search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.16k stars 433 forks source link

Override default disk encryption settings on Windows #20848

Open nonpunctual opened 4 months ago

nonpunctual commented 4 months ago

Problem

Admins using Fleet to enroll Windows hosts can't currently customize all BitLocker options

What have you tried?

MDM Disk Encryption configurations are hard-coded in Fleet & have no custom options.

Potential solutions

If we intend to deliver a default configuration, there should be a way in Fleet UI or via delivering another device profile to customize BitLocker settings.

What is the expected workflow as a result of your proposal?

Admins will be able to set the BitLocker options that meet their Disk Encryption requirements instead of being bound to a hard-coded, inflexible set of options.

See: https://github.com/fleetdm/fleet/issues/18827 for the parallel issue on macOS. @noahtalerman requested separated issues for these features.

noahtalerman commented 4 months ago

Thanks @nonpunctual!

Are there any customers requesting this? Are they blocked?

And, since it looks like this a dogfooding request, are we blocked?

nonpunctual commented 4 months ago

You asked in the related ticket for this to be a separate issue. I am sure that customer-preston has asked for this & it is part of trying to ensure that we iterate on features that are released so they are equivalent for all platforms. Thanks.