Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/articles/using-maintenance-windows.md
Allen Houchins 518475fc4c
Prioritize using IdP email address when available for maintenance window scheduling (#37250) 
This pull request updates the logic for selecting which user receives
maintenance window calendar events on hosts with multiple users. The
changes clarify and enforce a priority system for choosing the recipient
email, ensuring that IdP-sourced emails are preferred, followed by
Google Chrome profile emails. This affects both user-facing
documentation and backend implementation.

**User-facing behavior and documentation:**

* The end-user documentation now explicitly describes the email
selection priority for calendar event recipients: IdP Username email is
chosen first, then Google Chrome profile email, and if multiple Chrome
emails exist, the first alphabetically is selected.

**Backend logic and data selection:**

* The comment in `calendar_cron.go` is updated to match the new email
selection logic, explaining the prioritization of email sources for
host-user assignment.

* The SQL query in `policies.go` is refactored to implement the new
priority system for selecting user emails per host:
  - IdP sources (`mdm_idp_accounts`, `idp`) are considered first,
  - then Google Chrome profiles,
  - then other sources.
- If multiple emails exist at the same priority, the first
alphabetically is chosen.

---------

Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Juan Fernandez <juan-fdz-hawa@users.noreply.github.com>
Co-authored-by: Juan Fernandez <juan@fleetdm.com>
2026-02-27 14:57:43 -04:00

54 lines
3.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Using maintenance windows (Fleet in your calendar)
Fleet helps end users fix issues on their own by scheduling a maintenance window directly on their calendar—no IT ticket required.
When a host fails a policy (e.g. MDM enrollment profile expired, disk encryption disabled, outdated software), Fleet can notify the user via a Google Calendar event. The event includes:
* Whats wrong (based on policy description)
* What to do (from the policy resolution field)
* A scheduled time (next available slot on Tuesday, 95 local time)
The user can reschedule if needed—Fleet will respect the new time and run the remediation then.
You can customize these flows with a webhook (e.g. Tines) to run scripts, use the Fleet API, or call MDM commands.
> 🔜 Auto-remediation for patching (OS updates, software) is coming soon.
### Setup
1. Connect a Google Workspace service account to Fleet under **Settings > Integrations > Calendars**.
2. Create a webhook to handle the remediation (see [Fleet + Tines guide](https://fleetdm.com/guides/building-webhook-flows-with-fleet-and-tines)).
3. In the **Policies** tab, click **Manage automations > Calendar events**, enable the feature, and paste your webhook URL.
### End user experience
* If a user owns multiple failing hosts, only one host is scheduled at a time. Once it's fixed, Fleet schedules the next.
* If a host has multiple users, Fleet chooses one user to receive the event based on email priority:
* First priority: **IdP Username** email address (from MDM IdP accounts or manually set IdP email)
* Second priority: Google Chrome profile email address
* If multiple Google Chrome profile emails exist, Fleet selects the first one alphabetically
* Third priority: other email sources
* Users can reschedule the event on their calendar—Fleet will run remediation at the new time.
* If a user moves the event to before the current time, Fleet shifts it to the next day.
* If a user deletes the event, Fleet automatically reschedules it for the next day.
* Fleet monitors calendar changes in real time (reschedules within ~30 seconds), but only for events in the upcoming week. Events further out are updated within 30 minutes.
### What happens when a policy fails?
1. A calendar event is scheduled for the user who owns the host.
2. Fleet waits for the scheduled time, then calls the webhook with host + failure details.
---
For more info:
* [Fleet maintenance windows overview](https://fleetdm.com/announcements/fleet-in-your-calendar-introducing-maintenance-windows)
* [How it works under the hood (video)](https://www.youtube.com/watch?v=Ra47xZwSitQ)
<meta name="articleTitle" value="Using maintenance windows (Fleet in your calendar)">
<meta name="authorFullName" value="Noah Talerman">
<meta name="authorGitHubUsername" value="noahtalerman">
<meta name="category" value="guides">
<meta name="publishedOn" value="2025-05-15">
<meta name="articleImageUrl" value="../website/assets/images/articles/configuring-maintenance-windows-in-fleet-1600x900@2x.jpg">
<meta name="description" value="How to schedule time for self-remediation when your end users are free using Fleet's maintenance windows.">
Reference in a new issue View git blame Copy permalink