mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00

History

Mitch Francese ef405aa4de Add missing $FLEET_VAR_SCEP_RENEWAL_ID to Okta Platform SSO guide (#42847 ) The SCEP profile for NDES certificate authority requires the $FLEET_VAR_SCEP_RENEWAL_ID variable in the Subject OU field. Without this, GitOps runs fail with an error about missing variables. https://claude.ai/code/session_01DW2rrUmrxsTaD3t5J66Xz4 <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves # # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. - [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [ ] Added/updated automated tests - [ ] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [ ] Confirmed that the fix is not expected to adversely impact load test results - [ ] Alerted the release DRI if additional load testing is needed ## Database migrations - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). ## New Fleet configuration settings - [ ] Setting(s) is/are explicitly excluded from GitOps If you didn't check the box above, follow this checklist for GitOps-enabled settings: - [ ] Verified that the setting is exported via `fleetctl generate-gitops` - [ ] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [ ] Verified that any relevant UI is disabled when GitOps mode is enabled ## fleetd/orbit/Fleet Desktop - [ ] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [ ] If the change applies to only one platform, confirmed that `runtime.GOOS` is used as needed to isolate changes - [ ] Verified that fleetd runs on macOS, Linux and Windows - [ ] Verified auto-update works from the released version of component to the new version (see [tools/tuf/test](../tools/tuf/test/README.md)) Co-authored-by: Claude <noreply@anthropic.com>		2026-04-09 16:16:19 -04:00
..
allow-fleetd-full-disk-access.mobileconfig	Add FDA pre-approval for fleetd (#37781 )	2026-01-05 09:35:36 -05:00
block-apps.mobileconfig	Solutions updates 2026-03-12 (#41596 )	2026-03-16 11:58:51 -05:00
crowdstrike-full-disk-access.mobileconfig	Dale solutions cleanup 2 (#35108 )	2025-11-03 11:30:04 -05:00
crowdstrike-notification.mobileconfig	Dale solutions cleanup 2 (#35108 )	2025-11-03 11:30:04 -05:00
crowdstrike-service-management.mobileconfig	Dale solutions cleanup 2 (#35108 )	2025-11-03 11:30:04 -05:00
crowdstrike-system-extension.mobileconfig	Dale solutions cleanup 2 (#35108 )	2025-11-03 11:30:04 -05:00
crowdstrike-web-filter.mobileconfig	Dale solutions cleanup 2 (#35108 )	2025-11-03 11:30:04 -05:00
disable-device-management-pane.mobileconfig	Dale solutions cleanup 2 (#35108 )	2025-11-03 11:30:04 -05:00
hide-login-and-background-items-notifications.mobileconfig	Dale solutions cleanup 2 (#35108 )	2025-11-03 11:30:04 -05:00
lock-screen.mobileconfig	Solutions updates 2026-03-12 (#41596 )	2026-03-16 11:58:51 -05:00
managed-login-items.mobileconfig	Dale solutions cleanup 2 (#35108 )	2025-11-03 11:30:04 -05:00
okta-app-config-example.mobileconfig	Update links to example configuration profiles (#35420 )	2025-11-12 15:08:18 -05:00
okta-associated-domains-example.mobileconfig	Update links to example configuration profiles (#35420 )	2025-11-12 15:08:18 -05:00
okta-device-access-scep-dynamic-example.mobileconfig	Add missing $FLEET_VAR_SCEP_RENEWAL_ID to Okta Platform SSO guide (#42847 )	2026-04-09 16:16:19 -04:00
okta-device-access-scep-example.mobileconfig	Update links to example configuration profiles (#35420 )	2025-11-12 15:08:18 -05:00
okta-sso-extension-example.mobileconfig	Update links to example configuration profiles (#35420 )	2025-11-12 15:08:18 -05:00
password-policy.mobileconfig	Solutions updates 2026-03-12 (#41596 )	2026-03-16 11:58:51 -05:00
README.md	Solutions updates 2026-03-12 (#41596 )	2026-03-16 11:58:51 -05:00
restrictions.mobileconfig	Solutions updates 2026-03-12 (#41596 )	2026-03-16 11:58:51 -05:00
suppress-iwork-upgrade-prompt.mobileconfig	Add Suppress iWork Upgrade Prompt (#39052 )	2026-01-30 09:18:31 -05:00
wifi-network.mobileconfig	Add Wi-Fi profile example (#37177 )	2025-12-12 08:26:47 -06:00

README.md

macOS Configuration Profiles

Password Policy

It's best to combine this profile with the Lock Screen config profile.

Block Apps

This blocks a several system apps, as well as Siri.
See Apple's documentation for this profile and app bundle identifiers for iOS/iPadOS and macOS.