From Cisco ISE Release 3.3, Cisco ISE supports unvalidated versions of operating systems in agent-based and agentless posture workflows. In the earlier releases of Cisco ISE, only the endpoints that ran validated operating systems successfully met posture agent policies.

As a result, endpoints running an unvalidated operating system failed posture agent workflows with the error message, The operating system is not supported by the server.

For information on supported operating systems, see the Compatibility Matrix for your Cisco ISE release.

For example, posture agent flows for endpoints running operating system versions Windows 10 IoT Enterprise LTSC or Mac 14 failed while these operating system versions were not validated. When Cisco ISE validated these versions and the operating system data was published to the Feed Service, posture agents successfully matched these endpoints.

You can download the latest operating system data to Cisco ISE from the Feed Service in the Administration > System > Posture > Updates page of the Cisco ISE administration portal.

From Cisco ISE Release 3.3, unvalidated operating systems are matched to a known operating system listed in the Policy pages (Posture, Requirements, and Conditions pages) of the Cisco ISE administration portal, so that posture agent workflows can be completed successfully. For example, if Mac xx is not validated and an endpoint is running it, a posture agent can now match the endpoint with MacOSX. When Mac xx is validated and published to the Feed Service, and the posture agent runs on the endpoint again, the endpoint is matched with Mac xx. Posture reports display the operating system that an endpoint is matched with.

All the posture agents that are supported by Cisco ISE Release 3.3 are impacted by this change. No other Cisco ISE features, such as BYOD, are impacted.