Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 08:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 107
fleet/server/mdm/apple
History
Roberto Dip 0f5a35061e
don't filter DEP hosts by OS before ingesting and improve logs (#9815) 
Related to https://github.com/fleetdm/fleet/issues/9653 I couldn't find
any documentation to back this up, but I have a strong suspicion that
the `os` field in the device sync response might come empty in some
scenarios (particularly, when a laptop is brand new, which is hard to
reproduce 😅)

My thoughts are:

1. For the recently purchased MacBooks,
`IngestMDMAppleDevicesFromDEPSync` didn't create an entry in the
database, BUT `nanodep.Assigner.ProcessDeviceResponse` correctly
assigned a DEP profile (the devices were able to enroll). Both methods
filter by `op_type` but only ours filters by `os`.
2. I think this is safe-ish to do, as you will normally assign a MDM
server per device type in ABM

![image](https://user-images.githubusercontent.com/4419992/218732609-0936e3a9-cadf-4485-9aa4-af2c9398cff9.png)
3. I have added extra logs to try to prove this hypothesis next time a
brand new device comes in, let's keep an eye on and re-evaluate this
approach.
2023-02-14 10:23:19 -03:00
..
apple_mdm.go don't filter DEP hosts by OS before ingesting and improve logs (#9815) 2023-02-14 10:23:19 -03:00
cert.go Ingest file vault recovery keys in macOS (#9712) 2023-02-08 11:49:42 -03:00
cert_test.go Ingest file vault recovery keys in macOS (#9712) 2023-02-08 11:49:42 -03:00
util.go Add fleetctl generate mdm-apple (#8812) 2022-12-07 18:24:42 +01:00