fa27fda724
Changes: - Updated the website's build-static-content script to add support for a new article category: `case study`. - Added a new article template page for case study articles - Added case study articles from Stripe, Faire, and Foursquare. --------- Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
5.6 KiB
Faire secures Macs with CIS benchmarks and Fleet
Why Faire needed a change
Faire’s IT team is highly technical and prefers vendors that provide features through APIs. They’re builders who extend applications when out-of-the-box features fall short, and their workflows are highly automated and managed as code.
They had used their previous MDM for several years, but frustration grew as it lagged in adopting new MDM APIs, including Apple’s Declarative Device Management. Faire’s workflow, based on ‘config-as-code’, also proved challenging.
With all their other IT systems, like their IDP, productivity software, and cloud infrastructure, all configured through code with automated CI/CD pipelines, maintaining an MDM that had to be managed via the UI became increasingly painful.
One team member spent months trying to build a Terraform provider for the previous MDM, but gave up because of bugs and inconsistent APIs.
Support also became a problem. Feature requests often felt ignored, and responses were slow, which didn’t work for a company of Faire's size.
The search for a solution
Faire focused on three priorities when selecting a new MDM:
API-first architecture: A first-class API built for deep integration, not an API layered on top of a UI
Comprehensive Apple support: End-to-end lifecycle management for macOS and iPadOS, including automated enrollment, policy controls, and software distribution
A reputable vendor: A well-established partner they could rely on for the long term
Choosing Fleet
Faire selected Fleet after a bake-off with three other MDM vendors, including an open-source option. They were already using Fleet to manage osquery telemetry, and the availability of a SaaS deployment matched their move away from self-hosting.
All Fleet features are accessible through an API, with examples that show how to automate tasks through GitOps. Fleet integrated directly into Faire’s onboarding workflows, and their engineers appreciate managing device configurations through GitOps and pull requests.
Fleet also gives Faire more flexibility for managing Macs and iPads. They use custom profiles and can tap into native MDM APIs that Fleet exposes, even when those APIs are not yet implemented as built-in features.
In addition, Fleet helps Faire monitor Macs against CIS benchmarks. This improves their device security posture and gives IT the ability to take remediation actions when they find issues.
Fleet’s reputation in the Mac Admins community also matters to Faire. Industry experts highly regard the team and product, and Fleet’s open-source foundation gives Faire confidence that the underlying IP will always remain available.
My team is loving managing devices via GitOps with Fleet.
Jeremy Baker
Engineering Manager
The future
Faire continues to be impressed by Fleet’s proactive support. For example, Fleet reached out when they detected a downed webhook on Faire’s end. In another instance, an engineer got on a video call 10 minutes after Faire filed a critical migration ticket.
Telemetry from Fleet remains important for device posture. It gives Faire the visibility they need to assess device signals alongside their IDP. Fleet’s integrated MDM then provides a path to remediation and risk mitigation when they find issues.
Fleet is working with Faire to explore managing other platforms, including Windows, Linux, and potentially BYOD mobile devices.
Interested to learn more? Read Faire’s article about their MDM migration.