Problem
If a policy rule using the OS version check condition containing "Within the Last N Versions" of a major release is created, it can result in an unintentional denial of access.
Symptoms
In this example, we have set up a policy rule using the OS version check condition containing "Within the Last N Versions" of a major release:
When writing a policy based on version ID, there can be issues introduced by the specific product and how they choose to ID their future releases. This can result in an unintentional denial of access. For example, beginning with Apple version 14.1.1 when Apple publishes two parallel versions with different build numbers for different architectures, it prevents us from accurately counting the distance between version numbers of a major release.
Solution
We recommend deleting the condition containing "Within the Last N Versions" and instead relying on the "Version is greater than or equal to"
Our team is aware of this limitation, and we are working on a way to improve our policy rule capabilities.
Comments
0 comments
Please sign in to leave a comment.