Define versions

The Versions page lets you specify the following information about the required OS, browser, and EAA Client versions on the end user's device:
Parameter Description
Up-to-date Represents the most recent fully patched releases of all supported major versions (except the latest). This category is automatically updated and displayed in the OS and EAA Client tabs.
Custom Lets you manually configure versions not represented in latest or up-to-date. Here you can specify beta and experimental versions. Adding a specific build/version includes only that build/version. This category is optional and is not automatically updated.
Grace period Applies to the latest and up-to-date categories. It is the amount of time allowed for devices in your environment to be upgraded to the most recent release of the relevant major version before they are marked non-compliant. The grace period begins when the most recent release becomes available.

Devices that are denied access to an application because they are not updated by the end of the grace period will receive a remediation message.

  • The OS tab displays the latest, up-to-date, and custom versions of supported operating systems. For desktop devices, you can select/deselect the desired up-to-date versions from the list of versions supported by the respective vendor. You can also configure custom versions by specifying a build number or a set of builds, and determine a grace period.

  • The Installed Browsers tab displays the supported installed browser versions, and lets you specify a grace period and custom versions.
    Note: This signal tells EAA to check for the presence of installed browsers on the system. It does not check the browser that is used for accessing applications.
  • The EAA Client tab displays the latest, up-to-date, and custom EAA Client versions. For desktop device, you can select/deselect the desired up-to-date versions from the list of versions supported by the respective vendor. You can also configure custom versions by specifying a build number or a set of builds, and specify a grace period.

The latest and up-to-date version and build numbers are updated by Akamai as they become available; no action is required by the admin. When a new version is added to the Versions page, the grace period specifies the number of days until the previous version is considered to be out of date. Clients should update by this time in order to be considered to be running the latest version. The default grace period for all versions is set to 180 days.

Updates on the Versions page may affect a device’s risk assessment based on the configured risk tiers and tags. For example, consider the following sequence of events:
  • The latest macOS version is 10.15.7 (19H114).
  • The low tier requires the latest macOS version.
  • According to OS Versions, the latest macOS version is updated to 11.0.1 (20B50) with a grace period of 5 days.
  • After the grace period expires, a device still running 10.15.7 (19H114) is no longer considered a low tier device.
  • Automatically with the release of 11.0.1 (20B50), the 10.15.7 (19H114) version is added and selected under the up-to-date versions.
Note: For macOS and Windows, all rules are evaluated on the basis of build numbers.

The macOS build numbers are displayed in parenthesis and in an alphanumeric format, for example, 19H524.

The Windows build numbers are displayed in parenthesis and in a numeric format, for example, 19042.870.

How to

  1. In the EAA Management Portal, select System > Device Posture.
    The Device Posture page appears.
  2. On the Device Posture page, click the Versions tab.
  3. In OS, perform the following tasks:
    1. In Up-to-date, for desktop operating systems, you can deselect versions that you don't want to allow for end users’ devices.
      Note: With the previous release:
      • By default all up-to-date versions are automatically selected. When a new latest version is released, the previous latest version is automatically displayed and selected in the up-to-date versions section. You have to deselect this version, if you wish to exclude it.
      • Upgraded up-to-date versions are automatically added to the up-to-date list. For example, when the OS vendor updates the existing Catalina 10.15.7 (19H114) version that you have allowed for users’ devices, the newly released version automatically replaces Catalina 10.15.7 (19H114) in the up-to-date list. The new up-to-date version is also automatically selected, which means that all Catalina versions are allowed for end users’ devices. Also the device posture calculation is going to be evaluated on the basis of the latest Catalina version.

        If an up-to-date version that you have not allowed is updated, the upgraded version that appears on the up-to-date list will not be selected.

    2. In Custom, enter version numbers for mobile devices and build numbers for desktop devices that you want to allow for end users' devices.
      For example, to support Windows 7 devices, enter 7601.24511.

      The entered value must exactly match the value reported by the device. Both macOS and Windows use the build number for this purpose. The macOS build numbers are displayed in parenthesis and in an alphanumeric format, for example, 19H524. The Windows build numbers are displayed in parenthesis and in a numeric format, for example, 19041.870.

      Note: With the previous release, any custom versions entered as a macOS version number are converted to build numbers and populated in the custom field. If you don't want to allow a particular build number, you have to remove it from the Custom field
    3. In Grace period, accept the default time of 180 days or specify another value.
  4. In Browser, perform the following tasks:
    1. In Custom, enter browser versions that you want to allow.
    2. In Grace period, accept the default value of 180 days or specify another value.
  5. In EAA Client, perform the following tasks:
    1. In Up-to-date, for desktop operating systems, you can deselect versions that you do not want to allow for end users’ devices.
    2. In Custom, enter version numbers that you want to allow.
    3. In Grace period, accept the default time of 180 days or specify another value.
  6. Click Save.
    The Save Version Changes dialog appears.

    Device Posture recalculates the impact of version changes and displays the number of devices that match your existing tiers and tags. This also updates the Device Posture dashboard.



  7. Click Save Versions to save changes or Cancel to delete the changes.

Next steps

You can apply OS, installed browsers and EAA Client versions, as a part of tier and tag configuration to evaluate security posture of devices, and allow or deny access to applications.

To check versions of EAA Client, installed browsers and operating system running on the selected device, go to the Device Details report that can be displayed from the inventory or device history reports.