fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.09k stars 425 forks source link

Windows MDM enrollment: MS-MDE2 protocol implementation #12173

Closed lukeheath closed 11 months ago

lukeheath commented 1 year ago

Goal

As a developer, I aim to support Windows Devices enrollment by implementing the MS-MDE2 protocol specification in the Fleet server. Initially, only the 'On-Premise' auth type should be supported. A sample proof of concept (PoC) with an MS-MDE2 implementation is available here. Example protocol exchange here and here.

image

image

Tasks

Context

There is no NanoMDM equivalent for Windows, so there is some technical foundation work required to begin implementing Windows MDM features.

QA

Risk assessment

Risk level: Low / High TODO

Risk description: TODO

Automated:

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. [ ] Engineer (@____): Added comment to user story confirming succesful completion of QA.
  2. [ ] QA (@____): Added comment to user story confirming succesful completion of QA.
zhumo commented 1 year ago

@georgekarrv I removed the product label to take it off the board. We're gonna make a subtask of #11952.

noahtalerman commented 1 year ago

@georgekarrv do we still need this for programmatic enrollment to work? My guess is no if programmatic enrollment works as expected.

georgekarrv commented 11 months ago

Closing this as it's mostly a duplicate of #11952

fleet-release commented 11 months ago

Windows MDM enrolled, Secure in the cloud city, Fleet stands strong, controlled.