Closes https://github.com/fleetdm/confidential/issues/11135
Closes https://github.com/fleetdm/confidential/issues/11134
Changes:
- Added two new testimonials to the /testimonials and /device-management
pages
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added two new testimonials focused on Linux desktop management,
enhancing the "Device management" section.
* Updated testimonial display order to include the new authors for
improved visibility in the relevant category.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Closes https://github.com/fleetdm/confidential/issues/11286
Grammar fix.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Updated the wording of a feature description on the homepage for
improved clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Embedded the memo link into "When we set out to raise Fleet's Series B"
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated the introduction of the article to embed the Series B memo
link directly within the first sentence, replacing the separate "Read
the memo" link with an embedded PDF viewer.
* Added a new article detailing major Apple IT and device management
updates from WWDC25, highlighting enhanced MDM features and Fleet’s
support for these capabilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Draft of the article for the website to link to the PDF
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new article: "How Fleet raised a $27M Series B without a pitch
deck," detailing Fleet's innovative fundraising approach and sharing
insights from their investor memo.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Related to:
- #30093
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new route for organization logo size information, redirecting
users to the relevant documentation section.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
We were still missing `/learn-more-about/conditional-access`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new shortcut URL (/learn-more-about/conditional-access) that
directs users to the Entra Conditional Access Integration guide.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Changes:
- Updated the IT comparison table on the homepage and the device
management page.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Changes:
- Added `articles` to the list of supported article categories in the
build-static-content script.
- Added a route for articles in the articles category.
- Updated the `view-basic-article` action to support the new `articles`
category.
closes https://github.com/fleetdm/confidential/issues/11072
I've reworded each bullet to emphasize speed. Let me know if I've
overegged it or if my reordering of the points has negatively affected
the meaning. For example, does "real-time confirmation of patch and
config changes" ring true instead of "Auto-verify patches and
settings..."
Closes: https://github.com/fleetdm/fleet/issues/30235
Changes:
- Updated the max height of the bottom ticker on the homepage to prevent
it from being cut off vertically on smaller screens.
Changes:
- Added a script that sets a `fleetPremiumTrialLicenseKey` and
`fleetPremiumTrialLicenseKeyExpiresAt` values on all User records.
- Added a new email template to inform users that they have a new Fleet
premium trial available.
- Added the announcement banner to the /login, /register, and /try-fleet
pages.
Closes: https://github.com/fleetdm/confidential/issues/11058
Changes:
- Updated the receive from clay webhook to log a warning and return a
`couldNotCreateActivity` response if it receives information about a
contact record with no account record associated with it.
Closes: https://github.com/fleetdm/confidential/issues/10675
Changes:
- Added a new webhook: `receive-from-zoom`. When this webhook receives
an event indicating that a call recording is done processing, this
webhook will build the transcript and send it and information about the
call to a Zapier webhook, where it will be added to a new Google doc.
Related to: https://github.com/fleetdm/fleet/issues/26521
Changes:
- Added two pages that will be used for the Microsoft compliance proxy
(`/microsoft-compliance-partner/turn-on-mdm` &
`/microsoft-compliance-partner/remediate`)
Related to: #28489
Changes:
- Updated the available payloads in the configuration builder
- Updated the configuration builder schema to include categories and
subcategories
Changes:
- Updated the homepage to match the latest wireframes.
> Note: This PR will not be ready to merge until the video is added to
it.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Related to: https://github.com/fleetdm/fleet/issues/26270
Changes:
- Added a new database model: `AndroidEnterprise`
- Added one new website dependency: `googleapis@148.0.0`
- Added `android-proxy/create-android-signup-url`: an endpoint that
returns a signup url used to grant access to Fleet's Android MDM
integration.
- Added `android-proxy/create-android-enterprise`: An endpoint that
creates an Android enterprise for a Fleet server
- Added `android-proxy/create-android-enrollment-token`: An endpoint
that returns an enrollment token for an Android enterprise
- Added `android-proxy/modify-android-policies`: An endpoint used to
update policies of an Android enterprise
- Added `android-proxy/delete-one-android-enterprise`: an endpoint that
deletes an Android enterprise
---------
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Changes:
- Created a new database model: `MicrosoftComplianceTenant`. A model
that stores information about complaince tenants
- Added `/policies/is-cloud-customer`: a policy that blocks requests to
microsoft proxy endpoints if a `MS API KEY` header is missing or does
not match a new config variable
(`sails.custom.config.cloudCustomerCompliancePartnerSharedSecret`)
- Added `microsoft-proxy/create-compliance-partner-tenant`: an action
that creates a database record for a new compliance tenant and generates
an API key that is used to authenticate future requests to microsoft
proxy endpoints for an entra tenant.
