Improve Android Hardware Inventory to include "Android Security Patch Level" in SCCM / Intune Hybrid
Current "Intune Company Portal" do not report "Android Security Patch Level" as part of the Android Hardware Inventory to SCCM in a Hybrid environment.
This is important as our security policy requires that the device must be up-to-date on Android Security Patch inorder to be "In Compliance"
From an administrative point of view it should be possible to have an overview of your Android devices to verify whom devices that has been upgraded with the latest security updates from Android.
Security Vulnerabilities are rapidly increasing for mobile devices, e.g. the previous KRACK Vulnerability. Hence it would great to see that your Android devices is up-to-date in the SCCM Reports, especially when Conditional Access Compliant rules is implemented to access services e.g. mail, apps etc.
An simple SQL Query to the following SQL VIEWS shows us that only the major Android version is inventoried:
select * from vGSDEVICEOSINFORMATION
Select * from vGSDEVICECOMPUTERSYSTEM
For Apple iOS, all security updates is included in the ProductVersion0 column of these views, e.g. 11.1.2
It is impossible to manage Android devices if we don't know what Android Security Patch Level each devices has implemented when "minimum Android Security patch Level" Compliance Policy is configured.
We do now support setting the security patch level for Android devices in Intune, as of the June 2019 release, but we announced deprecation of support for hybrid a while ago, and I missed this since it was in Android and not the hybrid category. I’m going to say declined because this specified hybrid, but hopefully with co-management you’re getting what you need. If not, post back.
Hi, Does this feature is available now?
Whats options do we have to maitain Android Security Patch Level as part of the Android Hardware Inventory to SCCM ?
Anders Horgen commented
According to Android Developer SDK, "Security Patch Level" exist is the "Build.VERSION" class API for Android OS. ref:
So to HW Inventory this part should be rather easy to implement! :)
This feature should be included in Intune Standalone since SCCM / Hybrid will be depricated. This data is not inventoried in Intune Standalone and should be fixed :)
Its ridiculous that we can set a compliance rule on this data point but don't have any visibility to how many systems are up to date, this needs to be implemented ASAP