Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/it-and-security/default.yml
Allen Houchins 649fc0a656
Add macOS Fleet Desktop label and attach to policy (#43760) 
Add a new dynamic label 'Macs with Fleet Desktop installed' (platform:
darwin) that selects hosts where apps.name = 'Fleet Desktop'. Update the
macOS policy update-fleet-desktop.yml to include this label via
labels_include_any so the policy targets only hosts with Fleet Desktop
installed. Files changed:
it-and-security/lib/all/labels/macs-with-fleet-desktop-installed.yml
(new) and it-and-security/lib/macos/policies/update-fleet-desktop.yml
(modified).
2026-04-20 09:39:50 -05:00

117 lines
4.2 KiB
YAML
Raw Blame History

agent_options:
path: ./lib/all/agent-options/agent-options.yml
org_settings:
conditional_access:
bypass_disabled: true
features:
enable_host_users: true
enable_software_inventory: true
fleet_desktop:
transparency_url: https://fleetdm.com/transparency
host_expiry_settings:
host_expiry_enabled: false
integrations:
google_calendar:
- api_key_json: $DOGFOOD_CALENDAR_API_KEY
domain: fleetdm.com
jira: []
zendesk: []
mdm:
end_user_authentication:
entity_id: fleet-end-users
idp_name: Okta
metadata_url: "$DOGFOOD_OKTA_METADATA_URL_END_USERS"
end_user_license_agreement: ../it-and-security/lib/macos/misc/eula.pdf
apple_business_manager:
- organization_name: Fleet Device Management Inc.
macos_fleet: "💻 Workstations"
ios_fleet: "📱🏢 Employee-issued mobile devices"
ipados_fleet: "📱🏢 Employee-issued mobile devices"
- organization_name: Mactivate LLC
macos_fleet: "🧪 Testing & QA"
ios_fleet: "🧪 Testing & QA"
ipados_fleet: "🧪 Testing & QA"
volume_purchasing_program:
- location: Fleet Device Management Inc.
fleets:
- "💻 Workstations"
- "📱🏢 Employee-issued mobile devices"
- "📱🔐 Personal mobile devices"
- "🧪 Testing & QA"
org_info:
contact_url: https://fleetdm.slack.com/archives/C09861YJUJ2
org_logo_url: ""
org_logo_url_light_background: ""
org_name: Fleet
secrets:
- secret: $DOGFOOD_GLOBAL_ENROLL_SECRET
server_settings:
deferred_save_host: false
enable_analytics: true
live_query_disabled: false
query_reports_disabled: false
scripts_disabled: false
server_url: https://dogfood.fleetdm.com
sso_settings:
enable_jit_provisioning: true
enable_sso: true
enable_sso_idp_login: true
entity_id: fleet-admins
idp_image_url: ""
idp_name: Okta
metadata_url: "$DOGFOOD_OKTA_METADATA_URL_ADMINS"
webhook_settings:
failing_policies_webhook:
destination_url: $DOGFOOD_FAILING_POLICIES_WEBHOOK_URL
enable_failing_policies_webhook: true
host_batch_size: 0
policy_ids: []
host_status_webhook:
days_count: 5
destination_url: $DOGFOOD_HOST_STATUS_WEBHOOK_URL
enable_host_status_webhook: true
host_percentage: 20
interval: 360m0s
vulnerabilities_webhook:
destination_url: $DOGFOOD_VULNERABILITIES_WEBHOOK_URL
enable_vulnerabilities_webhook: true
host_batch_size: 0
activities_webhook:
destination_url: $DOGFOOD_ACTIVITIES_WEBHOOK_URL
enable_activities_webhook: true
policies:
reports:
- path: ./lib/all/reports/collect-fleetd-information.yml
- path: ./lib/all/reports/collect-operating-system-information.yml
- path: ./lib/all/reports/collect-known-vulnerable-chrome-extensions.yml
- path: ./lib/macos/reports/detect-apns-certificate.yml
- path: ./lib/macos/reports/collect-xprotect-reports.yml
controls:
enable_disk_encryption: true
macos_migration:
enable: true
mode: voluntary
webhook_url: $DOGFOOD_MACOS_MIGRATION_WEBHOOK_URL
windows_enabled_and_configured: true
windows_entra_tenant_ids:
- $DOGFOOD_ENTRA_TENANT_ID
windows_migration_enabled: true
labels:
- path: ./lib/all/labels/arm-based-windows-hosts.yml
- path: ./lib/all/labels/debian-based-linux-hosts.yml
- path: ./lib/all/labels/macs-with-1password-installed.yml
- path: ./lib/all/labels/rpm-based-linux-hosts.yml
- path: ./lib/all/labels/virtual-machines.yml
- path: ./lib/all/labels/x86-based-windows-hosts.yml
- path: ./lib/all/labels/apple-silicon-macos-hosts.yml
- path: ./lib/all/labels/keynote-14-installed.yml
- path: ./lib/all/labels/macos-compatibility-extension-installed.yml
- path: ./lib/all/labels/team-g-mdm.yml
- path: ./lib/all/labels/team-g-software.yml
- path: ./lib/all/labels/nudge-test-devices.yml
- path: ./lib/all/labels/macs-with-microsoft-autoupdate-installed.yml
- path: ./lib/all/labels/macs-with-fleet-maintained-apps-installed.yml
- path: ./lib/all/labels/macs-with-fleet-desktop-installed.yml
- path: ./lib/all/labels/windows-with-fleet-maintained-apps-installed.yml
- path: ./lib/all/labels/departments.yml
- path: ./lib/all/labels/idp-group-saml-aws-vpn.yml
Reference in a new issue View git blame Copy permalink