ConfigMgr 1910 - Old applications keep installing after being superseded

Question

I'm trying to test and deploy a newer version of an application currently deployed to 'All Systems' collection. The test deployment should go to a separate user collection, and the old device-targeting deployment should remain while tests are ongoing. The new application is configured to:

• supersede the old one without uninstall, as the upgrade is done by the application package;
• install for system;
• install whether or not a user is logged on.

The old version seems to be configured the same way. There is only one deployment type in each version.
Both deployments are Required. Applications use the MSI product code for detection (different between versions).
The new application installs itself without issues the first time, however after some time the old deployment starts enforcement again.
Looking at the AppEnforce logs, I noted the following chain of events:

1. user-targeted deployment of the new version is being enforced and installed seemingly with user context (even though the deployment type is set up to install for system and whether or not a user is logged on):

Performing detection of app deployment type [new application deployment type] for user
<...>
App enforcement environment: Context: Machine<...>
<...>
Executing Command line [new application's command line] with user context

2. new version is installed successfully;
3. not long after the device-targeted deployment of the old version is being enforced and successfully installed with device context, as there is nothing in the package itself to prevent this:

Performing detection of app deployment type [old application deployment type] for system
<...>
App enforcement environment: Context: Machine<...>
<...>
Executing Command line [old application's command line] with system context

4. both applications report successful installation, even though only the old version is physically present on test devices.

This behavior is not present when both test and prod collections are device-targeting. When both are user-based however the old application again tries to install but with user context, fails with 1603 and retries after some time.

Now the obvious solution would be to move to device collections for tests and production rollouts, but I'd like to try and investigate this. Shouldn't a newer application be detected and prevent the superseded application to try and install itself? Why are user-targeting deployments executed with user context (and is this by design), or am I interpreting the logs wrong?

Would appreciate any help/hints/advice as I'm pretty much stumped!

Answer 1

The application evaluation phase is where the client evaluates the detection method defined for the application to determine if the application is installed on the device. The client evaluates the desired state of the application based on the Deployment Purpose.
This step also involves detecting whether the application has any dependencies or supersedence rules that should be honored for the application. This activity can be tracked in AppIntentEval.log using the Application and Deployment Type Unique ID.
In the AppIntentEval.log, Current State indicates whether the application is currently installed on the device. Applicability indicates whether the application is applicable based on defined requirement rules. ResolvedState indicates the desired state of the application based on the deployment purpose.

---

If the response is helpful, please click "Accept Answer" and upvote it.