From d73446d1fe684d84ecd24a4b6c9ba134a3d20eb8 Mon Sep 17 00:00:00 2001
From: Luke Heath <luke@fleetdm.com>
Date: Mon, 8 Jul 2024 15:22:59 -0700
Subject: [PATCH] Set workstations to use DDM for macOS updates (#20178)

- On workstations, we dogfood the current recommended best practice:
https://fleetdm.com/docs/using-fleet/mdm-os-updates
- On workstations (canary), we dogfood using the calendar feature to run
managed OS updates.
---
 it-and-security/teams/workstations.yml | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml
index ee8d50e96c..81d2d0d9e8 100644
--- a/it-and-security/teams/workstations.yml
+++ b/it-and-security/teams/workstations.yml
@@ -44,8 +44,8 @@ controls:
     enable_end_user_authentication: true
     macos_setup_assistant: null
   macos_updates:
-    deadline: ""
-    minimum_version: ""
+    deadline: "2024-07-12"
+    minimum_version: "14.5"
   windows_settings:
     custom_settings: null
   windows_updates:
@@ -63,13 +63,6 @@ policies:
   - path: ../lib/linux-device-health.policies.yml
   - path: ../lib/macos-cis.policies.yml
   - path: ../lib/windows-cis.policies.yml
-  - name: macOS - Check if latest version
-    query: SELECT 1 FROM os_version WHERE major = '14' OR major = '15';
-    critical: false
-    description: Using an outdated macOS version risks exposure to security vulnerabilities and potential system instability.
-    resolution: We will update your macOS to the latest version.
-    platform: darwin
-    calendar_events_enabled: true  
 queries:
   - path: ../lib/collect-failed-login-attempts.queries.yml
   - path: ../lib/collect-usb-devices.queries.yml