<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves
#https://github.com/fleetdm/confidential/issues/14837
**Related issue:** Resolves
#https://github.com/fleetdm/confidential/issues/14839
Commit 1 - fixes the basic-whitepaper.ejs page so that the LP form
headline is not hard coded to GitOps anymore.
Commit 2 - posts the whitepaper and sets up the LP page
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Updates**
* Form headline on whitepaper download page is now customizable.
* Enhanced email submission feedback handling during download process.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Post Linux series article on the business case for Linux device
management. This is another chapter written for the eBook that I'm
extracting to a blog post.
Post Linux DM article: "How to define your Linux device management
needs".
Added as early chapter in IT Leader's Guide to Linux Device Management
eBook.
Add fallback wipe script for Windows hosts (#34994)
When Fleet's built-in Windows wipe action fails (MDM command returns
status 500, device not wiped), there is no documented fallback. This PR
adds a script that can be run via Fleet to wipe the device when the
native wipe fails.
## Changes
- `docs/solutions/windows/scripts/wipe-windows-device.ps1` - Fallback
wipe script
- `articles/lock-wipe-hosts.md` - Reference to fallback script added
under Windows wipe section
## What the script does
1. Validates and repairs WinRE if disabled (confirmed root cause of wipe
failures in #34994)
2. Checks Component Store integrity via DISM
3. Suspends BitLocker for one reboot cycle
4. Triggers wipe via WMI-to-CSP bridge (`doWipeProtected`, falls back to
`doWipe`), bypassing the MDM command queue
Fully unattended. No user interaction required. Exits 0 on success, 1 on
failure.
## Context
Every fully unattended Windows wipe method uses the same RemoteWipe CSP.
There is no alternative Windows API. This script adds value by fixing
the root causes before calling the wipe, and by bypassing the MDM
command queue where server-side failures (DB timeouts, auth errors) can
occur.
Closes#34994
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an administrator-only Windows device wipe utility that performs
staged system checks (recovery environment, system health, and disk
protection), attempts to suspend drive protection for a reboot, invokes
multiple local wipe triggers with fallbacks, creates a timestamped audit
log of actions, and provides clear success/failure summaries with likely
causes and suggested next steps.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Changes:
- Added support for a new article category: `webinar`.
- Added a template page for webinar articles.
- Added an additional route for webinar articles that users are taken to
to watch the webinar recording.
- Added `deliver-webinar-access-request`, an action that updates CRM
records when users fill out the form on the webinar template page.
- Updated the accepted `intentSignal` values in the
create-historical-event helper.
- Added an article for the "Beyond the hype, practical AI for device
management" webinar.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Public webinar pages (/webinars/:slug and /watch) with optional
embedded video and a new page template, script, and styles.
* Sidebar signup form (first name, last name, work email) with prefill
for signed-in users and improved scroll behavior.
* POST API to request webinar access: validates email domain, records a
webinar-request event, triggers background CRM sync, and returns a watch
view on success.
* Static-site build now recognizes webinar articles and enforces
embedded-video URL validation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Changes:
- Updated fleet-vs-jamf-vs-iru-kandji-mdm-comparison.md and
fleet-vs-jumpcloud-vs-workspace-one-comparison.md to use the comparison
article template.
- Updated the styles for mobile comparison tables
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved comparison table display on mobile devices by allowing table
labels to wrap properly instead of staying on a single line.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Two fixes to the Deploying Platform SSO with Okta and Fleet guide:
1. Clarified that `certificate_authorities` is a top-level key under
`org_settings` and not nested inside `integrations`. The guide's
example snippet showed `integrations:` in isolation, making it easy
to incorrectly nest `certificate_authorities` underneath it.
2. Added missing opening ```sql code fence in the Option 2 (Static SCEP
challenge) section. The missing fence was causing a large unformatted
block to break the article layout. Also removed a stray `);` at the
end of the query which was invalid SQL and appeared to be a
copy-paste artifact.
fleet vs jumpcloud vs workspace one
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Reorganized the load sequence of client-side page scripts in the site
layout to align execution order.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The SCEP profile for NDES certificate authority requires the
$FLEET_VAR_SCEP_RENEWAL_ID variable in the Subject OU field. Without
this, GitOps runs fail with an error about missing variables.
https://claude.ai/code/session_01DW2rrUmrxsTaD3t5J66Xz4
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
Co-authored-by: Claude <noreply@anthropic.com>
Made fixes to Jamf vs Fleet page based on reviewer feedback (Allen H):
- Don't focus on osquery in our answers
- Fix Fleet answer for Device scoping and targetting
- Remove "Premium plan" when we say yes to capabilities
- Update Android management answer
- Fix missing Oxford commas
## Summary
- Removes six anonymous case studies that are no longer needed:
open-source-software-company, interactive-entertainment-company,
financial-technology-company, open-source-organization,
global-saas-company, and online-marketplace.
