{showTurnOnMdmInfoBanner && (
- To change settings and install software, ask the end user to follow
- the Turn on MDM instructions on their{" "}
- My device page.
+ To enforce settings, OS updates, disk encryption, and more, ask the
+ end user to follow the Turn on MDM instructions on
+ their My device page.
)}
{showDiskEncryptionUserActionRequired && (
Disk encryption: Requires action from the end user. Ask the end user
- to follow Disk encryption instructions on their{" "}
- My device page.
+ to log out of their device or restart it.
)}
diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx
index 3049a8273a..c2f57cc0e1 100644
--- a/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx
+++ b/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx
@@ -12,6 +12,7 @@ import deviceAPI, {
IGetDeviceSoftwareResponse,
} from "services/entities/device_user";
import { IHostSoftware, ISoftware } from "interfaces/software";
+import { Platform } from "interfaces/platform";
import { DEFAULT_USE_QUERY_OPTIONS } from "utilities/constants";
import { NotificationContext } from "context/notification";
import { AppContext } from "context/app";
@@ -34,8 +35,10 @@ export interface ITableSoftware extends Omit
diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
index b01806032f..66777b1ed3 100644
--- a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
+++ b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
@@ -50,17 +50,17 @@ type IVulnerabilitiesCellProps = IInstalledVersionsCellProps;
// type IActionsCellProps = CellProps;
const generateActions = ({
- canInstall,
+ userHasSWInstallPermission,
+ hostCanInstallSoftware,
installingSoftwareId,
- isFleetdHost,
softwareId,
status,
software_package,
app_store_app,
}: {
- canInstall: boolean;
+ userHasSWInstallPermission: boolean;
+ hostCanInstallSoftware: boolean;
installingSoftwareId: number | null;
- isFleetdHost: boolean;
softwareId: number;
status: SoftwareInstallStatus | null;
software_package: IHostSoftwarePackage | null;
@@ -78,14 +78,18 @@ const generateActions = ({
}
const hasSoftwareToInstall = !!software_package || !!app_store_app;
- // remove install if there is no package to install
- if (!hasSoftwareToInstall || !canInstall) {
+ // remove install if there is no package to install or if the software is already installed
+ if (
+ !hasSoftwareToInstall ||
+ !userHasSWInstallPermission ||
+ status === "installed"
+ ) {
actions.splice(indexInstallAction, 1);
return actions;
}
- // disable install option if not a fleetd host
- if (!isFleetdHost) {
+ // disable install option if not a fleetd, iPad, or iOS host
+ if (!hostCanInstallSoftware) {
actions[indexInstallAction].disabled = true;
actions[indexInstallAction].tooltipContent =
"To install software on this host, deploy the fleetd agent with --enable-scripts and refetch host vitals.";
@@ -102,9 +106,9 @@ const generateActions = ({
};
interface ISoftwareTableHeadersProps {
- canInstall: boolean;
+ userHasSWInstallPermission: boolean;
+ hostCanInstallSoftware: boolean;
installingSoftwareId: number | null;
- isFleetdHost: boolean;
router: InjectedRouter;
teamId: number;
onSelectAction: (software: IHostSoftware, action: string) => void;
@@ -113,9 +117,9 @@ interface ISoftwareTableHeadersProps {
// NOTE: cellProps come from react-table
// more info here https://react-table.tanstack.com/docs/api/useTable#cell-properties
export const generateSoftwareTableHeaders = ({
- canInstall,
+ userHasSWInstallPermission,
+ hostCanInstallSoftware,
installingSoftwareId,
- isFleetdHost,
router,
teamId,
onSelectAction,
@@ -202,8 +206,8 @@ export const generateSoftwareTableHeaders = ({
(
<>
- Fleet installed software on these hosts. (
- {dateAgo(lastInstall as string)})
+ Fleet installed software on this host
+ {dateAgo(lastInstall as string)}). Currently, if the software is
+ deleted, the “Installed” status won’t be updated.
),
},
diff --git a/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/SelfServiceItem.tsx b/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/SelfServiceItem.tsx
index 9c4146da4d..76b7cd7f7f 100644
--- a/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/SelfServiceItem.tsx
+++ b/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/SelfServiceItem.tsx
@@ -41,7 +41,7 @@ const STATUS_CONFIG: Record = {
tooltip: ({ lastInstalledAt = "" }) => (
<>
Software failed to install
- {lastInstalledAt ? `(${dateAgo(lastInstalledAt)})` : ""}. Select{" "}
+ {lastInstalledAt ? ` (${dateAgo(lastInstalledAt)})` : ""}. Select{" "}
Retry to install again, or contact your IT department.
),
diff --git a/frontend/pages/hosts/details/cards/Software/SoftwareDetailsModal/SoftwareDetailsModal.tsx b/frontend/pages/hosts/details/cards/Software/SoftwareDetailsModal/SoftwareDetailsModal.tsx
index f8373d8c14..2fff0a4fb4 100644
--- a/frontend/pages/hosts/details/cards/Software/SoftwareDetailsModal/SoftwareDetailsModal.tsx
+++ b/frontend/pages/hosts/details/cards/Software/SoftwareDetailsModal/SoftwareDetailsModal.tsx
@@ -149,7 +149,8 @@ const InstallDetailsContent = ({
} else if (hasHostSoftwarePackageLastInstall(software)) {
return (
[A, a, B, b, C, c])
+ */
+export const getCustomLabels = (
+ labels: T[]
+) => {
+ if (labels.length === 0) {
+ return [];
+ }
+
+ return labels
+ .filter((label) => label.label_type === "regular")
+ .sort((a, b) => {
+ // Found this technique here
+ // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/localeCompare
+ // This is a case insensitive sort
+ return a.name.localeCompare(b.name, undefined, {
+ sensitivity: "base",
+ });
+ });
+};
+
export default {
create: (
formData: IDynamicLabelFormData | IManualLabelFormData
diff --git a/frontend/services/entities/mdm.ts b/frontend/services/entities/mdm.ts
index a5b7409922..f8cae4461f 100644
--- a/frontend/services/entities/mdm.ts
+++ b/frontend/services/entities/mdm.ts
@@ -83,10 +83,6 @@ export interface IGetMdmCommandResultsResponse {
}
const mdmService = {
- resetEncryptionKey: (token: string) => {
- const { DEVICE_USER_RESET_ENCRYPTION_KEY } = endpoints;
- return sendRequest("POST", DEVICE_USER_RESET_ENCRYPTION_KEY(token));
- },
unenrollHostFromMdm: (hostId: number, timeout?: number) => {
const { HOST_MDM_UNENROLL } = endpoints;
return sendRequest(
diff --git a/frontend/services/entities/mdm_apple.ts b/frontend/services/entities/mdm_apple.ts
index 820d0d2bf4..34ea85747f 100644
--- a/frontend/services/entities/mdm_apple.ts
+++ b/frontend/services/entities/mdm_apple.ts
@@ -69,11 +69,12 @@ export default {
return sendRequest("GET", path);
},
- addVppApp: (teamId: number, appStoreId: string) => {
+ addVppApp: (teamId: number, appStoreId: string, platform: ApplePlatform) => {
const { MDM_APPLE_VPP_APPS } = endpoints;
return sendRequest("POST", MDM_APPLE_VPP_APPS, {
app_store_id: appStoreId,
team_id: teamId,
+ platform,
});
},
};
