<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
- [x] Alerted the release DRI if additional load testing is needed
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [x] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [x] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [x] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [x] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [x] Verified that fleetd runs on macOS, Linux and Windows
- [x] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
This article discusses the OpenClaw technology, its integration
capabilities, potential risks such as prompt injection, and the
implications of running it on personal devices. It also hints at future
articles regarding device management and security.
---------
Co-authored-by: Ashish Kuthiala <53918208+akuthiala@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
thought piece on history & benfits of GitOps practices, non-product.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
- Update section name and location. We're going to link to this section
from the 4.80 release article:
https://github.com/fleetdm/fleet/pull/38936
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Nico <32375741+nulmete@users.noreply.github.com>
This pull request updates the Okta Verify on Windows SCEP configuration
documentation and profile to simplify deployment with Fleet and reduce
manual steps. The changes make the process more reliable by
standardizing variable usage, improving instructions, and automating
certificate enrollment.
**Key improvements and changes:**
**Documentation and workflow simplification:**
- The guide in
`articles/enable-okta-verify-on-windows-using-a-scep-configuration-profile.md`
was rewritten for clarity and to reflect the new automated approach.
Manual editing of XML and scripts is no longer needed; Fleet-managed
variables and secrets now handle all required values. Steps for
gathering prerequisites, deploying, verifying, and renewing certificates
are streamlined, and troubleshooting guidance is expanded.
- The subject name in the certificate is now set to use the hardware
serial (`$FLEET_VAR_HOST_HARDWARE_SERIAL`) instead of the host UUID,
improving uniqueness and traceability.
([docs/solutions/windows/configuration-profiles/install Okta attestation
certificate -
[Bundle].xmlL77-R89](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L77-R89))
**Secret management and security:**
- The configuration profile now references Fleet secrets
(`$FLEET_SECRET_OKTA_SCEP_URL`, `$FLEET_SECRET_OKTA_SCEP_CHALLENGE`,
`$FLEET_SECRET_OKTA_CA_THUMBPRINT`) directly, removing the need for
manual substitution and reducing risk of misconfiguration.
([docs/solutions/windows/configuration-profiles/install Okta attestation
certificate -
[Bundle].xmlL98-R141](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L98-R141))
**Automated certificate enrollment:**
- An `<Exec>` command is added to the XML profile to automatically
trigger SCEP enrollment upon deployment, further reducing manual
intervention. ([docs/solutions/windows/configuration-profiles/install
Okta attestation certificate -
[Bundle].xmlL98-R141](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L98-R141))
These changes make the Okta Verify SCEP configuration for Windows much
easier to deploy and maintain, with improved automation and clearer
instructions.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Changes:
- Updated the category for comparison articles (`compare` »
`comparison`)
- Updated article meta tag validation and how URLS of comparison
articles are built
- Updated the view action for comparison articles to set a meta title
and description
This PR will remain in draft as a preview of upcoming documentation
changes for 4.80.0
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Nico <32375741+nulmete@users.noreply.github.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
Currently, Android software can't be removed from the setup experience.
We have a story that we aim to ship in 4.82. Until we ship, I added a
callout in the setup experience guide.
Added managed app configuration section for Android, and included
example configuration for Google Chrome.
Updated instructions for editing and deleting apps. I believe it doesn't
make sense to provide step-by-step instructions since editing and
deleting are separate actions that are unlikely to be performed
together.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Updated the article to improve clarity and flow, enhancing the
discussion on Linux's importance in enterprise environments by refining
historical context and current trends.
Sorry, this still needed lots of refining. Feel free to change what you
want. The flow is simpler & much better now imo.
- Published Fastly case study.
- Removed old case studies and redirected their URLs to point to their
official replacements:
- Global cloud platform simplifies device management with Fleet ==>
/case-study/fastly
- Consolidate multiple tools with Fleet ==> /case-study/stripe
- Foursquare quickly migrates to Fleet ==> /case-study/foursquare
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Added instructions to enable user sync permissions and clarified
attribute requirements for Fleet.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36785
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Closes: https://github.com/fleetdm/confidential/issues/13291
Changes:
- Updated the `build-static-content` script to add support for a new
article category: `compare`
- Added a new template page for comparison articles
- Added a Fleet vs. Jamf comparison article
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
- Main goal is to clarify "Verifying" v. "Verified" for user-scoped
Windows profiles
- Also reorganize/update the heading to improve the guides flow
- "user-scoped" and "device-scoped" get a hyphen