- Added `microsoft-proxy/get-compliance-partner-settings`: an action
that returns information about Fleet's complaince partner entra
application and the entra tenant's admin consent status (whether or not
a tenant's entra admin has granted permissions to Fleet's compliance
partner application)
- Added `microsoft-proxy/get-tenants-admin-consent-status`: an action
that updates the admin consent status of a compliance tenant record.
- Added `microsoft-proxy/setup-compliance-partner-tenant`: an action
that provisions a compliance tenant, creates a complaince policy for
macOS devices assigns the created policy to the built-in "All users"
user group on the tenants entra instance.
- Added `microsoft-proxy/update-one-devices-compliance-status`: an
action that receives information about a device on a compliance tenant's
Fleet instance, sends that information to their Entra instance, and
returns the messsage ID returned by the asynchronus Entra API.
- Added `microsoft-proxy/get-one-compliance-status-result`: an action
that returns the result of a compliance status update from the Entra
API.
- Added `sails.helpers.microsoft-proxy.get-access-token-and-api-urls` A
helper that gets an access token for a tenant's entra instance and the
URLs of the API endpoints the microsoft proxy actions use for a tenant.
- Added `scripts/send-entra-heartbeat-requests` A script that will run
daily to keep all microsoft compliance integrations provisioned.
-
---------
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
Closes: https://github.com/fleetdm/confidential/issues/10921
Changes:
- Updated the registration form to direct users who don't have a work
email or don't want to create an account to the /try-fleet page.
- Updated the try-fleet page to have a box directing users who want to
demo Fleet Premium features to sign up for an account.
- Updated the try-fleet page's view action to generate trial licenses
for logged-in users who do not have a trial license key.
Closes: https://github.com/fleetdm/confidential/issues/10697
Changes:
- Updated the update-or-create-contact-and-account helper to handle
duplicate record errors returned from the CRM. It will now use the first
duplicate record returned by the CRM and update it so it will be
correctly matched on subsequent runs of the helper.
Fixes part of #29720.. Includes promoting some bolded to subheadings (in
wireframe docs).
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
per onboarding issue 10852, adding myself to list of humans with
included trailing comma for cleaner diffs
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Related to: #28489
Changes:
- Added the first version of the configuration profile builder to the
Fleet website. (currently supports four Windows and four macOS
password-related options).
I'm experiencing problems with the "Install the fleetctl command line
tool" step on https://fleetdm.com/try-fleet for trying out Fleet hosting
on Windows. The root cause seem to be a mismatch between the Windows
ZIP-file naming in the script vs. on
https://api.github.com/repos/fleetdm/fleet/releases/latest
I was able to overcome the problem by changing `_windows.zip` to
`_windows_amd64.zip` in the script.
Closes: https://github.com/fleetdm/confidential/issues/10750
Changes:
- Added a new config variable: `contactFormEmailAddress`
- updated deliver-contact-form-message to send emails to users who do
not have a Fleet Premium subscription.
Closes: https://github.com/fleetdm/confidential/issues/10718
Related to: https://github.com/fleetdm/confidential/issues/10719
Changes:
- Created a new helper
(`sails.helpers.salesforce.createHistoricalEvent`) to create Historical
event records in our CRM.
- Updated the custom hook, receive-from-clay webhook, and
create-or-update-one-newsletter-subscription action to create historical
event records using the new helper.
Changes:
- Added a new supported contactSource value to the
`update-or-create-contact-and-account` helper: `LinkedIn - Liked the
LinkedIn company page`
Changes:
- Added two exits to the receive-from-clay webhook that are used when a
contact or account cannot be created/updated.
- Added an exit to the receive-from-clay webhook that is used when a
historical event record cannot be created.
ChangeS:
- Added a new webhook (`receive-from-clay`) that creates historical
event CRM records.
- Updated the update-or-create-contact-and-account helper to accept
three new contactSource values and a jobTitle input.
Updated the tooltip for "Complete device inventory" on the comparison
table to emphasise "complete" by including servers and cloud instances.
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
This PR adds NICE DCV Viewer as a new maintained app for macOS. The app
is available through homebrew and is used for connecting to NICE DCV
remote display protocol.
---------
Co-authored-by: Kenny Botelho <kbotelho@nvidia.com>
Co-authored-by: Eugene <eugkuo@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
Closes: #28784
Changes:
- Updated the `build-static-content` script to not throw an error if an
app listed in apps.json is missing an icon, and to use a fallback icon
for apps with no icon.
Closes: #28336Closes: #28656
Changes:
- Updated personalization on the /contact, /support, /login, /register,
/pricing, /software-management, and /device-management pages to use new
primary buying situation values.
