To enable configuration of device trust settings, click the Device Trust Enabled toggle. Then, select options.

• Apply Certificate Check On: You can enable a certificate check for desktop and mobile endpoint devices. Select the endpoint platforms to include in the certificate check or accept the default selection of All Platforms.
• Device Trust CA certificate: Select the applicable CA certificate. Certificates are generated and managed from the Certificate Management page of the Management Console.
• Device ID pattern: Enter the string that extracts the device ID from the certificate DN. This provides a pattern identifier for the device.

• Enable CRL check: Click the toggle to enable you to specify a URL from which you can obtain a Certificate Revocation List (CRL). A certificate is considered revoked when it is declared invalid

  before its expiration date. For each revoked certificate, the CRL shows the certificate serial number and the revocation date.

• CRL Check URL: If you have enabled the CRL check, enter the URL for the CRL check.
• Enable MDM Check for Device Posture: Click the toggle to enable Mobile Device Management (MDM) checking. MDM enables administrators to control and secure policies on mobile-device endpoints.