Updating APNs certificate and related policy automations (#26696)

Created a new policy with the calendaring automation for when I update
the APNs certificate being used.

---------

Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>

it-and-security/default.yml

@@ -84,7 +84,6 @@ org_settings:
       destination_url: $DOGFOOD_ACTIVITIES_WEBHOOK_URL
       enable_activities_webhook: true
 policies:
-  - path: ./lib/all/policies/mac-enrollment-profile-up-to-date.yml
 queries:
   - path: ./lib/all/queries/collect-fleetd-information.yml
   - path: ./lib/all/queries/collect-operating-system-information.yml

it-and-security/lib/all/policies/mac-enrollment-profile-up-to-date.yml

@@ -1,14 +0,0 @@
-- name: macOS - Enrollment profile up to date
-  query: SELECT 1 FROM mdm where topic = "com.apple.mgmt.External.ccfc8d43-e9f1-49ec-8ca4-10072077deec";
-  critical: true
-  description: This policy checks to see if you have the most recent enrollment profile installed. Not having this profile means this device is no longer communicating with Fleet via MDM.
-  resolution: |-
-    You must manually remove your enrollment profile to fix this issue by following these steps: 
-
-     > System Settings > General > Device Management > Click on the profile "Fleet enrollment" followed by the "-" button 
-
-    After a few minutes, your device may initate automatic re-enrollment. If it does not, open Fleet Desktop and follow the steps for turning on MDM. 
-
-    If you encounter any issues, please reach out via #help-dogfooding. 
-  platform: darwin
-  

it-and-security/lib/macos/policies/enrollment-profile-up-to-date.yml

@@ -0,0 +1,14 @@
+- name: macOS - Enrollment profile up to date
+  query: SELECT 1 FROM mdm where topic = "com.apple.mgmt.External.8a3367bf-49d7-4dc3-ae41-c9de95f7b424";
+  critical: true
+  description: Recently we had to update files used for managing Apple devices. This policy checks to see if you have the most recent enrollment profile installed. Not having this profile means this device is no longer communicating with Fleet via MDM.
+  resolution: |-
+    You must manually remove your enrollment profile to fix this issue by following these steps: 
+
+     > System Settings > General > Device Management > Click on the profile "Fleet enrollment" followed by the "-" button 
+
+    After a few minutes, your device may initiate automatic re-enrollment. If it does not, open Fleet Desktop and follow the steps for manually enabling MDM. 
+
+    If you encounter any issues, please reach out via #help-dogfooding. 
+  platform: darwin
+  calendar_event_enabled: true

it-and-security/teams/compliance-exclusions.yml

@@ -30,6 +30,7 @@ agent_options:
 controls:
   enable_disk_encryption: true
 policies:
+    - path: ../lib/macos/policies/enrollment-profile-up-to-date.yml
 queries:
 software:
   packages:

it-and-security/teams/workstations-canary.yml

@@ -143,6 +143,7 @@ policies:
   - path: ../lib/macos/policies/latest-macos.yml
   - path: ../lib/macos/policies/update-1password.yml
   - path: ../lib/macos/policies/all-software-updates-installed.yml
+  - path: ../lib/macos/policies/enrollment-profile-up-to-date.yml
   - path: ../lib/windows/policies/antivirus-signatures-up-to-date.yml
   - path: ../lib/windows/policies/all-windows-updates-installed.yml
   - path: ../lib/linux/policies/disk-encryption-check.yml

it-and-security/teams/workstations.yml

@@ -88,6 +88,7 @@ policies:
   - path: ../lib/macos/policies/latest-macos.yml
   - path: ../lib/macos/policies/all-software-updates-installed.yml
   - path: ../lib/macos/policies/update-slack.yml
+  - path: ../lib/macos/policies/enrollment-profile-up-to-date.yml
   - path: ../lib/windows/policies/antivirus-signatures-up-to-date.yml
   - path: ../lib/windows/policies/all-windows-updates-installed.yml
   - path: ../lib/linux/policies/disk-encryption-check.yml