Noah Talerman
Noah Talerman
In Fleet you can enforce OS settings like security restrictions, screen lock, Wi-Fi etc., on your your macOS, iOS, iPadOS, and Windows hosts using configuration profiles.
You can enforce OS settings using the Fleet UI, Fleet API, or Fleet's GitOps workflow.
For macOS, iOS, and iPadOS hosts, Fleet recommends the iMazing Profile Creator tool for creating and exporting macOS configuration profiles.
For Windows hosts, copy out this Windows configuration profile template and update the profile using any configuration service providers (CSPs) from Microsoft's MDM protocol.
Fleet UI:
In the Fleet UI, head to the Controls > OS settings > Custom settings page.
Choose which team you want to add a configuration profile to by selecting the desired team in the teams dropdown in the upper left corner. Teams are available in Fleet Premium.
Select Upload and choose your configuration profile.
To modify the OS setting, first remove the old configuration profile and then add the new one.
On macOS, iOS, and iPadOS, removing a configuration profile will remove enforcement of the OS setting.
Fleet API: API documentation is here
In the Fleet UI, head to the Controls > OS settings tab.
In the top box, with "Verified," "Verifying," "Pending," and "Failed" statuses, click each status to view a list of hosts:
Verified: hosts that installed all configuration profiles. Fleet has verified with osquery.
Verifying: hosts that have acknowledged all MDM commands to install configuration profiles. Fleet is verifying the profiles are installed with osquery. If the profile wasn't installed, Fleet will redeliver the profile.
Pending: hosts that will receive MDM commands to install configuration profiles when the hosts come online.
Failed: hosts that failed to install configuration profiles. For Windows profiles, the status codes are documented in Microsoft's documentation here.
In the list of hosts, click on an individual host and click the OS settings item to see the status for a specific setting.