based on identification of the one or more triggers without use of network communication by the client device.

Abstract: Contextually aware device management techniques are described. Identifying data is provided via a communication connection by a client device to a service provider via a network that is usable by the service provider to identify the client device or functionality of the client device. One or more contexts are received at the client device from the service provider via the network that correspond to the identifying data. Each of the one or more contexts includes management objects along with one or more triggers configured to cause the context to transition to a corresponding one of a plurality of context states and thereby cause performance of one or more actions corresponding to the context state. The one or more contexts are implemented locally by the client device effective to identify and perform the one or more actions corresponding to the context state by the client device based on identification of the one or more triggers without use of network communication by the client device.