Within ConfigMgr Current Branch (1602) a new feature called Health Attestation is available. It can be found in 'Client Settings > Enable communication with Health Attestation Service = Yes' and in 'Monitoring > Security > Health Attestation'.
With Health Attestation lets the administrator ensure that client computers have the following trustworthy BIOS, TPM, and boot software configurations enabled:
-Early-launch antimalware (ELAM) - protects your computer when it starts up and before third-party drivers initialize.
-BitLocker - software that lets you encrypt all data stored on the Windows operating system volume.
-Secure Boot - a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer.
-Code Integrity - a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory.
Very nice to see there's a new dashboard to, which shows the following information:
-Health Attestation Status - share of devices in compliant, noncompliant, error, and unknown states
-Devices Reporting Health Attestation - percentage of devices reporting Health Attestation status
-Noncompliant Devices by Client Type - share of mobile devices and computers that are noncompliant
-Top Missing Health Attestation Settings - number of devices missing the health attestation setting, listed per setting
Unfortunately the functionality is not working yet. Hope it will be available in a later release. Very nice to see new functionality every few months! Microsoft is doing a good job here :-)
Update 5-4: After some time waiting there is something visible now. A mobile device is added, which misses BitLocker and Early-launch antimalware. Not as much as expected.. Hope to see more soon!