From f47c44f685a9d3c9350ddf220350aa40d539edf0 Mon Sep 17 00:00:00 2001
From: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Date: Mon, 25 Nov 2024 12:27:56 -0600
Subject: [PATCH] Enable macOS Setup Experience for Workstations team (#24125)

In support of: https://github.com/fleetdm/confidential/issues/8790

I made the following changes to support the macOS Setup Experience in
`dogfood` for the Workstations team
- moved Software titles to their own dedicated folder and `yml` files so
they could be called via path
- edited the `macos_setup` configuration in the Workstations team yml
file.
- edited the `macos_setup_assistant` json file to skip certain items
during initial setup
- completed a `dry-run` successfully before submitting this pull request

# Expected behavior
When an ADE Mac boots for the first time, macOS Setup Experience will
automatically install Google Chrome, Zoom, Slack, and 1Password.

- Google Chrome will be downloaded via URL
- Zoom will be downloaded via URL
- Slack will be downloaded via VPP
- 1Password will be downloaded via VPP

No scripts have been included at this time and will be tracked in a
separate issue.
---
 it-and-security/lib/automatic-enrollment.dep.json |  3 ---
 .../lib/software/mac-google-chrome.yml            |  2 ++
 it-and-security/lib/software/mac-zoom-arm.yml     |  4 ++++
 it-and-security/teams/workstations.yml            | 15 ++++++++-------
 4 files changed, 14 insertions(+), 10 deletions(-)
 create mode 100644 it-and-security/lib/software/mac-google-chrome.yml
 create mode 100644 it-and-security/lib/software/mac-zoom-arm.yml

diff --git a/it-and-security/lib/automatic-enrollment.dep.json b/it-and-security/lib/automatic-enrollment.dep.json
index b7a6289ee5..2836d719d3 100644
--- a/it-and-security/lib/automatic-enrollment.dep.json
+++ b/it-and-security/lib/automatic-enrollment.dep.json
@@ -6,11 +6,8 @@
 	"language": "en",
 	"region": "US",
 	"skip_setup_items": [
-		"Accessibility",
-		"Appearance",
 		"AppleID",
 		"AppStore",
-		"Biometric",
 		"Diagnostics",
 		"FileVault",
 		"iCloudDiagnostics",
diff --git a/it-and-security/lib/software/mac-google-chrome.yml b/it-and-security/lib/software/mac-google-chrome.yml
new file mode 100644
index 0000000000..fb3d1f7be9
--- /dev/null
+++ b/it-and-security/lib/software/mac-google-chrome.yml
@@ -0,0 +1,2 @@
+url: https://dl.google.com/chrome/mac/stable/accept_tos%3Dhttps%253A%252F%252Fwww.google.com%252Fintl%252Fen_ph%252Fchrome%252Fterms%252F%26_and_accept_tos%3Dhttps%253A%252F%252Fpolicies.google.com%252Fterms/googlechrome.pkg
+self_service: true
\ No newline at end of file
diff --git a/it-and-security/lib/software/mac-zoom-arm.yml b/it-and-security/lib/software/mac-zoom-arm.yml
new file mode 100644
index 0000000000..38503c7aaf
--- /dev/null
+++ b/it-and-security/lib/software/mac-zoom-arm.yml
@@ -0,0 +1,4 @@
+url: https://zoom.us/client/latest/Zoom.pkg?archType=arm64
+pre_install_query:
+  path: ../lib/macos-check-if-apple-silicon.queries.yml
+self_service: true
\ No newline at end of file
diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml
index 4c30ac4b00..3aca539842 100644
--- a/it-and-security/teams/workstations.yml
+++ b/it-and-security/teams/workstations.yml
@@ -59,7 +59,12 @@ controls:
   macos_setup:
     bootstrap_package: ""
     enable_end_user_authentication: true
-    macos_setup_assistant: null
+    macos_setup_assistant: ../lib/automatic-enrollment.dep.json
+    software:
+      - package_path: ../lib/software/mac-google-chrome.yml # Google Chrome for macOS
+      - package_path: ../lib/software/mac-zoom-arm.yml # Zoom for macOS
+      - app_store_id: '803453959' # Slack Desktop
+      - app_store_id: '1333542190' # 1Password 7 Desktop
   macos_updates:
     deadline: "2024-12-02"
     minimum_version: "15.1.1"
@@ -101,12 +106,8 @@ queries:
     observer_can_run: true
 software:
   packages:
-    - url: https://zoom.us/client/latest/Zoom.pkg?archType=arm64
-      pre_install_query:
-        path: ../lib/macos-check-if-apple-silicon.queries.yml
-      self_service: true
-    - url: https://dl.google.com/chrome/mac/stable/accept_tos%3Dhttps%253A%252F%252Fwww.google.com%252Fintl%252Fen_ph%252Fchrome%252Fterms%252F%26_and_accept_tos%3Dhttps%253A%252F%252Fpolicies.google.com%252Fterms/googlechrome.pkg
-      self_service: true
+    - path: ../lib/software/mac-zoom-arm.yml # Zoom for macOS
+    - path: ../lib/software/mac-google-chrome.yml # Google Chrome for macOS
   app_store_apps:
     - app_store_id: '803453959' # Slack Desktop
     - app_store_id: '1333542190' # 1Password 7 Desktop