Open noahtalerman opened 2 years ago
Think about writing a policy/query first.
@erikng if I recall correctly, you said that this would be the most valuable MDM issue to start with:
Do you know of any osquery queries that could help us grab this information? This way Fleet could add this info to the Fleet API/UI.
It's probably going to take a few things.
Check the mdm profile plist settings to get the certificate name.
Check the user and system keychains for the presence of that cert.
UPDATE: this issue will be addressed in Q4 2022 (noahtalerman 2022-08-31).
@noahtalerman Removing the Slack thread link per customer request.
Problem
An end user can turn off MDM features by removing the MDM certificate from the Keychain application (macOS). This means that the organization can no longer update macOS settings and macOS versions on this host.
More context is here in Slack (internal customer channel)
Goal
Add ability to know when the MDM certificate is removed from the Keychain.
Parent Epic
fleetdm/fleet#397