Apple Managed Device Attestation

Apple Managed Device Attestation allows KACE Cloud to request and validate an attestation certificate during inventory. Supported device types include:

• iOS 16 or later (A11 Bionic chip or later only)
• macOS 14 or later (Apple silicon only)
• tvOS 16 or later (A11 Bionic chip or later only)

Both DEP-enrolled and manually enrolled devices are supported.

Upon receiving a certificate, KACE Cloud verifies that it is correctly signed by Apple's Attestation Root CA and that it includes the device’s serial number.

Attestation results appear in the device security card.

The device details section has more information and the certificate can be downloaded for inspection.

If a device does not support attestation, only the Validated by Apple Attestation and Apple Attestation Errors fields are shown.