Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
1
Helpful
3
Replies

Posture - 802.1x Wired - Windows 11

Go to solution
matt.w
Level 1
Level 1

‎05-29-2023 03:56 PM

Howdy Guys,

been doing some troubleshooting, and it turns out that Windows 11, in the registry, still actually reports itself as Windows 10 Enterprise, just with a difference Version Number.

So we currently have Posture policy which is set for Win 10 only, but it is being applied to Windows 11 devices and causing issues, as the Firewall check fails and a couple of other requirements.

Is there a way that we can check somewhere, the registry attribute for Windows build version number to ensure that Win 11 does NOT get the posture settings applied? if that makes sense?

Profiling is good, they get set there correctly, but when being postured they are falling into the Win 10 (all) OS selection

We are running ISE 3.0 Patch 6

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎05-29-2023 07:46 PM

If the Win11 PCs are correctly being profiled as Windows11-Workstation, you might try the following.

1. Navigate to Policy > Profiling > Logical Profiles and create a new Logical Profile that matches on the Windows11-Workstation policy (e.g. 'Windows11 Devices')

2. In your Posture policy rule, select the Other Conditions drop-down and select Create New Condition. Define the condition as 'Endpoints:LogicalProfile NOT_EQUALS Windows11 Devices'

This should prevent your profiled Win11 PCs from hitting the rule.

View solution in original post

3 Replies 3

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎05-29-2023 07:46 PM

If the Win11 PCs are correctly being profiled as Windows11-Workstation, you might try the following.

1. Navigate to Policy > Profiling > Logical Profiles and create a new Logical Profile that matches on the Windows11-Workstation policy (e.g. 'Windows11 Devices')

2. In your Posture policy rule, select the Other Conditions drop-down and select Create New Condition. Define the condition as 'Endpoints:LogicalProfile NOT_EQUALS Windows11 Devices'

This should prevent your profiled Win11 PCs from hitting the rule.

Go to solution
mohamed orabi
Level 1
Level 1
In response to Greg Gibbs

‎08-22-2023 02:12 AM

Dear  Greg Gibbs

I have same issue but I didn't find the Windows 11 policy to match it with the logical profile do you have any advice?

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to mohamed orabi

‎08-22-2023 05:15 PM

@mohamed orabi , you should ensure you have a current profiler feed update from the Feed Service 

0 Helpful
Customers Also Viewed These Support Documents