Update policies via GitOps (#18537)

2026-05-23 00:49:03 +00:00 · 2024-04-25 09:56:50 -05:00 · 2024-04-25 09:56:50 -05:00 · 3a538e9729
commit 3a538e9729
parent b82d5f4ef9
3 changed files with 22 additions and 9 deletions
--- a/it-and-security/lib/macos-device-health.policies.yml
+++ b/it-and-security/lib/macos-device-health.policies.yml
@ -64,12 +64,3 @@
  description: Looks for PDF files with file names typically used by 1Password for emergency recovery kits. To protect the performance of your devices, the search is one level deep and limited to the Desktop, Documents, Downloads, and Shared folders.
  resolution: Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location.
  platform: darwin
- name: macOS - Check if latest version
-  query: |
-    SELECT 1 FROM os_version 
-      WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 1)) --Sonoma
-  critical: false
-  description: This policy check if macOS version is most recent version available.
-  resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
-  platform: darwin
-  calendar_events_enabled: true
--- a/it-and-security/teams/workstations-canary.yml
+++ b/it-and-security/teams/workstations-canary.yml
@ -109,6 +109,15 @@ policies:
  - path: ../lib/macos-device-health.policies.yml
  - path: ../lib/windows-device-health.policies.yml
  - path: ../lib/linux-device-health.policies.yml
+  - name: macOS - Check if latest version
+    query: |
+      SELECT 1 FROM os_version
+        WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 2)) --Sonoma
+    critical: false
+    description: This policy check if macOS version is most recent version available.
+    resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
+    platform: darwin
+    calendar_events_enabled: true
 queries:
  - path: ../lib/collect-failed-login-attempts.queries.yml
  - path: ../lib/collect-fleetd-information.yml
--- a/it-and-security/teams/workstations.yml
+++ b/it-and-security/teams/workstations.yml
@ -8,6 +8,10 @@ team_settings:
    host_expiry_window: 0
  secrets:
    - secret: $DOGFOOD_WORKSTATIONS_ENROLL_SECRET
+  integrations:
+    google_calendar:
+      enable_calendar_events: true
+      webhook_url: $DOGFOOD_WORKSTATIONS_CANARY_CALENDAR_WEBHOOK_URL
 agent_options:
  path: ../lib/agent-options.yml
 controls:
@ -57,6 +61,15 @@ policies:
  - path: ../lib/macos-device-health.policies.yml
  - path: ../lib/windows-device-health.policies.yml
  - path: ../lib/linux-device-health.policies.yml
+  - name: macOS - Check if latest version
+    query: |
+      SELECT 1 FROM os_version
+        WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 1)) --Sonoma
+    critical: false
+    description: This policy check if macOS version is most recent version available.
+    resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
+    platform: darwin
+    calendar_events_enabled: true
 queries:
  - path: ../lib/collect-failed-login-attempts.queries.yml
  - path: ../lib/collect-usb-devices.queries.yml