vletoux
commented
1 year ago We didn't want to write a rule for each Windows 10/11 unsupported, that's why you have a generic rule (as opposed to Windows 7)
0 actives don't mean they cannot reach you AD back. Active means that they were no connected for a while, not that they cannot ever connect. It is a data provided to help you assess the internal risk level. If you think they'll never connect back, just remove them from the AD and the issue will be fixed.
The score is based on a model. No model is perfect - this is on our opinion the best that could be done. Some people are asking for score increase, others from score decrease. Queries with both side means that we have reached an optimum.
I think the score for the Obsolete OS check should be based on the number of machines, not the number of obsolete OSes. It tells me: Presence of non-supported version of Windows 10 or Windows 11 = 7 + 10 Point(s)
But in the detail, I see that I have 7 different obsolete OSes listed (5 of which with 0 active) but one of those is showing as having 48 machines running that OS.
The score should surely be based on the 48 affected machines rather than the number of W10 releases present in AD? And so should have a higher score of 15 points as that's something that requires more action.