Comments (11)
noahtalerman
commented on June 16, 2024
1
Hey @sharon-fdm, I passed this research story to you.
I think we'll want to prioritize this early next sprint so that we have the research done while we start wireframes for the following story: #18119
from fleet.
lukeheath
commented on June 16, 2024
1
@sharon-fdm Thanks for the heads up. I agree; I've put a P2 on this issue.
from fleet.
lucasmrod
commented on June 16, 2024
1
@rachaelshaw @noahtalerman One TODO I added to the Google doc which I forgot to mention in the meeting yesterday:
With iOS/iPadOS given we have no osquery we'll have to think about the device MDM Status ("Verified", "Verifying", "Failed").
@marko-lisica: It looks like DDM can provide us such verification of profiles to us in the absence of osquery?
from fleet.
marko-lisica
commented on June 16, 2024
1
@lucasmrod That's right. Fleet issue DeclerativeManagement command (regular MDM command). It tells host that there are new declarations (we organize them into declaration profiles) then hosts check-in and look for changes (new declarations, updated ones, etc.). After that host tries to apply/remove/update declarations and sends status report (DDM) back to server. If that DDM status returns success, we consider it verified.
I believe that should work the same for iOS/iPadOS.
from fleet.
lucasmrod
commented on June 16, 2024
1
@noahtalerman Moving to ready for release (as the deliverable was a Google Doc)
from fleet.
sharon-fdm
commented on June 16, 2024
Research - 3-5 points.
from fleet.
sharon-fdm
commented on June 16, 2024
Hey @lukeheath
Just chatting with Noah. We think we need P2 on the IOS ticket since we asked Lucas to do it first. (before bugs)
TMWYT
from fleet.
lucasmrod
commented on June 16, 2024
I've added the Google Doc link to the description.
from fleet.
marko-lisica
commented on June 16, 2024
With iOS/iPadOS given we have no osquery we'll have to think about the device MDM Status ("Verified", "Verifying", "Failed").
@lucasmrod @rachaelshaw We use this language to describe that we use osquery for legacy profiles and to verify settings set via declaration we use DDM protocol. I think we can adjust the copy to cover the iOS use case as well.
from fleet.
lucasmrod
commented on June 16, 2024
@marko-lisica OK cool, does Fleet already verify DDM profiles are installed?
So, users administering iOS/iPadOS devices via DDM profiles would be able to get to the "Verified" state, right?
from fleet.
fleet-release
commented on June 16, 2024
iOS features bloom,
In Fleet's hands, devices thrive,
Secure, in cloud's room.
from fleet.
Related Issues (20)
- Update carve TF module to use the new env vars HOT 1
- Add `fleet-desktop` logs to `fleetd_logs` table HOT 6
- Profile error overflows modal on My Device page HOT 1
- /api/latest/fleet/hosts/:id/lock database error shows up on the UI
- Windows MDM automatic enrollment failing HOT 1
- When using Fleet before 4.51.0, "Self-service" in Fleet Desktop navigates to 404 HOT 4
- Feature request: Schedule scripts for all hosts that are failing a policy using Fleet's calendar feature. HOT 2
- Ensure Fleet supports Apple's new software update declarations. HOT 8
- Website request: add support for explicit line breaks in osquery schema examples.
- Check production dependencies of fleetdm.com HOT 1
- Check osquery Slack invitation HOT 2
- Use reader db instance when sending statistics
- [QA Wolf] On queries live-run page, unable to target specific host from search bar
- [QA Wolf] Team Admin && Global Observer+ Users get 403 forbidden error on refresh or navigation through url
- [QA Wolf] Hosts count on vulnerabilities table does not match hosts count on View All Hosts Table HOT 1
- Allow Windows MDM commands GET verb
- Website request: Add new statistics to send-aggregated-metrics-to-datadog script.
- Failed profile apply error HOT 1
- Vulnerabilities pages: Severity tooltip doesn't clarify CVSS base score version
- Tweak /logos: (1) include list of brand #colors (especially the logo rainbow, "cliff gray", the sky, etc), and (2) update handbook link to go to right place
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fleet.