- Updated the /software-management page to show the section of security
content to users with no primaryBuyingSituation set
- Updated the support links shown to IT users
Adding an anchor link as I imagine that the guide will encompass a lot
of different things and want to link users in tihs instance to the
software info.
For #28110
---------
Co-authored-by: Ian Littman <iansltx@gmail.com>
Docs for the 4.67.0 release.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Eugene <eugene@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Drew Baker <89049099+Drew-P-drawers@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Closes: #28255
Changes:
- Updated the receive-usage-analytics webhook to support a new input
`numHostsABMPending`
- Added a `numHostsABMPending` attribute to the
`HistoricalUsageSnapshot` model
Closes: #24379
Changes:
- Updated the build-static-content script to build the configuration for
/app-library/* pages from the JSON outputs in the ee/maintained-apps
folder.
Closes: #28365
Changes:
- Updated the card that links to the support page in the "Deploy fleet
in your environment" step of the /start questionnaire to link to the
/try-fleet page
Changes:
- Updated the Historical event crm records created by the website's
custom hook to include an `Event_type__c` value and to not set a
`Visited_on__c` timestamp.
Closes: #28364
Changes:
- Updated the /try-fleet page to redirect logged-out users to the
/register page
- Updated the signup and login forms to redirect users to the try-fleet
page (if they navigated it that page before signing up/logging in)
Closes: #27852
Changes:
- Updated the receive-from-github webhook to automatically apply the
"~ga4-annotation" label to pull requests that change the homepage, the
pricing page, or the primary tagline partial.
- Updated the Github webhook to send details about a pull request to a
Zapier webhook if the pull request has the "~ga4-annotation" label when
it is merged.
Saw the meetups page and thought I'd add Toronto, as Fleet has visited a
few times and sponsored a few times.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
Closes: #27904
Changes:
- Updated the 'is-it-any-good' step of the /start questionnaire to
include a link to the embedded video on YouTube (If the embedded video
does not load).
Closes: https://github.com/fleetdm/confidential/issues/10240
Changes:
- Updated `save-questionnaire-progress` to only check the answer to the
`what-do-you-manage-mdm` step if the user actually answered that
question.
Related to: #27943
Changes:
- Updated the `send-data-to-vanta` script to continue running for a
Vanta connection if the get host API returns an error. It will now store
a detailed error and log them all when the script is finished running.
Closes: https://github.com/fleetdm/confidential/issues/9974
Changes:
- Removed the calculated max height of the sidebar on osquery schema
table pages
- Update the platform filters on osquery schema table pages, vitals
pages, query library, and policy library to scroll with the page.
- Updated /vitals/* and /tables/* pages to scroll users past the page
headline when they switch platforms.
- Updated the query library and policy library pages to scroll users to
the top of the list of policies/queries when they switch platforms (If
they have scrolled the list)
For #20675 and #25977.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Related to:
- #25822
Updating existing guide for NDES. Adding instructions on how to connect
and issue certificates from DigiCert and custom SCEP certificate
authorities.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Closes#27717
Changes:
- Updated the /better page to provide more information for Secureframe
users who recently had Fleet desktop installed on their device.
Closes: #27662
Changes:
- Updated the `get-bug-and-pr-report` script to not count pull requests
with no commits in the commit to merge time metric, and to log a warning
if one is found.
When utm_content=secureframe:
- Edit "System settings" = "Fleet can read settings like password length
on your device."
- Edit "Software" = "Fleet can access a detailed list of the apps and
other software installed on your device."
- Remove "Browser history"
- Remove "Wi-Fi settings"
- Remote actions
- Remove "Shell scripts"
- Remove "Running processes"
- Remove "Connected hardware devices"
- Remove "Device location"
- Remove "File contents"
FYI @eashaw let me know if I'm way off base here, I didn't want to go
changing too much of your code. This request came from this [Slack
🧵](https://fleetdm.slack.com/archives/C04DNAYL1QF/p1743096509531089) and
an email from the requestor.
- Move duplicate scripts out of `scripts/mdm/` and into
`it-and-security/` so we have one version that we can continue to
iterate and improve.
- Remove no longer used scripts out of `scripts/mdm/`
---------
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Closes: #27218
Changes:
- Replaced the "Docs" dropdown navigation menu with a link to `/docs`
- Reordered the sidebar links on documentation pages and added links to
the self-service license dispenser and the transparency page.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Closes: #27312
Changes:
- Updated the padding on text in the license dispenser form
- Updated the position of the platform icons on osquery table schema
pages
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Adding a WiFi settings section, to communicate to users that Fleet is
able to connect you to a corporate network and deliver certificates.
Related to:
- #23235
Changes:
- Updated the send-data-to-vanta script to only send information about
hosts from specific teams to vanta (For Fleet's vanta integration only)
