Know how many hosts, and which hosts, have MDM issues

[noahtalerman]

Problem

I'm an engineer managing thousands of macOS, Windows, and Chrome OS hosts and I'm overwhelmed with tracking my security goals for each of these hosts.

This makes is hard to achieve my security goals because it's difficult to find which hosts are in an undesired state and, when I do, it's difficult to ask these hosts, and their users, why they're in an undesired state.

Goal

Add ability to know why hosts have undesired configuration.

Parent Epic

fleetdm/fleet#397

How?

Inform the user which MDM commands macOS and Windows hosts received and whether or not they were successful

Child issues

• Interface: Expose this information for macOS on the frontend
• Interface: Expose this information for macOS in the API
• Agent: Make this information queryable for Windows
• Interface: Expose this information for macOS on the frontend
• Interface: Expose this information for Windows in the API

[noahtalerman]

Think about writing a policy/query first.

[noahtalerman]

@erikng if I recall correctly, you said that this would be the most valuable MDM issue to start with:

• Know if/when a user deletes an MDM certificate.

Do you know of any osquery queries that could help us grab this information? This way Fleet could add this info to the Fleet API/UI.

[erikng]

It's probably going to take a few things.

Check the mdm profile plist settings to get the certificate name.

Check the user and system keychains for the presence of that cert.

[noahtalerman]

UPDATE: this issue will be addressed in Q4 2022 (noahtalerman 2022-08-31).

[zayhanlon]

@noahtalerman Removing the Slack thread link per customer request.