Windows MDM feels like a dead end to new users #19017
Comments
RachelElysia
added
:product
|
@RachelElysia thanks for tracking this! Soon we'll be generating some of the required certs for macOS MDM features. Story here: #10383 @roperzh do you think we can generate the WSTEP cert/key for the user? That way, a user trying to turn on Windows MDM features can click "Turn on" and that's it. They're done. |
noahtalerman
added
~dogfood
|
@noahtalerman yes absolutely, makes sense! |
|
This one could be a quick win if we don't have capacity for generating the certs: #19262 |
nonpunctual
added
the
~csa
|
@RachelElysia @noahtalerman @roperzh @zayhanlon @dherder @ddribeiro what are the odds on making this "quick win" happen? Came up 2x on customer calls this week. Thanks! |
|
@nonpunctual what happens next? they reach out to us, we point them to docs? what's the 'workaround' |
|
@zayhanlon because I am referring to eval environments we can actually add the wstep certs for them to get Windows MDM evals rolling. But, if these evals close, the production environments would need to be set up with private keypair requested from the customer like we used to have to do with Apple MDM server config. So, it would become an issue for someone on your team... Thanks. |
|
@zayhanlon the workaround is very similar to what we used to do with the macOS certs, albeit a bit less effort. In an eval, we would generate the certs and pass them to infra for deployment. Seems like if we are generating those certs on the macos MDM side and we are tracking those internal to the Fleet server, we could just reuse the SCEP cert keypair like we used to before the certs were stored in the db. |
|
thanks! we'll weight it out once i get a q4 tentative plan from noah @nonpunctual @dherder |
Problem
I am clicking around the App and I found > Settings > Integrations > MDM > Turn on Windows MDM > Turn on
I click the turn on button and I get this error, "Please configure Fleet with a certificate and key pair first." but there's no link to where/how I'm suppose to do that.
Screen.Recording.2024-05-15.at.10.27.34.AM.mov
Potential solutions
The text was updated successfully, but these errors were encountered: