From 61f2d5fe58a15e7dda373a677908649907581131 Mon Sep 17 00:00:00 2001
From: Mo Zhu <mo@fleetdm.com>
Date: Tue, 6 Dec 2022 14:08:13 -0800
Subject: [PATCH] Add MDM-enforced OS autoupdate query (#8927)

Necessary for Vanta integration, since currently, we do not store autoupdate information.
---
 .../standard-query-library.yml                   | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
index d21bfcc2a6..d20dd571b7 100644
--- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
+++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
@@ -1034,3 +1034,19 @@ spec:
   purpose: inventory
   tags: inventory
   contributors: zwass
+---
+apiVersion: v1
+kind: query
+spec:
+  name: macOS Auto-updates enforced by MDM
+  platform: darwin
+  description: Finds all hosts where a mobile device management (MDM) solution enforces macOS auto-updates.
+  query: >-
+    SELECT * 
+    FROM managed_policies AS mp
+    WHERE mp.domain = "com.apple.SoftwareUpdate"
+    AND mp.name = "AutomaticallyInstallMacOSUpdates"
+    AND mp.value = "0";
+  purpose: compliance
+  tags: compliance
+  contributors: zhumo