diff --git a/frontend/services/entities/software.ts b/frontend/services/entities/software.ts
index ecb4d98847..d3f85f9d16 100644
--- a/frontend/services/entities/software.ts
+++ b/frontend/services/entities/software.ts
@@ -56,10 +56,14 @@ export interface ISoftwareVersionResponse {
}
export interface ISoftwareVersionsQueryKey extends ISoftwareApiParams {
+ // used to trigger software refetches from sibling pages
+ addedSoftwareToken: string | null;
scope: "software-versions";
}
export interface ISoftwareTitlesQueryKey extends ISoftwareApiParams {
+ // used to trigger software refetches from sibling pages
+ addedSoftwareToken: string | null;
scope: "software-titles";
}
diff --git a/frontend/utilities/endpoints.ts b/frontend/utilities/endpoints.ts
index 235029bf70..92553ada42 100644
--- a/frontend/utilities/endpoints.ts
+++ b/frontend/utilities/endpoints.ts
@@ -31,9 +31,6 @@ export default {
`/${API_VERSION}/fleet/device/${token}/software`,
DEVICE_SOFTWARE_INSTALL: (token: string, softwareTitleId: number) =>
`/${API_VERSION}/fleet/device/${token}/software/install/${softwareTitleId}`,
- DEVICE_USER_RESET_ENCRYPTION_KEY: (token: string): string => {
- return `/${API_VERSION}/fleet/device/${token}/rotate_encryption_key`;
- },
DEVICE_USER_MDM_ENROLLMENT_PROFILE: (token: string): string => {
return `/${API_VERSION}/fleet/device/${token}/mdm/apple/manual_enrollment_profile`;
},
diff --git a/go.mod b/go.mod
index f08fad8627..f735a2244b 100644
--- a/go.mod
+++ b/go.mod
@@ -126,7 +126,7 @@ require (
golang.org/x/text v0.16.0
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
google.golang.org/api v0.169.0
- google.golang.org/grpc v1.64.0
+ google.golang.org/grpc v1.64.1
gopkg.in/guregu/null.v3 v3.5.0
gopkg.in/ini.v1 v1.67.0
gopkg.in/natefinch/lumberjack.v2 v2.0.0
diff --git a/go.sum b/go.sum
index f0d7931bb3..7eceaae2aa 100644
--- a/go.sum
+++ b/go.sum
@@ -1755,8 +1755,8 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
-google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
+google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
+google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
diff --git a/handbook/company/communications.md b/handbook/company/communications.md
index 8d8a7c1f60..0c3eed5af7 100644
--- a/handbook/company/communications.md
+++ b/handbook/company/communications.md
@@ -133,7 +133,7 @@ It's important for Fleet to engage at [events](https://docs.google.com/spreadshe
#### Event lead follow-up
-Eventgoers are expecting a timely follow-up from Fleet based on the conversations that they had at the event. It is up to Digital Marketing Manager to make sure this process is followed.
+Eventgoers expect a timely follow-up from Fleet based on the conversations that they had at the event.
1. Once a list of badge scans is available, Fleeties that attended the event are to add any follow up notes that note buying situation, amount of endpoints, level of interest, and general talking points.
2. Within 3 business days of returning from the event, attendees will set up a debrief meeting with the demand team to discuss follow-up.
diff --git a/handbook/company/pricing-features-table.yml b/handbook/company/pricing-features-table.yml
index ccf0f918fe..4514c3c95e 100644
--- a/handbook/company/pricing-features-table.yml
+++ b/handbook/company/pricing-features-table.yml
@@ -226,6 +226,7 @@
tier: Premium
jamfProHasFeature: appleOnly
jamfProtectHasFeature: no
+ isExperimental: yes
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
@@ -247,6 +248,7 @@
tier: Premium
jamfProHasFeature: yes
jamfProtectHasFeature: no
+ isExperimental: yes
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
@@ -689,6 +691,7 @@
tier: Premium
jamfProHasFeature: no
jamfProtectHasFeature: no
+ isExperimental: yes
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
#
@@ -1099,7 +1102,7 @@
# ╚╗╔╝╠═╣╠╦╝║╠═╣╠╩╗║ ║╣ ╠═╣║ ╦║╣ ║║║ ║ ╚╗╔╝║╣ ╠╦╝╚═╗║║ ║║║║╚═╗
# ╚╝ ╩ ╩╩╚═╩╩ ╩╚═╝╩═╝╚═╝ ╩ ╩╚═╝╚═╝╝╚╝ ╩ ╚╝ ╚═╝╩╚═╚═╝╩╚═╝╝╚╝╚═╝
- industryName: Variable agent versions
- descrption: Manage agents remotely by setting different versions per-baseline.
+ description: Manage agents remotely by setting different versions per-baseline.
documentationUrl: https://fleetdm.com/docs/configuration/agent-configuration#configure-fleetd-update-channels
tier: Premium
jamfProHasFeature: no
@@ -1477,3 +1480,18 @@
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Integrations]
+#
+# ╔╦╗╦═╗╦╔═╗╔═╗╔═╗╦═╗ ╔═╗ ╦ ╦╔═╗╦═╗╦╔═╔═╗╦ ╔═╗╦ ╦ ╔╗ ╔═╗╔═╗╔═╗╔╦╗ ╔═╗╔╗╔ ╔═╗
+# ║ ╠╦╝║║ ╦║ ╦║╣ ╠╦╝ ╠═╣ ║║║║ ║╠╦╝╠╩╗╠╣ ║ ║ ║║║║ ╠╩╗╠═╣╚═╗║╣ ║║ ║ ║║║║ ╠═╣
+# ╩ ╩╚═╩╚═╝╚═╝╚═╝╩╚═ ╩ ╩ ╚╩╝╚═╝╩╚═╩ ╩╚ ╩═╝╚═╝╚╩╝ ╚═╝╩ ╩╚═╝╚═╝═╩╝ ╚═╝╝╚╝ ╩ ╩
+# ╔═╗╔═╗╦╦ ╦╔╗╔╔═╗ ╔═╗╔═╗╦ ╦╔═╗╦ ╦
+# ╠╣ ╠═╣║║ ║║║║║ ╦ ╠═╝║ ║║ ║║ ╚╦╝
+# ╚ ╩ ╩╩╩═╝╩╝╚╝╚═╝ ╩ ╚═╝╩═╝╩╚═╝ ╩
+- industryName: Trigger a workflow based on a failing policy
+ documentationUrl: https://fleetdm.com/docs/using-fleet/automations#policy-automations
+ productCategories: [Endpoint operations,Device management]
+ pricingTableCategories: [Integrations]
+ usualDepartment: IT
+ tier: Free
+ jamfProHasFeature: yes
+ jamfProtectHasFeature: no
diff --git a/handbook/company/product-groups.md b/handbook/company/product-groups.md
index 17b3acbd15..f084beaf7e 100644
--- a/handbook/company/product-groups.md
+++ b/handbook/company/product-groups.md
@@ -296,33 +296,21 @@ To make a feature request or advocate for a feature request from a customer or c
Requests are weighed from top to bottom while prioritizing attendee requests. This means that if the individual that added a feature request is not in attendance, the feature request will be discussed towards the end of the call if there's time.
-To be acceptable for consideration, a request must:
-- Have a clear proposed change
-- Have a well-articulated underlying user need
-- Specify the requestor (either internal stakeholder or customer or community user)
-
-To help the product team, other pieces of information can be optionally included:
-- How would they solve the problem without any changes if pressed?
-- How does this change fit into the requester's overall usage of Fleet?
-- What other potential changes to the product have you considered?
-
-To ensure your request appears on the ["Feature Fest" board](https://app.zenhub.com/workspaces/-feature-fest-651b2962605ba29209324c57/board):
-- Add the `~feature fest` label to your issue
-- Add the relevant customer label (if applicable)
-
-To maximize your chances of having a feature accepted, requesters can visit the [🗣 Product office hours](#rituals) meeting to get feedback on requests prior to being accepted.
-
### How feature requests are evaluated
Digestion of these new product ideas (requests) happens at the **🎁🗣 Feature Fest** meeting.
-At the **🎁🗣 Feature Fest** meeting, the DRI (Head of Product) weighs all requests on the board. When the team weighs a request, it is immediately prioritized or put to the side.
