Open nonpunctual opened 4 months ago
@nonpunctual thanks for tracking this.
Bringing it to feature fest.
Hey @nonpunctual, heads up, we brought this into the upcoming design sprint (4.49).
I did not get a screen shot of it but there is also a Notification Center message when the login item is added. Not a huge deal but maybe want to consider if we want to supress it or leave it. Transparency says show it - lots of orgs do this. Paranoia says don' to prevent users from looking at the toggles. Thanks.
Feedback from Mike M.
"As a user on the "OS settings" page, I want to know there are more things that Fleet is installing that I can't see in the below list. (A tooltip of static text roughly summarizing in like one sentence the two profiles we default install would be fine)"
Brock: We can make a public version of the profile.
Noah: Do we dogfood this? I think let's dogfood this. cc @lukeheath
Zach: Let's add this to the deployment docs.
Goal
Context
The System Settings > General > Login Items UI exposes macOS 3rd party background / launchctl processes as switches, which is great for a consumer Mac user, bad for a managed device. Apple did not originally intend for these settings to be controlled via MDM. This effectively meant every management & security solution would have become useless overnight if a user simply could turn them off with a switch. Apple eventually changed their design to allow these settings to be controlled via MDM. Jamf deploys a Config Profile at enrollment that prevents a user from modifying this switch for the Jamf service.
Changes
Product
Engineering
QA
Risk assessment
Manual testing steps
Testing notes
Confirmation