Customers that have deployed the Fleet agent with the Fleet Desktop
application enabled sometimes want a method to arbitrarily disable Fleet
Desktop without deploying a new Fleet agent package installer.
This workflow writes a script & a Launch Daemon on a macOS Host which is
executed as a background process (because it must stop & restart the
Fleet agent) in order to disable the Fleet Desktop application by
modifying the Fleet agent configuration.
Adding a few Windows configuration profiles so we can dogfood them. Most
of the profiles are adaptations from the macOS profiles.
I'm not an expert, adding them to the canary team for now to avoid
breaking anyone's machine.
Updates GitOps to offer Apple Silicon version of Zoom in self-service.
https://github.com/fleetdm/confidential/issues/6916
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Adds Zoom as a self-service option.
While the UI will not allow for similar installers, attempting arm64 vs.
Intel using a pre-install query.
https://github.com/fleetdm/confidential/issues/6916
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Adding previously removed mac os min required version back to global
macos device health policies
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: JD <spokanemac@users.noreply.github.com>
Adding new policy to the macos-device-health.policies.yml that checks if
the device meets minimum macOS (currently set to 14.4.1) and enables it
for calendar events.
Reference https://github.com/fleetdm/confidential/issues/6015
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
#17827
Updated 1Password policy to only search one level deep for performance
reasons.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Moving mdm_profiles to it-and-security/lib/mdm_profiles so that they are
together with other gitops config files.
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
