Deploy Elastic Defend with MDM

[natasha-moore-elastic]

Resolves #3265.

Adds a new page "Deploy Elastic Defend on macOS with mobile device management" to the Install Elastic Defend section.
Adds a new troubleshooting section for Elastic Defend deployment issues to the Troubleshoot Elastic Defend page.

Previews

• ESS:
  • Deploy Elastic Defend on macOS with mobile device management
  • Troubleshoot Elastic Defend
• Serverless: Open the link in this comment and navigate to:
  • Security -> View serverless docs -> Configure endpoint protection with Elastic Defend -> Install Elastic Defend -> Deploy Elastic Defend on macOS with mobile device management
  • Security -> View serverless docs -> Manage Elastic Defend -> Troubleshoot Elastic Defend

[github-actions]

A documentation preview will be available soon.

• 🔨 Buildkite builds
• 📚 HTML diff
• 📙 Preview page

Request a new doc build by commenting

• Rebuild this PR: run docs-build
• Rebuild this PR and all Elastic docs: run docs-build rebuild

_{run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.}

_{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.}

[elasticdocs]

🚀 Built elastic-dot-co-docs-preview-docs successfully!

• https://elastic-dot-co-docs-production-5tgktzaf3-elastic-dev.vercel.app

• Built with commit fc6147c

Issues? Visit #next-docs in Slack

[nastasha-solomon]

Overall, these new pages look great and are super helpful! My suggestions for the ESS content also apply to the Serverless content, and ofc feel free to reject anything that you disgree with.

On a sidenote, I wonder how often we'll need to update the "Deploy Elastic Defend on macOS with mobile device management" page. Unless we conduct regular audits, it'll be difficult to know if/when the instructions become outdated.

[natasha-moore-elastic]

Note to self: after all suggestions are applied to ESS docs, make the same changes in serverless.

[brunerd]

Another very important thing to document for our Enterprise customer is Managed Login Items. It prevents admins on macOS Ventura (and up) from disabling Agent via System Settings → General → Login Items. Apple makes it easy to turn it off:

Above is how our Elastic Macs are set up, it can't be toggled in the GUI. I've been pulled into a couple SDHs about this and have really been hoping it'd be documented and these easily solved SDHs would be deflected.

I've documented Managed Login Items back on Jan 22, 2024 here with Jamf screenshots and again the same issue here with platform agnostic iMazing Profile Editor… and even back in January 31, 2023 here.

Note: A Managed Login Item config profile should never be deployed to macOS v11 (Big Sur) and under, macOS won't process it even after an upgrade to Ventura (v12) and up. So it won't be applied. @caitlinbetz this was that new thing I was mentioning in the interview that might benefit from having a separate script here

[natasha-moore-elastic]

Hi @brunerd, this is great feedback, thank you! One quick question about the FDA entries: we noticed in your screenshot that the third entry is for co.elastic.elastic-agent – is this also needed for the Endpoint configuration profile?

[brunerd]

@natasha-moore-elastic omg good catch, I've edited my above entry to reflect your catch - sorry, my afternoon/serial-processing brain saw the v7 entry and just stopped there… missing the fact that co.elastic.endpoint was just below instead what is needed are steps to add an entry for co.elastic.elastic-agent

[natasha-moore-elastic]

@natasha-moore-elastic omg good catch, I've edited my above entry to reflect your catch - sorry, my afternoon/serial-processing brain saw the v7 entry and just stopped there… missing the fact that co.elastic.endpoint was just below instead what is needed are steps to add an entry for co.elastic.elastic-agent

All good, thanks for clarifying! I'll make the edits to update the incorrect/outdated info.

Your other feedback (re the python script and Managed Login items) is super useful but will likely take more time & investigation/writing effort, so we're planning to work on that separately to avoid delays in merging this PR. I've spun off new docs tickets (#5792 and #5793) to track that work and we'll aim to prioritize it for the next couple of sprints, since it looks like a lot of customers could benefit from it.

[joepeeples]

🎸 🤘 🔥