From 002e24834483861b04fb47417793e04877c83d54 Mon Sep 17 00:00:00 2001
From: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:39:23 -0600
Subject: [PATCH] Disable the Cloudflare DNS over HTTPS configuration profile
 (#36904)

Slack thread:
https://fleetdm.slack.com/archives/C071NNMSP2R/p1765215959557429
---
 it-and-security/teams/workstations-canary.yml | 3 ++-
 it-and-security/teams/workstations.yml        | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/it-and-security/teams/workstations-canary.yml b/it-and-security/teams/workstations-canary.yml
index 80a67cc62f..dd269433c1 100644
--- a/it-and-security/teams/workstations-canary.yml
+++ b/it-and-security/teams/workstations-canary.yml
@@ -99,7 +99,8 @@ controls:
       - path: ../lib/macos/configuration-profiles/disable-internet-sharing.mobileconfig
       - path: ../lib/macos/configuration-profiles/disable-media-sharing.mobileconfig
       - path: ../lib/macos/configuration-profiles/disable-safari-safefiles.mobileconfig
-      - path: ../lib/macos/configuration-profiles/enable-doh.mobileconfig
+      # - path: ../lib/macos/configuration-profiles/enable-doh.mobileconfig
+      # Commenting out until I understand why we have this and if there's a better multi-platform solution
       - path: ../lib/macos/configuration-profiles/enable-firewall-logging.mobileconfig
       - path: ../lib/macos/configuration-profiles/enable-gatekeeper.mobileconfig
       - path: ../lib/macos/configuration-profiles/enforce-library-validation.mobileconfig
diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml
index 392413f4c9..cd4f97ed7e 100644
--- a/it-and-security/teams/workstations.yml
+++ b/it-and-security/teams/workstations.yml
@@ -54,7 +54,8 @@ controls:
       - path: ../lib/macos/configuration-profiles/disable-internet-sharing.mobileconfig
       - path: ../lib/macos/configuration-profiles/disable-media-sharing.mobileconfig
       - path: ../lib/macos/configuration-profiles/disable-safari-safefiles.mobileconfig
-      - path: ../lib/macos/configuration-profiles/enable-doh.mobileconfig
+      # - path: ../lib/macos/configuration-profiles/enable-doh.mobileconfig
+      # Commenting out until I understand why we have this and if there's a better multi-platform solution
       - path: ../lib/macos/configuration-profiles/enable-firewall-logging.mobileconfig
       - path: ../lib/macos/configuration-profiles/enable-gatekeeper.mobileconfig
       - path: ../lib/macos/configuration-profiles/enforce-library-validation.mobileconfig