Know when the MDM certificate is removed from the Keychain #6434
Labels
~customer request
An enhancement requested by a Fleet customer
customer-ufa
~legacy-interface-product-group
Associated with the legacy "interface" product group. (No longer exists)
story
A user story defining an entire feature
Comments
noahtalerman
added
~customer request
noahtalerman
changed the title
|
Think about writing a policy/query first. |
noahtalerman
changed the title
|
@erikng if I recall correctly, you said that this would be the most valuable MDM issue to start with:
Do you know of any osquery queries that could help us grab this information? This way Fleet could add this info to the Fleet API/UI. |
|
It's probably going to take a few things. Check the mdm profile plist settings to get the certificate name. Check the user and system keychains for the presence of that cert. |
|
UPDATE: this issue will be addressed in Q4 2022 (noahtalerman 2022-08-31). |
noahtalerman
changed the title
|
@noahtalerman Removing the Slack thread link per customer request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
An end user can turn off MDM features by removing the MDM certificate from the Keychain application (macOS). This means that the organization can no longer update macOS settings and macOS versions on this host.
More context is here in Slack (internal customer channel)
Goal
Add ability to know when the MDM certificate is removed from the Keychain.
Parent Epic
#397
The text was updated successfully, but these errors were encountered: