Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 00:18:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 106
fleet/articles/custom-os-settings.md
Noah Talerman 06bb4f708d
Custom OS settings guide: Modify OS settings on macOS, iOS, iPadOS, and Windows (#23046) 
Document interim best practice for modifying OS settings. Later Fleet
might add an "Edit" button in the UI so the IT admin doesn't have to add
a new profile and then remove the old.
2024-10-21 10:08:05 -05:00

2.8 KiB
Raw Blame History

Custom OS settings

In Fleet you can enforce OS settings like security restrictions, screen lock, Wi-Fi etc., on your your macOS, iOS, iPadOS, and Windows hosts using configuration profiles.

Enforce OS settings

You can enforce OS settings using the Fleet UI, Fleet API, or Fleet's GitOps workflow.

For macOS, iOS, and iPadOS hosts, Fleet recommends the iMazing Profile Creator tool for creating and exporting macOS configuration profiles.

For Windows hosts, copy out this Windows configuration profile template and update the profile using any configuration service providers (CSPs) from Microsoft's MDM protocol.

Fleet UI:

  1. In the Fleet UI, head to the Controls > OS settings > Custom settings page.

  2. Choose which team you want to add a configuration profile to by selecting the desired team in the teams dropdown in the upper left corner. Teams are available in Fleet Premium.

  3. Select Upload and choose your configuration profile.

  4. To modify the OS setting, first remove the old configuration profile and then add the new one.

On macOS, iOS, and iPadOS, removing a configuration profile will remove enforcement of the OS setting.

Fleet API: API documentation is here

OS settings status

In the Fleet UI, head to the Controls > OS settings tab.

In the top box, with "Verified," "Verifying," "Pending," and "Failed" statuses, click each status to view a list of hosts:

  • Verified: hosts that installed all configuration profiles. Fleet has verified with osquery.

  • Verifying: hosts that have acknowledged all MDM commands to install configuration profiles. Fleet is verifying the profiles are installed with osquery. If the profile wasn't installed, Fleet will redeliver the profile.

  • Pending: hosts that will receive MDM commands to install configuration profiles when the hosts come online.

  • Failed: hosts that failed to install configuration profiles. For Windows profiles, the status codes are documented in Microsoft's documentation here.

In the list of hosts, click on an individual host and click the OS settings item to see the status for a specific setting.