In support of: https://github.com/fleetdm/confidential/issues/8790
I made the following changes to support the macOS Setup Experience in
`dogfood` for the Workstations team
- moved Software titles to their own dedicated folder and `yml` files so
they could be called via path
- edited the `macos_setup` configuration in the Workstations team yml
file.
- edited the `macos_setup_assistant` json file to skip certain items
during initial setup
- completed a `dry-run` successfully before submitting this pull request
# Expected behavior
When an ADE Mac boots for the first time, macOS Setup Experience will
automatically install Google Chrome, Zoom, Slack, and 1Password.
- Google Chrome will be downloaded via URL
- Zoom will be downloaded via URL
- Slack will be downloaded via VPP
- 1Password will be downloaded via VPP
No scripts have been included at this time and will be tracked in a
separate issue.
Customers that have deployed the Fleet agent with the Fleet Desktop
application enabled sometimes want a method to arbitrarily disable Fleet
Desktop without deploying a new Fleet agent package installer.
This workflow writes a script & a Launch Daemon on a macOS Host which is
executed as a background process (because it must stop & restart the
Fleet agent) in order to disable the Fleet Desktop application by
modifying the Fleet agent configuration.
To fix
https://github.com/fleetdm/fleet/actions/runs/11468989615/job/31915263035#step:7:174
```
Error: applying app store apps for team: "🔳🏢 Company-owned iPads": POST /api/latest/fleet/software/app_store_apps/batch received status 422 Unprocessable Entity: could not retrieve vpp token: No available VPP Token
```
https://github.com/fleetdm/fleet/pull/22326 fixed so that GitOps removes
associations if they are not set (GitOps mode of operation where stuff
that's not set is removed), thus we now need to define it.
Adding a few Windows configuration profiles so we can dogfood them. Most
of the profiles are adaptations from the macOS profiles.
I'm not an expert, adding them to the canary team for now to avoid
breaking anyone's machine.
Updates GitOps to offer Apple Silicon version of Zoom in self-service.
https://github.com/fleetdm/confidential/issues/6916
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Adds Zoom as a self-service option.
While the UI will not allow for similar installers, attempting arm64 vs.
Intel using a pre-install query.
https://github.com/fleetdm/confidential/issues/6916
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
- On workstations, we dogfood the current recommended best practice:
https://fleetdm.com/docs/using-fleet/mdm-os-updates
- On workstations (canary), we dogfood using the calendar feature to run
managed OS updates.
Adding previously removed mac os min required version back to global
macos device health policies
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: JD <spokanemac@users.noreply.github.com>
