Open PezHub opened 1 month ago
Thanks for tracking this @PezHub!
This happened recently with our QA Wolf instance where they accidentally turned off MDM which then generated new certs and forced us to reenroll all of their hosts.
I'm glad someone ran into this scenario. Was the warning correct? Did QA wolf have to upload a new APNs certificate and turn MDM off and back on for all hosts? Did they have to do anything else?
If the warning isn't correct we should fix that quickly and separately from this feature request.
Warning is correct, humans just have a tendency to ignore them even when warned in RED BOLD letters and asked to confirm action ;)
Correct, new certs were needed and MDM had to be turned back on for the hosts
Problem
With the new APNs & ABM certificates workflow, users can now Turn OFF MDM from the UI which (soft) deletes all of their existing mdm secrets. An Admin may do this in error or simply want to revert back to the old config to avoid having to manually reenroll their hosts.
Potential solutions
It would be great to add an
undo
orrenable
option that would bring the old config backThis happened recently with our QA Wolf instance where they accidentally turned off MDM which then generated new certs and forced us to reenroll all of their hosts.
Scenario:
Note: this warning is in place when admins turn off MDM but mistakes still happen...![Screenshot 2024-06-04 at 5 13 10 PM](https://github.com/fleetdm/fleet/assets/167241658/134091cb-6cb5-49b3-b482-91d473113ec5)