#15565
Replace the use of the isFederated registry key with a keys that check
for AAD (Azure Active Directory, now Entra ID)
Federated enrollment (`isFederated`) seems to be when windows uses a
Discovery MDM endpoint to get its policy and management endpoint
configuration. This is always the case when a client is enrolled with
fleet, so installations always show up as automatic.
It's being replaced by a different key, `AADResourceID`, which appears
to identify the resource that controls the automated deployment. In my
tests it only appears to be populated when the computer is enrolled
through automated deployments. This key appears on both Windows 10 and
11.
There is a similar key, `AADTenantID`, which appears to identify the
client (tenant) to the Azure cloud. I haven't seen this ID in our
systems, so it is likely exclusively used in Azure. Both this key and
`AADResourceID` seem to always be set at the same time, so we only
check for the `AADResourceID`.
I've also added documentation on the registry keys I've analyzed for future reference.
Removed reference to **Scripts** tab and added instructions for
accessing the **Run Script** modal from the host detail page.
# Checklist for submitter
Docs-only change
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Moving mdm_profiles to it-and-security/lib/mdm_profiles so that they are
together with other gitops config files.
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
+ Changed a bunch of instances of "member" to "user" to match the
updated UI (https://github.com/fleetdm/fleet/issues/15893)
+ Cut some step-by-step instructions for using the team UI from the
"Segment hosts" docs
- Cut down on user facing doc content so first time Fleet users can find
the right information. This could be moved into an "Advanced" section in
the future.
Docs for the "Windows OS updates" (#11951) user story
- Update "macOS updates" doc page to cross-platform "OS updates" page
- Update pricing page
- Update copy in the UI to clarify behavior of Windows updates
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Part of #9949
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
Changes:
- Updated two (broken) relative links on the "macOS updates"
documentation page to point to the documentation page on fleetdm.com
- Added a redirect to fix broken links to the product design handbook
page (/handbook/product » /handbook/product-design)
Addresses the following subtask: #16073
Fleet is investing in more automated testing for MDM features.
Update the table to reflect the versions that Fleet is running tests
against:
- macOS 13 and 14
- Windows 10 and 11
- Ubuntu Linux 20+
To support `fleetctl gitops`, gitops role can now read policies/queries
and write scripts.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- Update "Custom macOS settings" page to cross-platform "Custom OS
settings" page
- Match format w/ "Disk encryption" and "OS updates" pages
- Cut content and make the docs more of reference
- Link to best practice GitOps
- Update pricing page
- Add redirects
Closes: https://github.com/fleetdm/confidential/issues/4665
Changes:
- Added a new documentation page that provides instructions for
downgrading from Fleet premium. The content for this section was pulled
from a [commented-out FAQ
question](1d2f5ae42a/docs/Get%20started/FAQ.md (L363-L394)).
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
previous: ...one ticket is created per CVE regardless of the number of
hosts on which such CVE is detected.
Hope that meaning is the same? If so, what is there is a little clunky.
Not meaning to be pedantic just trying to make the flow a bit more
natural. :)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#14879
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Associated w/ this story: #15600
- Update docs now that disk encryption enforcement is cross platform
(Windows story here: #12577)
- Remove section about resetting a password w/ disk encryption key to
reduce doc content. Remove this link from the UI
