## Summary
- **Removed the WhatsApp block rule** from the Santa rules configuration
profile (`santa-rules.mobileconfig`). The rule blocked WhatsApp.app via
a CDHASH identifier (`54a8ec11bcea48a276b1fdce556a29108ba77de4`) and is
no longer needed.
- **Expanded Santa profile deployment to all macOS hosts** on the
Workstations team. Both `santa-configuration.mobileconfig` and
`santa-rules.mobileconfig` were previously scoped only to the `"Santa
test devices"` label (4 specific Macs). Removed the `labels_include_any`
restriction so these profiles now install on all Macs in the
Workstations team.
- **Deleted the "Santa test devices" label entirely.** Removed the label
definition file (`santa-test-devices.yml`), its reference in
`default.yml`, and all remaining `labels_include_any` references to it
from the Santa software entry, install-santa-extension policy, and
collect-santa-denied-logs report.
## Changes
###
`it-and-security/lib/macos/configuration-profiles/santa-rules.mobileconfig`
- Removed the `BLOCKLIST` / `CDHASH` rule entry for WhatsApp.app
(identifier `54a8ec11bcea48a276b1fdce556a29108ba77de4`)
- The allowlist for North Pole Security (Team ID) and the test block
rule for BundleExample.app remain unchanged
### `it-and-security/fleets/workstations.yml`
- Removed `labels_include_any: ["Santa test devices"]` from the
`santa-configuration.mobileconfig` and `santa-rules.mobileconfig`
profile entries
- Removed `labels_include_any: ["Santa test devices"]` from the Santa
software entry
- All Santa-related profiles and software now apply to all macOS hosts
on the Workstations team
### `it-and-security/lib/all/labels/santa-test-devices.yml` (deleted)
- Removed the manual label definition for "Santa test devices"
(previously scoped to 4 specific Macs)
### `it-and-security/default.yml`
- Removed the label path reference to `santa-test-devices.yml`
### `it-and-security/lib/macos/policies/install-santa-extension.yml`
- Removed `labels_include_any: ["Santa test devices"]` so the policy
applies to all macOS hosts
### `it-and-security/lib/macos/reports/collect-santa-denied-logs.yml`
- Removed `labels_include_any: ["Santa test devices"]` so the report
applies to all macOS hosts
---
Built for [Allen
Houchins](https://fleetdm.slack.com/archives/D0AFASNBZMW/p1774320804143629?thread_ts=1774320368.198119&cid=D0AFASNBZMW)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
- Updated version of santa
- Added policy and script to check for existence of santa osquery
extension and install if not found
- Changed to configuration profile based rules
- Split rules into their own configuration profiles to manage easier via
GitOps
