Skip to content

Nudge end user to migrate to Fleet #11534

Closed
5 of 5 issues completed
Closed
Nudge end user to migrate to Fleet#11534
5 of 5 issues completed
Assignees
georgekarrv
Labels
#g-mdmMDM product group:productProduct Design department (shows up on 🦢 Drafting board)storyA user story defining an entire feature
Milestone
4.32.0
@noahtalerman

Description

@noahtalerman
noahtalerman
opened on May 4, 2023

Goal

User story
As an IT admin that wants to use Fleet's MDM features,
I want to be able to automatically remind my end users to migrate to Fleet
so that I don't have to track down end users and email or message them that they need to migrate.

Requirements

  • Fleet Premium only
  • In UI and CLI global admin can turn on/off migration workflow. The workflow has two modes: "voluntary" (default) and "forced"
  • In UI and CLI, global admins can specify an organization support URL. Default value is fleetdm.com/support.
    • This URL is used as a link in the migration reminder window.

Changes

This issue's estimation includes completing:

Expected frontend TypeScript interface:

interface IConfig {
  org_info: {
    ...
    contact_url: string; // default is "https://fleetdm.com/company/contact"
  };
  ...
  mdm: {
    ...
    macos_migration: {
      enable: boolean; // default `false`
      mode: "voluntary" | "forced"; // default "voluntary"
      webhook_url: string; // default empty, but must be valid url if `enable: true` (subject to client-side validation)
    };
};

Expected fleetctl YAML spec:

apiVersion: v1
kind: config
spec:
  org_info:
    contact_url: https://fleetdm.com/company/contact
  mdm:
    macos_migration:
      enable: true
      mode: voluntary
      webhook_url: https://organization.com/send-request-here
  ...

  • Backend changes (device endpoints)

  • Define new endpoint POST /fleet/device/{token}/migrate_mdm used for Orbit to communicate to Fleet server when device user clicks "Start" in the SwiftUI dialog.

    • Similar to the POST /fleet/device/{token}/rotate_encryption_key endpoint used to communicate to the server that user needs to reset disk encryption key.

  • Upon receipt, Fleet server POSTs to the specified webhook URL with the following request body:

Request body:

{
    "timestamp": "0000-00-00T00:00:00Z",
    "host": {
        "id": 1,
        "uuid": "5BEE866A-4655-589F-989E-2E0C93BA252C",
        "hardware_serial": "V2RG6Y7VYL"
    }
}

  • After sending the webhook request, Fleet server needs to keep fetching host vitals until osquery says host is unenrolled from MDM.

    • Fleet server stops fetching after 3 minutes if host is still enrolled.
    • As a future optimization, consider limiting the refetch to just include a subset of detail queries for MDM.

  • Modify existing endpoint that sends information to Fleet Desktop. Add a flag to show or hide "Migrate to Fleet" button. This is the same endpoint that shows the failing policies status in the systray dropdown menu.

  • Make sure org logo, name, and contact URL is accessible for Orbit.

  • Backend changes (agent)

  • Implement new SwiftUI dialog: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/%F0%9F%9A%A7-Fleet-EE-(dev-ready%2C-scratchpad)?type=design&node-id=16323-207316&t=SXvU5Kuhr4hGT502-0

  • Show/hide "Migrate to Fleet" item in systray dropdown menu

Metadata

Metadata

Assignees

Labels

#g-mdmMDM product group:productProduct Design department (shows up on 🦢 Drafting board)storyA user story defining an entire feature

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions