Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Override default disk encryption settings on macOS #18827

Open
9 tasks
willmayhone88 opened this issue May 8, 2024 · 8 comments
Open
9 tasks

Override default disk encryption settings on macOS #18827

willmayhone88 opened this issue May 8, 2024 · 8 comments
Labels
~csa Issue was created by or deemed important by the Customer Solutions Architect. customer-mozartia customer-redwine customer-reedtimmer customer-rosner #g-mdm MDM product group prospect-velleda ~sc Request is a requirement in a presales opportunity story A user story defining an entire feature

Comments

@willmayhone88
Copy link
Contributor

willmayhone88 commented May 8, 2024
edited by marko-lisica
Loading

Goal

User story
As an IT admin enforcing disk encryption on the Controls > OS settings > Disk encryption page,
I want to override Fleet's default disk encryption settings w/ a custom profile
so that I can customize the end user experience (ex. DeferDontAskAtUserLogout and DeferForceAtUserLoginMaxBypassAttempts on macOS).

Context

Changes

Product

Engineering

  • Database schema migrations: TODO
  • Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. QA (@____): Added comment to user story confirming successful completion of QA.
@willmayhone88 willmayhone88 added :product Product Design department (shows up on 🦢 Drafting board) ~feature fest Will be reviewed at next Feature Fest customer-redwine labels May 8, 2024
@noahtalerman
Copy link
Member

@willmayhone88, thanks for tracking this.

Makes sense to have an "Advanced" option for disk encryption to override the profile that Fleet uses today.

@noahtalerman noahtalerman removed the :product Product Design department (shows up on 🦢 Drafting board) label May 9, 2024
@dherder dherder added ~sc Request is a requirement in a presales opportunity prospect-lysithea labels May 9, 2024
@dherder
Copy link
Contributor

dherder commented May 9, 2024

This should also be done for Windows Disk Encryption (Bitlocker)

@dherder dherder changed the title Add additional FileVault 2 options as part of disk encryption settings Add additional FileVault 2 and Bitlocker options as part of disk encryption settings May 10, 2024
@noahtalerman noahtalerman changed the title Add additional FileVault 2 and Bitlocker options as part of disk encryption settings Override default disk encryption settings on macOS and Windows May 13, 2024
@noahtalerman
Copy link
Member

Hey @willmayhone88 I updated this issue to the user story format and moved your original issue description below.

Please take a look at the user story in the issue description and let me know if you have any feedback. Thanks!

Problem

Currently you cannot add a configuration profile for additional FileVault 2 options such as, "DeferDontAskAtUserLogout, DeferForceAtUserLoginMaxBypassAttempts" via a configuration profile, due to FileVault 2 settings being managed by Fleet. If trying to upload a profile that contains these settings, you are presented with an error. Some organizations need the ability to configure those options. Requesting the ability to manage additional FileVault 2 options, that Apple allows.

Potential solutions

  1. One option would be to have these settings configurable either through the Fleet UI, or through a Fleet configuration file.
  2. Another option would be to have the ability to upload a custom configuration profile with FileVault 2 settings.

@noahtalerman noahtalerman added :product Product Design department (shows up on 🦢 Drafting board) and removed ~feature fest Will be reviewed at next Feature Fest labels May 13, 2024
@noahtalerman noahtalerman added #g-mdm MDM product group story A user story defining an entire feature labels May 13, 2024
@nonpunctual nonpunctual added the ~csa Issue was created by or deemed important by the Customer Solutions Architect. label May 13, 2024
@marko-lisica marko-lisica mentioned this issue May 21, 2024
Closed
@marko-lisica marko-lisica changed the title Override default disk encryption settings on macOS and Windows Override default disk encryption settings on macOS May 21, 2024
@marko-lisica marko-lisica added ~feature fest Will be reviewed at next Feature Fest and removed :product Product Design department (shows up on 🦢 Drafting board) labels May 30, 2024
@noahtalerman noahtalerman removed the ~feature fest Will be reviewed at next Feature Fest label Jun 4, 2024
@dherder dherder changed the title Override default disk encryption settings on macOS Override default disk encryption settings on macOS and windows Jun 6, 2024
@nonpunctual
Copy link
Contributor

nonpunctual commented Jun 6, 2024
edited
Loading

@noahtalerman do you want a separate issue for BitLocker config customization?

#20805

@JoStableford
Copy link
Contributor

Related to a Slack conversation

@noahtalerman
Copy link
Member

do you want a separate issue for BitLocker config customization?

@nonpunctual yes please.

In that issue can you please include which BitLocker options the requester is trying to tweak? Thanks :)

This defines the problem more specifically which makes it more helpful to consider all possible solutions.

@nonpunctual nonpunctual mentioned this issue Jul 3, 2024
Closed
6 tasks
@nonpunctual
Copy link
Contributor

related: #16866

@nonpunctual nonpunctual mentioned this issue Jul 30, 2024
Open
@nonpunctual nonpunctual changed the title Override default disk encryption settings on macOS and windows Override default disk encryption settings on macOS Jul 30, 2024
@nonpunctual
Copy link
Contributor

@noahtalerman #20848 Seperate issue for BitLocker / Windows.

@nonpunctual nonpunctual mentioned this issue Aug 2, 2024
Open
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
~csa Issue was created by or deemed important by the Customer Solutions Architect. customer-mozartia customer-redwine customer-reedtimmer customer-rosner #g-mdm MDM product group prospect-velleda ~sc Request is a requirement in a presales opportunity story A user story defining an entire feature
Milestone
No milestone
Development

No branches or pull requests
7 participants
@dherder @noahtalerman @willmayhone88 @JoStableford @pacamaster @marko-lisica @nonpunctual