+Before the **🎁🗣 Feature Fest** meeting, the [Customer renewals DRI](https://fleetdm.com/handbook/company/communications#directly-responsible-individuals-dris) goes through the "Inbox" column and removes customer requests that are not a high priority for the business. Stakeholders will be notified by the Customer renewals DRI.
-Product Managers prioritize all potential product improvements worked on by Fleeties. Anyone (Fleeties, customers, and community members) are invited to suggest improvements.
+All community and contributor requests (non-customer) are left in the inbox. A high priority customer request may be a request that's blocking a customer from getting their job done or a request that's critical for customer renewal.
-- A _request is prioritized_ when the DRI decides it is a priority. When this happens, the team sets the request to be estimated within five business days.
+Before the meeting, the Feature prioritization DRI adds requests from Fleet's roadmap that are planned for the next design sprint. The quarterly roadmap is in the [OKRs spreadsheet](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit?gid=0#gid=0).
+
+At the **🎁🗣 Feature Fest** meeting, the Feature prioritization DRI weighs all requests in the inbox. When the team weighs a request, it is immediately prioritized or put to the side (not prioritized).
+
+- A _request is prioritized_ when the Feature prioritization DRI decides it is a priority.
- A _request is put to the side_ when the business perceives competing priorities as more pressing in the immediate moment.
-If a feature is not prioritized during a 🎁🗣 Feature Fest meeting, it only means the feature has been rejected _at that time_. Requestors will be notified by the Head of Product, and they can resubmit their request at a future meeting.
+If a feature is not prioritized during a 🎁🗣 Feature Fest meeting, it only means the feature has been rejected _at that time_. Requestors will be notified by the Feature prioritization DRI, and they can resubmit their request at a future meeting.
Requests are weighed by:
- The completeness of the request (see [making a request](#making-a-request))
@@ -331,16 +319,10 @@ Requests are weighed by:
- How well the request fits within Fleet's product vision and roadmap
- Whether the feature seems like it can be designed, estimated, and developed in 6 weeks, given its individual complexity and when combined with other work already accepted
-### Customer feature requests
-The product team's goal is to prioritize 16 customer feature requests at Feature Fest, then take them from settled to shipped. The customer success team is responsible for providing the Head of Product a live count during the Feature Fest meeting. Product Operations is responsible for monitoring this KPI and raising alarms throughout the design and engineering sprints.
-> Customer stories should be estimated at 1-3 points each to count as 1 request. If a feature request spans across multiple customers, it will be counted as the number of customers involved.
-
### After the feature is accepted
-After the 🎁🗣 Feature Fest meeting, Product Operations will clear the Feature Fest board as follows:
-**Prioritized features:** Remove `feature fest` label, add `:product` label, and assign the group Product Manager.
-**Put to the side features:** Remove `feature fest` label and close the issue.
-
-Group Product Managers will then develop user stories for the prioritized features.
+After the 🎁🗣 Feature Fest meeting, the Feature prioritization DRI will clear the Feature Fest board as follows:
+**Prioritized features:** Remove `feature fest` label, add `:product` label, and move the issue to the "Ready" column in the drafting board. The request will then be assigned to a [Product Designer](https://fleetdm.com/handbook/company/product-groups#current-product-groups) during the "Design sprint kick-off" ritual.
+**Put to the side features:** Remove `feature fest` label and notify the requestor.
> The product team's commitment to the requester is that a prioritized feature will be delivered within 6 weeks or the requester will be notified within 1 business day of the decision to de-prioritize the feature.
diff --git a/handbook/digital-experience/README.md b/handbook/digital-experience/README.md
index b4bc7db24a..d0015e568a 100644
--- a/handbook/digital-experience/README.md
+++ b/handbook/digital-experience/README.md
@@ -17,7 +17,7 @@ This page details processes specific to working [with](#contact-us) and [within]
## Contact us
- To **make a request** of this department, [create an issue](https://github.com/fleetdm/fleet/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=digital-experience-request.md&title=TODO%3A+) and a team member will get back to you within one business day (If urgent, mention a [team member](#team) in the [#g-digital-experience](https://fleetdm.slack.com/archives/C058S8PFSK0) Slack channel.
- - Any Fleet team member can [view the kanban board](https://app.zenhub.com/workspaces/g-digital-experience-6451748b4eb15200131d4bab/board) for this department, including pending tasks and the status of new requests.
+ - Any Fleet team member can [view the kanban board](https://app.zenhub.com/workspaces/g-digital-experience-6451748b4eb15200131d4bab/board?sprints=none) for this department, including pending tasks and the status of new requests.
- Please **use issue comments and GitHub mentions** to communicate follow-ups or answer questions related to your request.
@@ -517,6 +517,12 @@ It's not enough to just "delete" a recording of a meeting in Gong. Instead, use
- Search for the title of the meeting Google Drive and delete the auto-generated Google Doc containing the transcript.
- Always check back to ensure the recording **and** transcript were both deleted.
+### Update a company brand front
+
+Fleet has several brand fronts that need to be updated from time to time. Check each [brand front](https://docs.google.com/spreadsheets/d/1c15vwMZytpCLHUdGvXxi0d6WGgPcQU1UBMniC1F9oKk/edit?gid=0#gid=0) for consistency and update as needed with the following:
+- The current pitch, found in the blurbs section of the [🎐 Why Fleet?](https://docs.google.com/document/d/1E0VU4AcB6UTVRd4JKD45Saxh9Gz-mkO3LnGSTBDLEZo/edit#heading=h.uovxedjegxdc) doc.
+- The current [brand imagery](https://www.figma.com/design/1J2yxqH8Q7u8V7YTtA1iej/Social-media-(logos%2C-covers%2C-banners)?node-id=3962-65895). Check this [Loom video](https://www.loom.com/share/4432646cc9614046aaa4a74da1c0adb5?sid=2f84779f-f0bd-4055-be69-282c5a16f5c5) for more info.
+
## Rituals
diff --git a/handbook/digital-experience/digital-experience.rituals.yml b/handbook/digital-experience/digital-experience.rituals.yml
index bc2b4db7ca..5b9f8d155e 100644
--- a/handbook/digital-experience/digital-experience.rituals.yml
+++ b/handbook/digital-experience/digital-experience.rituals.yml
@@ -18,6 +18,13 @@
description: "Run through the entire website in `?utm_content=clear` mode and build a fresh outline of the headings to make sure they all still make sense."
moreInfoUrl: ""
dri: "mike-j-thomas"
+-
+ task: "Check brand fronts are up to date"
+ startedOn: "2024-08-01"
+ frequency: "Quarterly"
+ description: "Check all brand fronts for consistancy and update as needed with the current product pitch and graphics."
+ moreInfoUrl: "https://fleetdm.com/handbook/digital-experience#update-a-company-brand-front"
+ dri: "mike-j-thomas"
-
task: "Check production dependencies of fleetdm.com"
startedOn: "2023-11-10"
diff --git a/handbook/engineering/README.md b/handbook/engineering/README.md
index 7e1d08e84b..d6f18bde2c 100644
--- a/handbook/engineering/README.md
+++ b/handbook/engineering/README.md
@@ -1,7 +1,10 @@
# Engineering
+
This handbook page details processes specific to working [with](#contact-us) and [within](#responsibilities) this department.
+
## Team
+
| Role | Contributor(s) |
|:--------------------------------|:-----------------------------------------------------------------------------------------------------------|
| Chief Technology Officer (CTO) | [Luke Heath](https://www.linkedin.com/in/lukeheath/) _([@lukeheath](https://github.com/lukeheath))_
@@ -10,15 +13,21 @@ This handbook page details processes specific to working [with](#contact-us) and
| Quality Assurance Engineer (QA) | _See [🛩️ Product groups](https://fleetdm.com/handbook/company/product-groups#current-product-groups)_
| Software Engineer | _See [🛩️ Product groups](https://fleetdm.com/handbook/company/product-groups#current-product-groups)_
+
## Contact us
+
- To **make a request** of this department, [create an issue](https://fleetdm.com/handbook/company/product-groups#current-product-groups) and a team member will get back to you within one business day (If urgent, mention a [team member](#team) in the [#help-engineering](https://fleetdm.slack.com/archives/C019WG4GH0A) Slack channel.
