Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/docs/solutions
History
Adam Baali f2f1f66d11
Add Windows MDM migration troubleshooting scripts and guide (#39548) 
Closes #38916
Related: #34993, #33985, fleetdm/confidential#13228

## Changes

**Article update** (`articles/windows-mdm-setup.md`)
- Adds "Migrating from another MDM solution" subsection under **Manual
enrollment** with overview of common migration issues and links to
remediation scripts

**New scripts** (`docs/solutions/windows/scripts/`)
- `reset-mdm-enrollment-flag.ps1` — Resets MmpcEnrollmentFlag blocking
MDM status after migration
- `remove-stale-mdm-enrollment-records.ps1` — Clears orphaned enrollment
GUIDs, AAD discovery cache, and MS DM Server cache
- `fix-workplace-join-configuration.ps1` — Re-enables
Automatic-Device-Join task and configures Workplace Join policies
- `remove-unreachable-wsus-configuration.ps1` — Removes unreachable WSUS
server config that breaks Windows Update

## Context

Customers migrating Windows hosts from Intune to Fleet have been hitting
recurring enrollment issues, MDM status stuck on "Off," enrollment
errors (`0x80190190`, `0x8018000a`), and Windows Update breakage from
leftover RMM agents. These scripts consolidate the workarounds from
multiple customer engagements into self-serve remediation that can be
deployed via **Controls > Scripts**.

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
2026-02-11 15:20:26 +01:00
..
all added .keep file to add empty folders (#35109) 2025-11-03 11:45:48 -05:00
android/configuration-profiles Rename Android config profiles for consistency (#37486) 2025-12-19 09:43:38 -06:00
api-scripts For Github issue: 13323 (#36840) 2025-12-12 10:17:28 -08:00
docker-compose Pin MySQL and Redis images in docker-compose.yml (#38759) 2026-01-25 14:09:30 -08:00
ios-ipados Tines reorg (#37731) 2025-12-29 13:04:49 -06:00
linux added .keep file to add empty folders (#35109) 2025-11-03 11:45:48 -05:00
macos Update Jamf API endpoints (#39146) 2026-02-06 13:58:40 -06:00
tines Update Jamf API endpoints (#39146) 2026-02-06 13:58:40 -06:00
windows Add Windows MDM migration troubleshooting scripts and guide (#39548) 2026-02-11 15:20:26 +01:00
README.md Solutions symlinks (#37732) 2025-12-29 12:42:56 -06:00

README.md

Solutions

Best Practices

General

  • Name the file what the profile does.
    • For example, instead of googlePlayProtectVerifyApps.json (the name of the Android policy for this control), describe what it does: enforce-google-play-protect.json.
  • Use kebab case in file names, with all letters in lowercase.
    • Instead of passwordPolicy.json, use password-policy.json.
  • Be sure to end files with an empty newline.

symlinks

If a solution is applicable to multiple platforms, keep the original in the main platform directory and symlink it to the other platforms. For example, if an Apple configuration profile can be used on both macOS and iOS, use macOS as the source, and create a symlink in the iOS directory.

  • cd docs/solutions/ios-ipados/configuration-profiles/
    • Note that this is the destination that we want the symlink to be in.
  • ln -s ../../macos/configuration-profiles/my-profile.mobileconfig .
    • The . here at the end means the current directory, and will use the same file name as the original (which is what we want).
  • git add profile.mobileconfig
  • git commit