customer-fourier is experiencing a potential bug where they are seeing their ABM token default team assignment for macOS hosts revert back to "No team" after an unknown period of time. Related bug report #24000.
Since there is no audit event produced when this setting changes, it is:
Difficult to know that the setting has changed until an automation stopped working as expected.
Difficult to troubleshoot since there's no logging to determine who or when the setting changes.
What have you tried?
customer-fourier looked for logs or audit events to help determine what might be changing their default team assignment for their ABM token, but did not find any.
Potential solutions
Fleet could create an audit event that logs when changes are made to an ABM token. This would include changes made to the default team assignment for each platform.
What is the expected workflow as a result of your proposal?
1. A Fleet admin would be able to see when the default team assignment for their ABM token changed by logging into Fleet and observing the Activity feed. This would allow them to see when the token changed and who did it, which is invaluable information when troubleshooting unexpected behavior.
2. A Fleet admin would configure the activity webhook to be notified when changes are made to the ABM token team assignment. This would allow immediate correction and avoid team-based enrollment automations from breaking.
JoStableford
commented
8 hours ago
Gong snippet for context of bug/unexpected behavior that prompted this FR: https://us-65885.app.gong.io/call?id=8851708373257635984&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A184%2C%22to%22%3A351%7D%5D
Gong snippet for activity feed feature request: https://us-65885.app.gong.io/call?id=8851708373257635984&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A541%2C%22to%22%3A573%7D%5D
Problem
customer-fourieris experiencing a potential bug where they are seeing their ABM token default team assignment for macOS hosts revert back to "No team" after an unknown period of time. Related bug report #24000.Since there is no audit event produced when this setting changes, it is:
What have you tried?
customer-fourierlooked for logs or audit events to help determine what might be changing their default team assignment for their ABM token, but did not find any.Potential solutions
Fleet could create an audit event that logs when changes are made to an ABM token. This would include changes made to the default team assignment for each platform.
What is the expected workflow as a result of your proposal?
1. A Fleet admin would be able to see when the default team assignment for their ABM token changed by logging into Fleet and observing the Activity feed. This would allow them to see when the token changed and who did it, which is invaluable information when troubleshooting unexpected behavior. 2. A Fleet admin would configure the activity webhook to be notified when changes are made to the ABM token team assignment. This would allow immediate correction and avoid team-based enrollment automations from breaking.