- Any Fleet team member can [view the kanban boards](https://fleetdm.com/handbook/company/product-groups#current-product-groups) for this department, including pending tasks and the status of new requests.
- Please **use issue comments and GitHub mentions** to communicate follow-ups or answer questions related to your request.
+
## Responsibilities
+
The 🚀 Engineering department at Fleet is directly responsible for writing and maintaining the [code](https://github.com/fleetdm/fleet) for Fleet's core product and infrastructure.
+
### Record engineering KPIs
+
We track the success of this process by observing the throughput of issues through the system and identifying where buildups (and therefore bottlenecks) are occurring.
The metrics are:
* Number of bugs opened this week
@@ -28,6 +37,7 @@ The metrics are:
Each week these are tracked and shared in the weekly KPI sheet by Luke Heath.
+
### Write a feature guide
We write [guides](https://fleetdm.com/guides) for all new features. Feature guides are published before the feature is released so that our users understand how the feature is intended to work. A guide is a type of article, so the process for writing a guide and article is the same.
@@ -39,6 +49,7 @@ We write [guides](https://fleetdm.com/guides) for all new features. Feature guid
### Create an engineering-initiated story
+
Engineering-initiated stories are types of user stories created by engineers to make technical changes to Fleet. Technical changes should improve the user experience or contributor experience. For example, optimizing SQL that improves the response time of an API endpoint improves user experience by reducing latency. A script that generates common boilerplate, or automated tests to cover important business logic, improves the quality of life for contributors, making them happier and more productive, resulting in faster delivery of features to our customers.
It is important to frame engineering-initiated user stories the same way we frame all user stories. Stay focused on how this technical change will drive value for our users.
@@ -53,46 +64,50 @@ If there are no product changes, and the DRI decides to prioritize the story, th
> We prefer the term engineering-initiated stories over technical debt because the user story format helps keep us focused on our users and contributors.
+
### Fix a bug
+
All bug fix pull requests should have a mention back to the issue they resolve with # in the description or even in a comment. Please do not use any [automated words](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) since we don't want the tickets auto-closing when PR's are merged.
If the bug is labeled `~unreleased bug`, branch off and put your PR into `main`. These issues can be closed as soon as they complete QA.
If the bug is labeled `~released bug`, branch off and put your PR into `main`. After merging checkout the latest tag, for example `git checkout fleet-v4.48.2`, then `git fetch; git cherry-pick `. If the cherry-pick fails with a conflict call out in the ticket how to resolve or if it is sufficiently complicated call out this fix is not suited for the patch release process and should only be included in the end of sprint release. This approach makes sure the bug fix is not built on top of unreleased feature code, which can cause merge conflicts during patch releases.
-### Begin a merge freeze
-To ensure release quality, Fleet has a freeze period for testing beginning the Tuesday before the release at 11:00 AM Pacific. Effective at the start of the freeze period, a release candidate branch is created and frozen at `minor-fleet-v4.x.x` and no additional feature work is merged without approval.
-Bugs are exempt from the release freeze period.
+### Create a release candidate
-Before beginning the freeze, create the release candidate branch. [Run the first step](https://github.com/fleetdm/fleet/tree/main/tools/release#minor-release-typically-end-of-sprint) of the minor release section of the Fleet releases script to create the release candidate branch, the release QA issue, and announce the release candidate in Slack.
+All minor releases go through the release candidate process before they are published. A release candidate for the next minor release is created on the Tuesday before the release at 11:00 AM Pacific. A release candidate branch is created at `minor-fleet-v4.x.x` and no additional feature work is merged without EM and QA approval.
-After creating the release candidate branch, open the [repo settings on Merge Freeze](https://app.mergefreeze.com/installations/3704/branches/6847/edit) and populate the "Protected branch name" field with the name of the release candidate branch. Then, [open the repo on Merge Freeze](https://www.mergefreeze.com/installations/3704/branches/6847) and click the "Freeze now" button. This will freeze the selected release candidate branch and require any PRs to be manually unfrozen before merging. PRs may be manually unfrozen in Merge Freeze using the PR number.
+All bug fixes that are merged into `main` after the release candidate is created are merged into the release candidate by the engineer responsible for the fix.
-> Any Fleetie can [unfreeze PRs on Merge Freeze](https://www.mergefreeze.com/installations/3704/branches) if the PR contains documentation changes or bug fixes only. If the PR contains other changes, please confirm with your manager before unfreezing.
+[Run the first step](https://github.com/fleetdm/fleet/tree/main/tools/release#minor-release-typically-end-of-sprint) of the minor release section of the Fleet releases script to create the release candidate branch, the release QA issue, and announce the release candidate in Slack.
-### Deploy the release candidate to QA Wolf during merge freeze
-During merge freeze, deploy the release candidate to our QA Wolf instance every morning instead of `main` to ensure that any new bugs reported by QA Wolf are in the upcoming release and need to be fixed before publishing the release.
+
+### Deploy the release candidate to QA Wolf
+
+During the release candidate period, the release candidate is deployed to our QA Wolf instance every morning instead of `main` to ensure that any new bugs reported by QA Wolf are in the upcoming release and need to be fixed before publishing the release.
Open the [confidential repo environment variables](https://github.com/fleetdm/confidential/settings/variables/actions) page and update the `QAWOLF_DEPLOY_TAG` repository variable with the name of the release candidate branch.
-### Merge a pull request during the freeze period
-We merge bug fixes, documentation changes, and website updates during the freeze period, but we do not merge other code changes. This minimizes code churn and helps ensure a stable release. To merge a bug fix, you must first unfreeze the PR in [Merge Freeze](https://app.mergefreeze.com/installations/3704/branches), and click the "Unfreeze 1 pull request" text link.
+
+### Merge bug fixes into the release candidate
+
+Only merge bug fixes during the release candidate period to minimize code churn and help ensure a stable release. To merge a bug fix into the release candidate, it should first be merged into `main`. Then, `git checkout` the release candidate branch and create a new local branch. Next, `git cherry-pick` your commit from `main` into your new local branch, then create a pull request from your new branch to the release candidate. This process ensures your bug fix is included in `main` for future releases, as well as the release candidate branch for the pending release.
> To allow a stable release test, the final 24 hours before release is a deep freeze when only bugs with the `~release-blocker` or `~unreleased-bug` labels are merged.
-If there is partially merged feature work when freeze begins, the previously merged code must be reverted. If there is an exceptional, business-critical need to merge feature work during freeze, as determined by the [release ritual DRI](#rituals), the following exception process may be followed:
+If there is partially merged feature work when the release candidate is created, the previously merged code must be reverted. If there is an exceptional, business-critical need to merge feature work into the release candidate, as determined by the [release ritual DRI](#rituals), the release candidate [feature merge exception process](https://fleetdm.com/handbook/engineering#request-release-candidate-feature-merge-exception) may be followed.
-1. The engineer requesting the feature work merge exception during freeze notifies their Engineering Manager.
-2. The Engineering Manager notifies the QA lead for the product group and the [release ritual DRI](https://fleetdm.com/handbook/engineering#rituals).
-3. The Engineering Manager, QA lead, and [release ritual DRI](#rituals) must all approve the feature work PR before it is unfrozen and merged.
+### Request release candidate feature merge exception
-> This exception process should be avoided whenever possible. Any feature work merged during freeze will likely result in a significant release delay.
