Adding new policy to check for MDM enrollment (#4343)

2026-05-23 17:08:53 +00:00 · 2022-03-03 14:22:23 -05:00 · 2022-03-03 14:22:23 -05:00 · 4f8847ddd2
commit 4f8847ddd2
parent 7d60be4c15
2 changed files with 20 additions and 2 deletions
--- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
+++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
@ -587,4 +587,13 @@ spec:
  resolution: "Ensure ClamAV and Freshclam are installed and running."
  platforms: Linux
  contributors: GuillaumeRoss
-  
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: MDM Enrolled (macOS)
+  query: SELECT 1 from mdm WHERE enrolled='true';
+  description: "Required: osquery deployed with Orbit, or manual installation of macadmins/osquery-extension. Checks that a Mac is enrolled to MDM. Add a AND on identity_certificate_uuid to check for a specific MDM."
+  resolution: "Enroll device to MDM"
+  platforms: macOS
+  contributors: GuillaumeRoss
--- a/frontend/utilities/constants.ts
+++ b/frontend/utilities/constants.ts
@ -112,6 +112,15 @@ export const DEFAULT_POLICIES = [
  },
  {
    key: 10,
+    query: "SELECT 1 FROM mdm WHERE enrolled='true';",
+    name: "MDM Enrolled (macOS)",
+    description:
+      "Required: osquery deployed with Orbit, or manual installation of macadmins/osquery-extension. Checks that a Mac is enrolled to MDM. Add a AND on identity_certificate_uuid to check for a specific MDM.",
+    resolution: "Enroll device to MDM",
+    platform: "darwin",
+  },
+  {
+    key: 11,
    query:
      "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Terminal' AND name = 'SecureKeyboardEntry' AND value = 1 LIMIT 1;",
    name: "Secure keyboard entry for Terminal.app enabled (macOS)",
@ -121,7 +130,7 @@ export const DEFAULT_POLICIES = [
    platform: "darwin",
  },
  {
-    key: 11,
+    key: 12,
    query:
      "SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1;",
    name: "System Integrity Protection enabled (macOS)",