Re: Windows 11 ISE posture

ahmedFawzy · ‎11-03-2025

I configured posture policy which use (windows 10(all)) as operating system criteria. and all posture conditions using windows 10 also. but windows 11 PCs still be scanned for posture.

Note : posture requirements still in audit state.

Can someone explain that behavior.

Aref Alsouqi · ‎11-04-2025

Apologies if I misunderstood your question. You configured posture assessment for Win 10 and it's not working with Win 11, is this what are you asking about? if so, that won't work because it won't match Win 11 machines. You would need to add Win 11 in the conditions similar to what you've done for Win 10.

Waynieack · ‎12-17-2025

What he is saying is that windows 11 is being detected by the ISE posture as windows 10 and even though he only has windows 10 posture rules, windows 11 machines are being postured.

I have the same issue.

Cristian Matei · ‎12-18-2025

Hi,

By design, something which is obviously creating more problems than ones which were presumably to be fixed, Windows 11 shows itself as Windows 10 with a different build version than Windows 10:

https://learn.microsoft.com/en-us/answers/questions/555857/windows-11-product-name-in-registry?page=2

Use Registry check to differentiate and match between Windows 10 and Windows 11; from path "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", match on "DisplayVersion" to be 21H2 values or "CurrentBuildNumber" to be higher than 20000.

Here's an example of using Registry Keys as matching conditions:

https://community.cisco.com/t5/network-access-control/cisco-ise-posture-and-os-selections/td-p/4110666

Thanks,

Cristian.