What are device health services?
Device health services (DHS) is a set of APIs that allow you to query the health and status of devices in your organization. You can use the DHS to monitor your devices’ state, receive alerts when a device encounters an error, and troubleshoot issues.
DHS also includes APIs for managing firmware updates and security policies.
DHS is available in the Azure portal and the Microsoft Graph.
Monitoring Device Health with DHS
Table of Contents
The following diagram shows how you can use DHS to manage firmware updates for devices in your organization.
How DHS works?
In this scenario, a new device is added to the organization and registered with the Device Health service. The new device automatically retrieves its security policy from Azure Active Directory (Azure AD) and sends it to the Device Guard feature in Windows.
In this example, because no software update policies have been configured yet, Deployment Image Servicing and Management (DISM or Dism for short) is used to install an available update package on the device after confirming that there are no known issues with it.
This process requires administrator credentials that were previously stored in a secure location within the device’s registry known only by DHS during registration of the managed code application that performs this task.
This process is repeated from a different device with an additional security policy. In this case, the Dism executable checks for any currently installed security policy updates and then downloads and installs an available update package if one exists.
This process requires administrator credentials that were previously stored in a secure location within the registry known only by DHS during registration of the managed code application that performs this task.
How do I get started with DHS?
To get started with DHS, you first need to create a Device Health service instance. This is where you store information about the devices you want to monitor. You then add widgets to this instance by using the Add-Device cmdlet. Once you have added a machine, you can then query its health status and receive alerts when there is a problem.
What are the benefits of using DHS?
The benefits of using DHS include:
– Monitoring the health of your devices
– Receiving alerts when a device encounters an error
– Troubleshooting issues
– Managing firmware updates
– Managing security policies for your devices.
In addition to the benefits listed above, This can help ensure that your devices are kept up-to-date with the latest security patches and features.
Devise health service is used for?
1) Monitor the health of your devices and detect issues that might result in downtime, data loss, or security breaches.
2) Receive alerts when a device encounters an error and take corrective action to identify and resolve the issue before it affects users or operations.
3) Troubleshoot issues by reviewing past health history and generating diagnostic information for further analysis.
4) Manage firmware updates- DHS includes APIs for managing firmware updates to ensure all devices are running the latest versions.
5) Manage security policies using Azure AD & Microsoft Intune: you can use DHS to manage security policies (e.g., Verify Integrity of Applications, Secure Boot), which makes it easier to manage security policy compliance for Windows devices.
Device Health Services can help you manage the security of your devices and keep them up-to-date with the latest security features and patches. Create a Device Health service instance and add your widgets to get started.
You can then use the APIs provided by DHS to manage firmware updates and security policies for your devices. For more information, see the Device Health Services documentation.
If you’re looking for a way to keep your devices healthy and updated with the latest security features, consider using Device Health Services (DHS).
DHS is a cloud-based service that allows you to monitor the health of your devices and receive alerts when they encounter an error.
Does that mean DHS is not used for health monitoring only?
No, Device Health Services can also be used to manage security policies for your devices. You can use DHS to verify the integrity of applications, enable Secure Boot, and more. For more information, see the Device Health Services documentation.
Now that you know what Device Health Services can do, let’s look at how you can start using it. The first step is creating a Device Health service instance.
Some more uses of DHS
TRACKING & REPORTING – Get detailed information on each device, the operating system and applications installed, and their respective statuses. This information can be used to generate reports on the health of your fleet or individual devices.
SUPPORTED BY MICROSOFT – Device Health Services is a Microsoft product fully supported by Microsoft. You can contact Microsoft for help if you encounter any problems.
FREE TO USE – Device Health Services is free to use. There are no licensing fees or subscription costs.
EASY TO USE – Device Health Services is easy to use. Create a Device Health service instance and add devices using the Add-Device cmdlet. Once you’ve added your devices, you can start using DHS APIs to monitor health and receive alerts, as well as manage security policies for your devices.