georgekarrv
commented
10 months ago Sounds like a feature request atm
Closed zayhanlon closed 9 months ago
georgekarrv
commented
10 months ago Sounds like a feature request atm
noahtalerman
commented
10 months ago Unenrolling these devices in ABM or deleting them in Fleet does not remove them from Fleet.
Hey @kennyb-222, sorry your Fleet is so cluttered.
Does unassigning a device (ex. Apple TV) from Fleet in ABM + deleting the host in Fleet work? Does the device not return to Fleet as a "Pending" host?
kennyb-222
commented
10 months ago Hi @noahtalerman, yes the process of unassigned a device in ABM and deleting the host in Fleet will prevent the device from re-appearing as a "pending" host.
noahtalerman
commented
10 months ago yes the process of unassigned a device in ABM and deleting the host in Fleet will prevent the device from re-appearing as a "pending" host.
@kennyb-222 nice!
What I'm thinking...can y'all perform a bulk unassign unsupported devices (Apple TV, iPhone, iPad) in ABM + bulk delete these devices in Fleet?
I recorded a Loom video that walks through the workflow here (internal): https://www.loom.com/share/6f98026e585949c696133a090f83ac89?sid=b2f1777d-27e4-42b7-a0c8-e9aeb9ab1706
Does that work for you?
Apologies if we've already discussed that this won't work for y'all.
kennyb-222
commented
10 months ago Thanks for the suggestions, @noahtalerman. Unfortunately, we're facing a challenge in searching hosts that are in the "Pending" MDM status using search terms like "Apple TV" (see screenshot). Also, this issue extends beyond just unsupported devices. It also affects any device previously added via ABM and then unassigned, leading to orphan host records in Fleet.
noahtalerman
commented
10 months ago Unfortunately, we're facing a challenge in searching hosts that are in the "Pending" MDM status using search terms like "Apple TV" (see screenshot)
Ah, shoot. This looks like a separate bug. Filed an issue here: https://github.com/fleetdm/fleet/issues/15498
@kennyb-222 one more suggested workaround: filter hosts by "Pending" in Fleet and bulk delete them all.
The hosts that are still assigned to Fleet in ABM will reappear on the next sync.
Loom video that walks through this workflow here: https://www.loom.com/share/549e2a9d30374bd59911130092cfe72b?sid=317aa2c2-53cf-4750-a4ce-c15bc688261b
Does that work for y'all as a quick way to declutter your Fleet?
kennyb-222
commented
10 months ago Thanks @noahtalerman, I was able to clear out all the pending devices however hosts that are currently assigned in ABM did not repopulate.
noahtalerman
commented
10 months ago I was able to clear out all the pending devices however hosts that are currently assigned in ABM did not repopulate.
@kennyb-222 following up on the above here in GitHub so we don't lose it.
If I'm understanding correctly, the immediate workaround was to unassign these devices from Fleet in ABM and reassign them to Fleet.
FYI we made sure the docs are clear so other users don't run into this: #15518
If you get the chance, please let me know what you think!
noahtalerman
commented
10 months ago Pulling this message from Roberto in Slack:
I'm sorry you're running into this. I suspect this is happening to you because you were an early adopter. This comment is relevant:
background: Apple gives us two endpoints to retrieve devices that are assigned to us in ABM: /server/devices to get a list of all devices. This endpoint is paginated using cursors /devices/sync to get modifications to the device assignment (additions, deletions, etc) we have a cron job that runs every 30 seconds, and uses both endpoints, with an important caveat: nano stores the last cursor to limit the scope of the results to the "last page"
I think by the time we released the fix, some hosts were already gone from the sync endpoint. I have two ideas:
zayhanlon
commented
9 months ago @noahtalerman Is the PR specific to this issue only a docs change? Kenny and team were wondering which of the two approaches you commented above was selected for the actual fix. Does this issue include a fix or is there another to follow?
noahtalerman
commented
9 months ago Is the PR specific to this issue only a docs change?
@zayhanlon and @kennyb-222 the fix for this issue consists of a PR and a workflow to remove unwanted "Pending" hosts:
- [x] Update documentation to mention that all other devices (ex. iPhone) must be set to "None" in ABM.
- UPDATE: We don't want all other devices to be set to "None." Why? The customer might want other devices to automatically enroll to another MDM solution. Instructions still needed some cleaning up. PR here: https://github.com/fleetdm/fleet/pull/15518
- [x] Develop a workflow for the customer to remove unsupported devices from Fleet
- In Apple Business Manager (ABM), unassign the unwanted "Pending" hosts from Fleet. Next, delete the unwanted "Pending" ABM hosts in Fleet.
We realized that the documentation needed to clarify that your only set "Mac" device type to Fleet in Apple Business Manager (ABM).
If the IT admin assigns an Apple TV to Fleet in ABM, they can follow the workflow documented in the issue.
This is the short term fix.
Does that work?
fleet-release
commented
9 months ago In Fleet's cloud city bright, Devices find their rightful site. No more clutter in sight.
Fleet version: <!-- Copy this from the "My account" page in the Fleet UI, or run
fleetctl --version--> 4.41 for staging and 4.38.1 for productionWeb browser and operating system: Chrome on macOS
💥 Actual behavior
Initially, in ABM all devices (including unsupported devices) were assigned to Fleet.
iPads, iPhones, Apple TVs, and other unsupported devices show up as "Pending" hosts in Fleet.
After unassigning these devices in ABM, the "Pending" hosts aren't removed in Fleet.
Unenrolling these devices in ABM or deleting them in Fleet does not remove them from Fleet.
🧑💻 Steps to reproduce
🛠️ To fix