+1. Notify product group EM that feature work will not merge into `main` before the release candidate is cut and requires a feature merge exception.
+2. EM notifies QA lead for the product group and the [release ritual DRI](https://fleetdm.com/handbook/engineering#rituals).
+3. EM, QA lead, and [release ritual DRI](#rituals) must all approve the feature work PR before it is merged into the release candidate branch.
+
+> This exception process should be avoided whenever possible. Any feature work merged into the release candidate will likely result in a significant release delay.
-### Merge a bug fix during the freeze period
-To merge a bug fix into the release candidate during freeze, it should first be merged into `main`. Then, `git checkout` the release candidate branch and create a new branch. Next, `git cherry-pick` your
-commit from `main` into your new branch, then create a pull request from your new branch to the release candidate. This process ensures your bug fix is included in `main` for future releases, as well as the release candidate branch for the next release.
### Confirm latest versions of dependencies
+
Before kicking off release QA, confirm that we are using the latest versions of dependencies we want to keep up-to-date with each release. Currently, those dependencies are:
1. **Go**: Latest minor release
@@ -133,13 +148,19 @@ If an announcement is found for either data source that may impact data feed ava
If code changes are found for any `fleetd` components, create a new release QA issue to update `fleetd`. Delete the top section for Fleet core, and retain the bottom section for `fleetd`. Populate the necessary version changes for each `fleetd` component.
+
### Indicate your product group is release-ready
-Once a product group completes its QA process during the freeze period, its QA lead moves the smoke testing ticket to the "Ready for release" column on their ZenHub board. They then notify the release ritual DRI by tagging them in a comment, indicating that their group is prepared for release. The release ritual DRI starts the [release process](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Releasing-Fleet.md) after all QA leads have made these updates and confirmed their readiness for release.
+
+Once a product group completes its QA process during the release candidate period, its QA lead moves the smoke testing ticket to the "Ready for release" column on their ZenHub board. They then notify the release ritual DRI by tagging them in a comment, indicating that their group is prepared for release. The release ritual DRI starts the [release process](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Releasing-Fleet.md) after all QA leads have made these updates and confirmed their readiness for release.
+
### Prepare Fleet release
+
Documentation on completing the release process can be found [here](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Releasing-Fleet.md).
+
### Deploy a new release to dogfood
+
After each Fleet release, the new release is deployed to Fleet's "dogfood" (internal) instance.
How to deploy a new release to dogfood:
@@ -154,7 +175,9 @@ How to deploy a new release to dogfood:
>
> Note that "fleetdm/fleet:main" is not a image name, instead use the commit hash in place of "main".
+
### Conclude current milestone
+
Immediately after publishing a new release, we close out the associated GitHub issues and milestones.
1. **Rename current milestone**: In GitHub, [change the current milestone name](https://github.com/fleetdm/fleet/milestones) from `4.x.x-tentative` to `4.x.x`. `4.37.0-tentative` becomes `4.37.0`.
@@ -175,16 +198,18 @@ Immediately after publishing a new release, we close out the associated GitHub i
10. **Create next milestone**: Create a new milestone for the next versioned release, `4.x.x-tentative`.
-11. **Remove the freeze**: [Open the repo in Merge Freeze](https://app.mergefreeze.com/installations/3704/branches/6847) and click the "Unfreeze" button.
+11. Announce that the release milestone has been closed in #help-engineering.
-12. Announce that `main` is unfrozen and the milestone has been closed in #help-engineering.
+12. Visit the [confidential repo variables](https://github.com/fleetdm/confidential/settings/variables/actions) page and update the `QAWOLF_DEPLOY_TAG` repository variable to `main` so that the latest code is deployed to QA Wolf every morning.
-13. Visit the [confidential repo variables](https://github.com/fleetdm/confidential/settings/variables/actions) page and update the `QAWOLF_DEPLOY_TAG` repository variable to `main` so that the latest code is deployed to QA Wolf every morning.
### Update the Fleet releases calendar
+
The [Fleet releases Google calendar](https://calendar.google.com/calendar/embed?src=c_v7943deqn1uns488a65v2d94bs%40group.calendar.google.com&ctz=America%2FChicago) is kept up-to-date by the [release ritual DRI](https://fleetdm.com/handbook/engineering#rituals). Any change to targeted release dates is reflected on this calendar.
+
### Secure company-issued equipment for a team member
+
As soon as an offer is accepted, Fleet provides laptops and YubiKey security keys for core team members to use while working at Fleet. The IT engineer will work with the new team member to get their equipment requested and shipped to them on time.
- [**Check the Fleet IT warehouse**](https://docs.google.com/spreadsheets/d/1hFlymLlRWIaWeVh14IRz03yE-ytBLfUaqVz0VVmmoGI/edit#gid=0) before purchasing any equipment including laptops, monitors, and Yubikeys to ensure we efficiently [utilize existing assets before spending money](https://fleetdm.com/handbook/company/why-this-way#why-spend-less). If Fleet IT warehouse inventory can meet the needs of the request, file a [warehouse request](https://github.com/fleetdm/confidential/issues/new?assignees=sampfluger88&labels=%23g-digital-experience&projects=&template=warehouse-request.md&title=%F0%9F%92%BB+Warehouse+request).
@@ -202,17 +227,23 @@ As soon as an offer is accepted, Fleet provides laptops and YubiKey security key
- Include delivery tracking information when closing the support request so the new employee can be notified.
+
### Register a domain for Fleet
+
Domain name registrations are handled through Namecheap. Access is managed via 1Password.
+
### Fix a laptop that's not checking in
+
It is [possible for end users to remove launch agents](https://github.com/fleetdm/confidential/issues/6088) (this is true not just for osquery, but for anything).
If the host has MDM turned on, use the `fleetctl mdm run-command` CLI command to push the XML file located at https://github.com/fleetdm/fleet/blob/main/it-and-security/lib/macos-send-fleetd.xml to the device, which will reinstall fleetd.
If the host doesn't have MDM turned on or isn't enrolled to dogfood, it is beyond our ability to control remotely.
+
### Enroll a macOS host in dogfood
+
When a device is purchased using the Apple eCommerce store, the device is automatically enrolled in Apple Business Manager (ABM) and assigned to the correct server to ensure the device is in dogfood.
You can confirm that the device has been ordered correctly by following these steps:
- Log into ABM
@@ -229,14 +260,20 @@ On occasion there will be a need to manually enroll a macOS host in dogfood. Thi
- Once complete, follow instructions to reset disk encryption key.
- Disk encryption key will now be stored in Fleet dogfood, which signifies that the device is now enrolled in dogfood.
+
### Enroll a Windows or Ubuntu Linux device in dogfood
+
To enroll a windows or Ubuntu Linux device in dogfood, instruct the user to install fleetd for their platform from internal shared drive folder [here](https://drive.google.com/drive/folders/1-hMwk4P7NRzCU5kDxkEcOo8Sluuaux1h?usp=drive_link).
Once the user has installed fleetd, verify the device is correctly enrolled by confirming the device encryption key is in dogfood.
+
### Enroll a ChromeOS device in dogfood
+
ChromeOS devices are automatically enrolled in dogfood after the IT admin sets up automatic enrollment. This is done in dogfood by following the steps found in the dialog popup when selecting "Add hosts > ChromeOS" from the dogfood Hosts page.
+
### Lock a macOS host in dogfood using fleetctl CLI tool
+
- Download the lock command XML file from Google Drive [here](https://drive.google.com/file/d/1o6vJ1fHilRtBmyKAj0I5URiKn77qe4gS/view?usp=drive_link).
- Customize any messaging that will appear on the locked device, and modify the pin for unlocking the device by editing the file in text editor.
- Note you will need to safely store the recovery pin for the device, suggest using 1Password or other secure storage method
@@ -252,7 +289,9 @@ ChromeOS devices are automatically enrolled in dogfood after the IT admin sets u
- Enter disk encryption key on laptop. This should prompt you to create a new password.
