Policies that contain Android requirement rules are evaluated incorrectly for compliance against all devices in Configuration Manager

Applies to: System Center Configuration Manager (current branch - version 1606)System Center Configuration Manager (current branch - version 1610)

Symptoms


Consider the following scenario in System Center Configuration Manager:

  • You deploy policy settings or applications that contain any of the Android requirement rules (Android or Android for Work).
  • You deploy these settings to a user collection or a device collection that contains Windows clients.

In this scenario, you receive a CI "Discovery" error message instead of the expected Not Applicable compliance result.

In the policy monitoring information, you notice that the deployment status shows errors instead of listing the policy as compliant. This causes the reports to be inaccurate.

For example, you find entries that resemble the following in the CIAgent.log:

CIAgentJob({CIAgentJobID}): StartEnactment - CI - ScopeId_<ID>/ConfigurationPolicy_<ID>      CIAgent     DateTime    9100 (0x238C)CIAgentJob({CIAgentJobID}): StartEnactment - Attempting to invoke Policy PlatformClient   CIAgent   DateTime          9100 (0x238C)Acquiring lock   CIAgent    DateTime        9100 (0x238C)DCM::LanternUtils::CreateBindingInstance - Creating binding document for Policy: ScopeId_<ID>_ConfigurationPolicy_<ID>_16_Platform_PolicyDocument, Revision: 16.CIAgent   DateTime         9100 (0x238C)DCM::LanternUtils::CreateBindingInstance - Creating binding document for Policy: ScopeId_<ID>_ConfigurationPolicy_<ID>_16_Configuration_PolicyDocument, Revision: 16.   CIAgent   DateTime        9100 (0x238C)Lantern job:<ID> succeeded.   CIAgent   DateTime           9100 (0x238C).........CIAgentJob({CIAgentJobID}):State - Reporting (scan):: None - ScopeId_<ID>/ConfigurationPolicy_<ID>:16 - State = Error ResolvedState = Compliant Applicability = Applicable ConfigureState= NotNeeded  CIAgent   DateTime    13396 (0x3454)


In this profile, Microsoft Policy Platform Client marks the policy as Applicable and as being in an error state, even though this particular profile is the Android profile, for the following supported platforms:

<PlatformApplicabilityCondition xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules">      <OperatingSystemExpression>        <Operator>OneOf</Operator>        <Operands>          <RuleExpression RuleId="Android/All_Android_5_x" />          <RuleExpression RuleId="Android/All_Android_6_x" />          <RuleExpression RuleId="Android/All_Android_7_x" />        </Operands>      </OperatingSystemExpression>    </PlatformApplicabilityCondition>

 

Cause


This issue occurs because the client MOF does not have a stub for the Container property for these platforms:

  • Android/All_Android

  • Android/All_AndroidForWork

Resolution


To resolve this issue, target the policies to device collections that use separate collections for Configuration Manager full Windows clients and Android mobile devices.

Applies to


This article also applies to the following:

  • Microsoft System Center Configuration Manager (current branch - version 1702),