- Deletes the 6 article markdown files from `articles/`, which
automatically removes them from the dynamically-rendered customers page
(`fleetdm.com/customers`).
- Removes 7 references to these case studies from
`handbook/marketing/fleet-social-proof.md`.
- Removes 3 redirect routes from `website/config/routes.js` that pointed
to the now-deleted case studies.
## Changes
| File | Change |
|------|--------|
| `articles/financial-technology-company.md` | Deleted |
| `articles/global-saas-company.md` | Deleted |
| `articles/interactive-entertainment-company.md` | Deleted |
| `articles/online-marketplace.md` | Deleted |
| `articles/open-source-organization.md` | Deleted |
| `articles/open-source-software-company.md` | Deleted |
| `handbook/marketing/fleet-social-proof.md` | Removed 7 table rows
referencing the 6 case studies |
| `website/config/routes.js` | Removed 3 redirect rules for deleted case
studies |
---
Built for [Irena
Reedy](https://fleetdm.slack.com/archives/D0APYC9R9SL/p1775761161561979)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
I learned that it doesn't matter if the client certificate is signed by
a root CA certificate specified under `Certificates[0].X509` when `Type`
is `Authority`.
In the case of `customer-pingali`, they have a client certificate signed
by a different CA, which confused their IT team. They initially used the
root CA that signed the client certificate and assumed that the same
certificate also signed the server certificate.
To deploy certificates, you must have a server private key setup or
GitOps errors with 'Error: applying certificate authorities: POST
/api/latest/fleet/spec/certificate_authorities received status 500
crypto/aes: invalid key size 0: crypto/aes: invalid key size 0'
Closes https://github.com/fleetdm/fleet/issues/41798
Changes:
- Added an "About Fleet" section to the case study article template
page.
- Removed the "About Fleet" sections from case study articles.
FYI @irenareedy: After this change is merged, you will not need to
include an "About Fleet" section on new case study articles.
New Article by Team GrowthX
Date: 20-03-2026
cc @nonpunctual @irenareedy @johnjeremiah
---------
Co-authored-by: Dan Gordon <daniel@fleetdm.com>
Co-authored-by: Ashish Kuthiala <53918208+akuthiala@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** RESOLVES fleetdm/confidential#15231
Post a Guide on installing Fleet to Proxmox. Proxmox hypervisor as host.
## Summary
- Cherry-picks the changes from #41677 onto `main`.
- Adds the Recovery Lock password guide
(`articles/recovery-lock-password.md`) which documents how to set, view,
and rotate recovery lock passwords on Apple Silicon Macs with Fleet MDM.
**Original PR:** #41677
---
Built for [Rachael
Shaw](https://fleetdm.slack.com/archives/D0AFC5BRFHD/p1775223366494299)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Guide explaining how to configure EAP-TLS Wi-Fi network on Android
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
## Summary
- Deletes the case study page at
`/case-study/global-social-media-platform` by removing
`articles/global-social-media-platform.md`
- Removes the redirect route from `website/config/routes.js`
- Removes the reference from `handbook/marketing/fleet-social-proof.md`
Built for [Ashish
Kuthiala](https://fleetdm.slack.com/archives/D0AG9JQ53GA/p1775065386519169)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
This PR will remain in draft as a preview of upcoming documentation
changes for 4.83.0
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Jonathan Katz <44128041+jkatz01@users.noreply.github.com>
Co-authored-by: kilo-code-bot[bot] <240665456+kilo-code-bot[bot]@users.noreply.github.com>
Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
## Summary
- Deletes the case study page at
`/case-study/european-financial-services` by removing
`articles/european-financial-services.md`.
- The case study was dynamically discovered by the build system via its
`category: "case study"` meta tag, so removing the markdown file fully
removes the page and its card on the `/customers` listing page. No other
files reference it.
---
Built for [Ashish
Kuthiala](https://fleetdm.slack.com/archives/D0AG9JQ53GA/p1775052553517879)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