- You will then be logged into the default device profile, and can complete any needed actions (wipe, recover data).
+
### Book an event
+
Fleet's Client Platform Engineer & Community Advocate is responsible for booking events that Fleet has chosen to attend and/or sponsor. To book an event, complete the steps in each event issue. Contact the [🫧 Digital Marketing Manager](https://fleetdm.com/handbook/demand#team) as needed with any questions or blockers to booking an event.
> Note: The Demand department [settles all event strategy](https://fleetdm.com/handbook/demand#settle-event-strategy) prior to booking an event.
@@ -269,6 +308,7 @@ Article creation begins with creation of an issue using the "Article request" te
Check the "📃 Planned articles" column in [#g-demand board](https://app.zenhub.com/workspaces/g-demand-64e6c8e2d35c7f001a457b7f/board) and continue to work through steps in each event's issue.
-->
+
### Order SWAG
**To order T-shirts:**
@@ -300,14 +340,18 @@ Check the "📃 Planned articles" column in [#g-demand board](https://app.zenhub
- [Sharpie Fine Point Markers](https://www.everythingbranded.com/product/sharpie-fine-point-332908)
- [Custom sticky note pads](https://www.everythingbranded.com/product/custom-sticky-notes-585601) (design is in the StickerMule [brand kit](https://www.stickermule.com/studio/brand-kits))
+
### Review another product group's pull request
+
Some code paths require pull request review from multiple product groups to confirm there are no
unintended side effects of the change for another product group. All code paths defined in
[CODEOWNERS](https://github.com/fleetdm/fleet/blob/main/CODEOWNERS) that are assigned to individual
engineers across multiple product groups must be approved by one engineer from each product group
before merging.
+
### Review a community pull request
+
If you're assigned a community pull request for review, it is important to keep things moving for the contributor. The goal is to not go more than one business day without following up with the contributor.
A PR should be merged if:
@@ -334,7 +378,9 @@ For PRs that will not be merged:
- Thank the contributor for their effort and explain why the changes won't be merged.
- Close the PR.
+
### Merge a community pull request
+
When merging a pull request from a community contributor:
- Ensure that the checklist for the submitter is complete.
@@ -343,10 +389,14 @@ When merging a pull request from a community contributor:
- Thank and congratulate the contributor.
- Share the merged PR with the team in the #help-promote channel of Fleet Slack to be publicized on social media. Those who contribute to Fleet and are recognized for their contributions often become great champions for the project.
+
### Close a stale community issue
+
If a community member opens an issue that we can't reproduce leave a comment asking the author for more context. After one week with no reply, close the issue with a comment letting them know they are welcome to re-open it with any updates.
+
### Schedule developer on-call workload
+
Engineering managers are asked to be aware of the [on-call rotation](https://docs.google.com/document/d/1FNQdu23wc1S9Yo6x5k04uxT2RwT77CIMzLLeEI2U7JA/edit#) and schedule a light workload for engineers while they are on-call. While it varies week to week considerably, the on-call responsibilities can sometimes take up a substantial portion of the engineer's time.
We aspire to clear sprint work for the on-call engineer, but due to capacity or other constraints, sometimes the on-call engineer is required for sprint work. When this is the case, the EM will work with the on-call engineer to take over support requests or @oncall assignment completely when necessary.
@@ -361,7 +411,9 @@ Some ideas:
- Create a blog post (or other content) for fleetdm.com.
- Try out an experimental refactor.
+
### Edit a DNS record
+
We use Cloudflare to manage the DNS records of fleetdm.com and our other domains. To make DNS changes in Cloudflare:
1. Log into your Cloudflare account and select the "Fleet" account.
2. Select the domain you want to change and go to the DNS panel on that domain's dashboard.
@@ -369,22 +421,28 @@ We use Cloudflare to manage the DNS records of fleetdm.com and our other domains
> If you need access to Fleet's Cloudflare account, please ask the [DRI](https://fleetdm.com/handbook/company/why-this-way#why-direct-responsibility) [Luke Heath](https://fleetdm.com/handbook/engineering#team) in Slack for an invitation.
+
### Assume developer on-call alias
+
The on-call developer is responsible for:
- Knowing [the on-call rotation](https://fleetdm.com/handbook/company/product-groups#the-developer-on-call-rotation).
- Preforming the [on-call responsibilities](https://fleetdm.com/handbook/company/product-groups#developer-on-call-responsibilities).
- [Escalating community questions and issues](https://fleetdm.com/handbook/company/product-groups#escalations).
- Successfully [transferring the on-call persona to the next developer](https://fleetdm.com/handbook/company/product-groups#changing-of-the-guard).
+
### Notify stakeholders when a user story is pushed to the next release
-[User stories](https://fleetdm.com/handbook/company/product-groups#scrum-items) are intended to be completed in a single sprint. When a user story selected for a release has not merged into `main` by the time the [merge freeze](https://fleetdm.com/handbook/engineering#begin-a-merge-freeze) begins, it is the product group EM's responsibility to notify stakeholders:
+
+[User stories](https://fleetdm.com/handbook/company/product-groups#scrum-items) are intended to be completed in a single sprint. When a user story selected for a release has not merged into `main` by the time the release candidate is created, it is the product group EM's responsibility to notify stakeholders:
1. Add the `~pushed` label to the user story.
2. Update the user story's milestone to the next minor version milestone.
3. Comment on the GitHub issue and at-mention the PM and anyone listed in the requester field.
4. If `customer-` labels are applied to the user story, at-mention the [VP of Customer Success](https://fleetdm.com/handbook/customer-success#team).
+
### Run Fleet locally for QA purposes
+
To try Fleet locally for QA purposes, run `fleetctl preview`, which defaults to running the latest stable release.
To target a different version of Fleet, use the `--tag` flag to target any tag in [Docker Hub](https://hub.docker.com/r/fleetdm/fleet/tags?page=1&ordering=last_updated), including any git commit hash or branch name. For example, to QA the latest code on the `main` branch of fleetdm/fleet, you can run: `fleetctl preview --tag=main`.
@@ -395,7 +453,9 @@ For each bug found, please use the [bug report template](https://github.com/flee
For unreleased bugs in an active sprint, a new bug is created with the `~unreleased bug` label. The `:release` label and associated product group label is added, and the engineer responsible for the feature is assigned. If QA is unsure who the bug should be assigned to, it is assigned to the EM. Fixing the bug becomes part of the story.
+
### Accept new Apple developer account terms
+
Engineering is responsible for managing third-party accounts required to support engineering infrastructure. We use the official Fleet Apple developer account to notarize installers we generate for Apple devices. Whenever Apple releases new terms of service, we are unable to notarize new packages until the new terms are accepted.
When this occurs, we will begin receiving the following error message when attempting to notarize packages: "You must first sign the relevant contracts online." To resolve this error, follow the steps below.
@@ -410,6 +470,7 @@ When this occurs, we will begin receiving the following error message when attem
5. Accept the new terms of service.
+
### Interview a developer candidate
Ensure the interview process follows these steps in order. This process must follow [creating a new position](https://fleetdm.com/handbook/company/leadership#creating-a-new-position) through [receiving job applications](https://fleetdm.com/handbook/company/leadership#receiving-job-applications). Once the position is approved manage this process per candidate in a [hiring pipeline](https://drive.google.com/drive/folders/1dLZaor9dQmAxcxyU6prm-MWNd-C-U8_1?usp=drive_link)
@@ -424,7 +485,9 @@ Ensure the interview process follows these steps in order. This process must fol
If the candidate passes all of these steps then continue with [hiring a new team member](https://fleetdm.com/handbook/company/leadership#hiring-a-new-team-member).
