diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml index 662133eb41..d1446208e8 100644 --- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml +++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml @@ -587,4 +587,13 @@ spec: resolution: "Ensure ClamAV and Freshclam are installed and running." platforms: Linux contributors: GuillaumeRoss - +--- +apiVersion: v1 +kind: policy +spec: + name: MDM Enrolled (macOS) + query: SELECT 1 from mdm WHERE enrolled='true'; + description: "Required: osquery deployed with Orbit, or manual installation of macadmins/osquery-extension. Checks that a Mac is enrolled to MDM. Add a AND on identity_certificate_uuid to check for a specific MDM." + resolution: "Enroll device to MDM" + platforms: macOS + contributors: GuillaumeRoss diff --git a/frontend/utilities/constants.ts b/frontend/utilities/constants.ts index 43b5cf634c..e9bf1d71cd 100644 --- a/frontend/utilities/constants.ts +++ b/frontend/utilities/constants.ts @@ -112,6 +112,15 @@ export const DEFAULT_POLICIES = [ }, { key: 10, + query: "SELECT 1 FROM mdm WHERE enrolled='true';", + name: "MDM Enrolled (macOS)", + description: + "Required: osquery deployed with Orbit, or manual installation of macadmins/osquery-extension. Checks that a Mac is enrolled to MDM. Add a AND on identity_certificate_uuid to check for a specific MDM.", + resolution: "Enroll device to MDM", + platform: "darwin", + }, + { + key: 11, query: "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Terminal' AND name = 'SecureKeyboardEntry' AND value = 1 LIMIT 1;", name: "Secure keyboard entry for Terminal.app enabled (macOS)", @@ -121,7 +130,7 @@ export const DEFAULT_POLICIES = [ platform: "darwin", }, { - key: 11, + key: 12, query: "SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1;", name: "System Integrity Protection enabled (macOS)",