From 7babadf4baf70b1c81d95fad35a92c614de10471 Mon Sep 17 00:00:00 2001 From: Allen Houchins <32207388+allenhouchins@users.noreply.github.com> Date: Tue, 17 Dec 2024 14:19:08 -0600 Subject: [PATCH] Added DDM profile for iOS and iPadOS and copied macOS DDM profile to Workstations team (#24825) --- .../software-update-settings.json | 15 +++++++++++++++ .../software-update-settings.json | 15 +++++++++++++++ it-and-security/teams/company-owned-ipads.yml | 1 + it-and-security/teams/company-owned-iphones.yml | 1 + it-and-security/teams/workstations.yml | 1 + 5 files changed, 33 insertions(+) create mode 100644 it-and-security/lib/ios/declaration-profiles/software-update-settings.json create mode 100644 it-and-security/lib/ipados/declaration-profiles/software-update-settings.json diff --git a/it-and-security/lib/ios/declaration-profiles/software-update-settings.json b/it-and-security/lib/ios/declaration-profiles/software-update-settings.json new file mode 100644 index 0000000000..e6fcff6729 --- /dev/null +++ b/it-and-security/lib/ios/declaration-profiles/software-update-settings.json @@ -0,0 +1,15 @@ +{ + "Type": "com.apple.configuration.softwareupdate.settings", + "Identifier": "com.fleetdm.config.softwareupdate.settings", + "Payload": { + "AutomaticActions": { + "Download": "AlwaysOn", + "InstallOSUpdates": "Allowed", + "InstallSecurityUpdate": "AlwaysOn" + }, + "Notifications": true, + "RapidSecurityResponse": { + "Enabled": true + } + } +} \ No newline at end of file diff --git a/it-and-security/lib/ipados/declaration-profiles/software-update-settings.json b/it-and-security/lib/ipados/declaration-profiles/software-update-settings.json new file mode 100644 index 0000000000..e6fcff6729 --- /dev/null +++ b/it-and-security/lib/ipados/declaration-profiles/software-update-settings.json @@ -0,0 +1,15 @@ +{ + "Type": "com.apple.configuration.softwareupdate.settings", + "Identifier": "com.fleetdm.config.softwareupdate.settings", + "Payload": { + "AutomaticActions": { + "Download": "AlwaysOn", + "InstallOSUpdates": "Allowed", + "InstallSecurityUpdate": "AlwaysOn" + }, + "Notifications": true, + "RapidSecurityResponse": { + "Enabled": true + } + } +} \ No newline at end of file diff --git a/it-and-security/teams/company-owned-ipads.yml b/it-and-security/teams/company-owned-ipads.yml index 7aa73fcefd..439b2aa13e 100644 --- a/it-and-security/teams/company-owned-ipads.yml +++ b/it-and-security/teams/company-owned-ipads.yml @@ -16,6 +16,7 @@ controls: minimum_version: "18.2" macos_settings: custom_settings: + - path: ../lib/ipados/declaration-profiles/software-update-settings.json scripts: policies: queries: diff --git a/it-and-security/teams/company-owned-iphones.yml b/it-and-security/teams/company-owned-iphones.yml index 3467b9ef61..7dc44045eb 100644 --- a/it-and-security/teams/company-owned-iphones.yml +++ b/it-and-security/teams/company-owned-iphones.yml @@ -20,6 +20,7 @@ controls: - path: ../lib/ios/configuration-profiles/lock-screen-message.mobileconfig - path: ../lib/ios/configuration-profiles/content-filtering.mobileconfig - path: ../lib/ios/declaration-profiles/passcode-settings-ddm.json + - path: ../lib/ios/declaration-profiles/software-update-settings.json scripts: policies: queries: diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml index 2b15fc3cc7..46d2b218dc 100644 --- a/it-and-security/teams/workstations.yml +++ b/it-and-security/teams/workstations.yml @@ -56,6 +56,7 @@ controls: - path: ../lib/macos/configuration-profiles/prevent-autologon.mobileconfig - path: ../lib/macos/configuration-profiles/secure-terminal-keyboard.mobileconfig - path: ../lib/macos/declaration-profiles/passcode-settings.json + - path: ../lib/macos/declaration-profiles/software-update-settings.json macos_setup: bootstrap_package: "" enable_end_user_authentication: true