+
### Renew MDM certificate signing request (CSR)
+
The certificate signing request (CSR) certificate expires every year. It needs to be renewed prior to expiring. This is notified to the team by the MDM calendar event [IMPORTANT: Renew MDM CSR certificate](https://calendar.google.com/calendar/u/0/r/eventedit/MmdqNTY4dG9nbWZycnNxbDBzYjQ5dGplM2FfMjAyNDA5MDlUMTczMDAwWiBjXzMyMjM3NjgyZGRlOThlMzI4MjVhNTY1ZDEyZjk0MDEyNmNjMWI0ZDljYjZjNjgyYzQ2MjcxZGY0N2UzNjM5NDZAZw)
Steps to renew the certificate:
@@ -444,7 +507,9 @@ Steps to renew the certificate:
10. Verify by logging into a normal apple account (not billing@...) and Generate a new Push Certificate following our [setup MDM](https://fleetdm.com/docs/using-fleet/mdm-setup) steps and verify the Expiration date is 1 year from today.
11. Adjust calendar event to be between 2-4 weeks before the next expiration.
+
### Perform an incident postmortem
+
Conduct a postmortem meetings for every service or feature outage and every critical bug, whether it's a customer's environment or on fleetdm.com.
1. Copy this [postmortem template](https://docs.google.com/document/d/1Ajp2LfIclWfr4Bm77lnUggkYNQyfjePiWSnBv1b1nwM/edit?usp=sharing) document and pre-populate where possible.
@@ -454,7 +519,9 @@ Conduct a postmortem meetings for every service or feature outage and every crit
[Example Finished Document](https://docs.google.com/document/d/1YnETKhH9R7STAY-PaFnPy2qxhNht2EAFfkv-kyEwebQ/edit?usp=share_link)
+
### Process incoming equipment
+
Upon receiving any device, follow these steps to process incoming equipment.
1. Search for the SN of the physical device in the ["Company equipment" spreadsheet](https://docs.google.com/spreadsheets/d/1hFlymLlRWIaWeVh14IRz03yE-ytBLfUaqVz0VVmmoGI/edit#gid=0) to confirm the correct equipment was received.
3. Visibly inspect equipment and all related components (e.g. laptop charger) for damage.
@@ -466,7 +533,9 @@ Upon receiving any device, follow these steps to process incoming equipment.
9. Follow the prompts to activate the device and reinstall the appropriate version of macOS.
> If you are prevented from completing the steps above, create a ["💻 IT support issue](https://github.com/fleetdm/confidential/issues/new?assignees=%40spokanemac&labels=%3Ahelp-it&projects=&template=request-it-support.md&title=%F0%9F%92%BB+Request+IT+support) for IT, for the device to be scheduled for troubleshooting and remediation. Please note in the issue where you encountered blockers to completing the steps.
+
### Ship approved equipment
+
Once the Business Operations department approves inventory to be shipped from Fleet IT, follow these step to ship the equipment.
1. Compare the equipment request issue with the ["Company equipment" spreadsheet](https://docs.google.com/spreadsheets/d/1hFlymLlRWIaWeVh14IRz03yE-ytBLfUaqVz0VVmmoGI/edit#gid=0) and verify physical inventory.
2. Plug in the device and ensure inventory has been correctly processed and all components are present (e.g. charger cord, power converter).
@@ -476,9 +545,12 @@ Once the Business Operations department approves inventory to be shipped from Fl
6. Ship via FedEx to the address listed in the equipment request.
7. Add a comment to the equipment request issue, at-mentioning the requestor with the FedEx tracking info and close the issue.
+
## Rituals
+
+ Unsubscribe
diff --git a/website/views/layouts/layout.ejs b/website/views/layouts/layout.ejs
index 9b090d48db..ed4ebaf20b 100644
--- a/website/views/layouts/layout.ejs
+++ b/website/views/layouts/layout.ejs
@@ -61,6 +61,13 @@
+ <%/* Segment */%>
+
<% /* Meta pixel code */ %>
- <% /* Delete the global `self` to help avoid client-side bugs.
- (see https://developer.mozilla.org/en-US/docs/Web/API/Window/self) */ %>
-
-
-
<%/* bowser.js (for browser detection) -- included inline to avoid issues with minification that could affect the unsupported browser overlay */%>
@@ -635,6 +637,7 @@
window.history.replaceState({}, '', queryParameterLessUrl);// https://caniuse.com/mdn-api_history_replacestate
}
});
+
// Adding hover events to header dropdown menus.
$(function(){
$('[purpose=dropdown-button]').hover(
diff --git a/website/views/pages/device-management.ejs b/website/views/pages/device-management.ejs
index 93215dc33a..f7b0f37a84 100644
--- a/website/views/pages/device-management.ejs
+++ b/website/views/pages/device-management.ejs
@@ -416,7 +416,10 @@
<%/* Shorten the feedback loop section */%>
-
-
+
+
-
+ 
+
+ Shorten the feedback loop
Spend less time debugging whether changes actually happened.
@@ -426,14 +429,8 @@Every change to a policy or security control is tracked and auditable in Fleet’s UI, or in your logs.
-
-
-
- <%- partial('../partials/calendar-banner.partial.ejs') %>
-
<%/* Scope transparency section */%>
diff --git a/website/views/pages/endpoint-ops.ejs b/website/views/pages/endpoint-ops.ejs
index fa80f91e7d..c9cfbb40fa 100644
--- a/website/views/pages/endpoint-ops.ejs
+++ b/website/views/pages/endpoint-ops.ejs
@@ -3,7 +3,7 @@
@@ -228,7 +226,6 @@
- <%- partial('../partials/calendar-banner.partial.ejs') %>
diff --git a/website/views/pages/homepage.ejs b/website/views/pages/homepage.ejs
index f46f1b6c48..ef71b85ee8 100644
--- a/website/views/pages/homepage.ejs
+++ b/website/views/pages/homepage.ejs
@@ -6,8 +6,8 @@
-
Endpoint operations
+Endpoint operations <%= ['eo-security', 'vm'].includes(primaryBuyingSituation) ? 'for security' : ['eo-it', 'mdm'].includes(primaryBuyingSituation) ? 'for IT' : '' %>
<%= primaryBuyingSituation==='eo-security'? 'Instrument your endpoints' : 'Understand your computers'%>
@@ -123,10 +123,8 @@
-
Remote-control IT tasks on every kind of computer – even you, Linux.
Write and run scripts remotely, report progress, and replay queued up tasks on computers that went offline.
-Integrate Google Calendar to install updates and force restarts when your users’ computers are actually free.
-Reduce human error by automating click-tastic tasks directly on the host with Open Interpreter.*
+Optionally integrate Google Calendar to make changes when certain users’ devices are actually free.
*Coming soon
@@ -228,7 +226,6 @@
diff --git a/website/views/pages/homepage.ejs b/website/views/pages/homepage.ejs
index f46f1b6c48..ef71b85ee8 100644
--- a/website/views/pages/homepage.ejs
+++ b/website/views/pages/homepage.ejs
@@ -6,8 +6,8 @@
<%/* Hero text */%>
-
<%- partial('../partials/primary-tagline.partial.ejs') %>
-Replace the sprawl with <%= primaryBuyingSituation === 'vm'? 'secure, open-source reporting that works the way you want' : primaryBuyingSituation === 'eo-security'? 'universal, open-source endpoint visibility' : 'secure, open-source device management that works the way you want' %>.
+<%- partial('../partials/primary-tagline.partial.ejs') %>
+Replace the sprawl with <%= primaryBuyingSituation === 'vm'? 'secure, open-source reporting that works the way you want' : primaryBuyingSituation === 'eo-security'? 'universal, open-source endpoint visibility' : 'a modern device management platform that works the way you want' %>.
Learn how
Talk to us
@@ -27,9 +27,9 @@
<% if(!primaryBuyingSituation){ %>
<%/* Device management block */%>
- <%/* Endpoint ops block */%>
- Device management
- Endpoint ops
- Vulnerability management
-
+ IT engineering
+ Security engineering
+
@@ -49,38 +49,38 @@
+ <%/* IT engineering block */%>
+
- <%/* Vulnerability management block */%>
-
- Pulse check anything
-
Use a live connection to every endpoint to simplify audit, compliance, and reporting from workstations to data centers.
+ Automate anything +Remotely run scripts and prompts to complete tasks on every kind of computer, including Linux.
Ship data to any platformShip logs to any platform like Splunk, Snowflake, or any streaming infrastructure like AWS Kinesis and Apache Kafka.
Osquery on easy modeUse "read-only" mode or enable remote scripting to automate anything on every operating system, including Linux.
+ <%/* Security engineering block */%>
+
@@ -104,11 +104,11 @@
<% } %>
<% } %>
-
+
diff --git a/website/views/pages/transparency.ejs b/website/views/pages/transparency.ejs
index 12f255e580..fd94fc5f32 100644
--- a/website/views/pages/transparency.ejs
+++ b/website/views/pages/transparency.ejs
@@ -2,56 +2,12 @@
- <%- partial('../partials/calendar-banner.partial.ejs') %>
@@ -141,11 +140,11 @@
diff --git a/website/views/partials/calendar-banner.partial.ejs b/website/views/partials/calendar-banner.partial.ejs
index 7da1b7e7e8..e3c91817fc 100644
--- a/website/views/partials/calendar-banner.partial.ejs
+++ b/website/views/partials/calendar-banner.partial.ejs
@@ -2,7 +2,7 @@
- Report what matters
-
Let's face it, most built-in graphs leave you wanting more. Report MTTR and any other custom metrics exactly the way you want to using fresh data from real computers.
- Deep context from the environment -Fleet gives you data down to the chip level on every endpoint to help you make sense of which vulnerabilities to prioritize.
- Untangle your security stack -Use open data and APIs to connect your vulnerability solution with osquery, the agent you might already have deployed.
+ Osquery on easy mode +Use "read-only" mode or enable remote scripting to automate anything on every operating system, including Linux.
+ Pulse check anything +Use a live connection to every endpoint to simplify audit, compliance, and reporting from workstations to data centers.
+ Ship data to any platform +Ship logs to any platform like Splunk, Snowflake, or any streaming infrastructure like AWS Kinesis and Apache Kafka.
-
Endpoint ops
+<%= primaryBuyingSituation==='eo-security'? 'Security engineering' : 'IT engineering'%>
<%= primaryBuyingSituation==='eo-security'? 'Instrument your endpoints' : 'Understand your computers'%>
A <%= primaryBuyingSituation==='eo-security'? 'lightweight' : 'quick-fast' %> way to gather <%= primaryBuyingSituation==='vm'? 'patch level and custom reports across all your computing devices, even in OT and production environments' : primaryBuyingSituation==='eo-security'? 'deep context and custom telemetry across all your endpoints, even servers' : primaryBuyingSituation==='mdm'||primaryBuyingSituation==='eo-it'? 'compliance and inventory data across all your devices' : 'device data across all your computers' %>. Pulse check or automate anything on any platform.
- Start with endpoint ops
+ Start with <%= primaryBuyingSituation==='eo-security' ? 'security engineering' : 'IT engineering'%>
@@ -171,18 +171,15 @@
-
Endpoint ops
-<%= primaryBuyingSituation==='eo-security'? 'Instrument your endpoints' : 'Understand your computers'%>
-A <%= primaryBuyingSituation==='eo-security'? 'lightweight' : 'quick-fast' %> way to gather <%= primaryBuyingSituation==='vm'? 'patch level and custom reports across all your computing devices, even in OT and production environments' : primaryBuyingSituation==='eo-security'? 'deep context and custom telemetry across all your endpoints, even servers' : primaryBuyingSituation==='mdm'||primaryBuyingSituation==='eo-it'? 'compliance and inventory data across all your devices' : 'device data across all your computers' %>. Pulse check or automate anything on any platform.
+<%= primaryBuyingSituation==='mdm' ? 'IT engineering' : 'Security engineering'%>
+<%= primaryBuyingSituation==='vm'? 'Instrument your endpoints' : 'Understand your computers'%>
+A <%= primaryBuyingSituation==='vm'? 'lightweight' : 'quick-fast' %> way to gather <%= primaryBuyingSituation==='vm'? 'patch level and custom reports across all your computing devices, even in OT and production environments' : primaryBuyingSituation==='vm'? 'deep context and custom telemetry across all your endpoints, even servers' : primaryBuyingSituation==='mdm'||primaryBuyingSituation==='eo-it'? 'compliance and inventory data across all your devices' : 'device data across all your computers' %>. Pulse check or automate anything on any platform.
- Start with endpoint ops
+ Start with <%= primaryBuyingSituation==='mdm' ? 'IT engineering' : 'security engineering'%>
- <%- partial('../partials/calendar-banner.partial.ejs') %>
-
<%/* Integration cards */%>
Connect your favorite tools
@@ -376,7 +373,7 @@For teams with lots of computing devices
-<%- partial('../partials/primary-tagline.partial.ejs') %>
+<%- partial('../partials/primary-tagline.partial.ejs') %>
Start now
Talk to us
@@ -387,6 +384,9 @@
<%/* Cloud city banner */%>
Your email preferences have been updated.
+
-
- A better employee experience
-What if the way your employer maintained your computer was more transparent? What if it helped you get more done?
+What can Fleet access on my device?
+End users deserve to know what their employer can see and do on their laptops. Here’s what Fleet can manage on your device:
+
-
-
-
- Tell me when and why
-Fleet installs updates and forces restarts when you and your computer are actually free.
-
-
-
- I wish my company did this
-
- No more restarts blocking you from important meetings
-See what's getting changed on your work computer
-Avoid losing unsaved work
-
- 
-
-
-
-
-
-
-
-
-
- Don’t make me think about IT
-Stop distracting employees with computer maintenance tasks and reclaim countless hours of lost time across your organization.
-
-
-
-
-
-
-
- 
-
-
-
- Get your team’s laptops secure with as little thought as possible. Minimize employee interaction required for security updates.
-
- 
-
-
-
- Give people a reliable digital experience at work. Automatically fix laptop vulnerabilities so security doesn’t have to chase your staff.
-
-
+ What can Fleet access on my device?
-End users deserve to know what their employer can see and do on their laptops. Here’s what Fleet can manage on your device:
@@ -156,6 +112,17 @@
+
+
+
+ 
+ Automate compliance.
+ Learn more
+
+
+ Automate compliance.
Improve security. Reduce risk.
+ Build trust with customers using automation backed by world-class experts
+
-
Vulnerability management
-Build the vulnerability program you actually want
+Open-source vulnerability reporting
+Check vulnerabilities anywhere
@@ -12,14 +12,14 @@
Report what matters
-
Let's face it, most built-in graphs leave you wanting more. Report MTTR and any other custom metrics exactly the way you want to using fresh data from real computers.
+Report exactly when CVEs were fixed or mitigated, down to the hour.
Deep context from the environmentFleet gives you data down to the chip level on every endpoint to help you make sense of which vulnerabilities to prioritize.
Untangle your security stackUse open data and APIs to connect your vulnerability solution with osquery, the agent you might already have deployed.
@@ -141,11 +140,11 @@
-
Open-source vulnerability management
-Build the vulnerability program you actually want
+Open-source vulnerability reporting
+Check vulnerabilities anywhere
NEW
<% if(!primaryBuyingSituation) {%>
- "This is a terrible time to mess with my computer."
+"This is a terrible time to mess with my computer."
Install updates and force restarts when your users’ computers are actually free.
<%} else if(['eo-it', 'mdm'].includes(primaryBuyingSituation)) {%>