Improve end user MDM migration workflow on macOS #19625
Comments
noahtalerman
added
~dogfood
noahtalerman
added
the
~apple-mdm-maturity
noahtalerman
changed the title
|
Hey @georgekarrv, this one is ready to be specified. |
|
Hey @marko-lisica, @roperzh, and @georgekarrv, I added the decision we landed on ("local file solution" for handling hosts that disconnect from Wi-Fi) to the "fleetd changes" section in the issue description. I included the rationale for going with this approach. Please feel free to tweak it if I'm missing anything. Also, George, heads up that it will be helpful for planning if we carve out a subtask for handling hosts that disconnect from Wi-Fi. This way, if it ends up being somewhat large (5-8), we can cut this. Let me know how Marko or I can be helpful w/ spec'ing so we can get this one to tomorrow's estimation. Thanks! |
nonpunctual
added
the
~csa
georgekarrv
added
Epic
|
@zayhanlon @dherder FYI this story is pushed to 4.56.0. We're confident it will ship in 4.56.0. |
|
Note: we decided to remove the on-demand showing of the macOS Remote Management modal, because:
|
|
Pulled the below from MDM daily standup (internal):
Hey @jahzielv just following up to make sure if I’m understanding correctly. We will now run the But, if we hit the rate limit w/ the Sound right? |
|
Hey @noahtalerman sorry, I think I might not have explained it well! I was referring to the case where a host might be manually enrolled in a 3rd party MDM, but assigned to Fleet via ABM. We said that we'd want that host to go through the ADE migration flow. To detect this case, we were going to use
|
@jahzielv that's right!
Why do we have to run the command? Don't we already know it's in ABM tho? Because we hit ABM API to get all hosts. |
|
Unrelated to the above comment: @marko-lisica, @PezHub, and @georgekarrv I was looking at the copy for macOS < 14 and I think we might be missing a step (I could be wrong).
I think the end user has to click on the macOS notification to get the profile to show up in System Settings. Is that right?
If Marko can't remember, George and Gabe can we please check this during QA? Thanks! |
|
@noahtalerman Thanks for catching this. I'm not sure if a user needs to click on the notification, so would be great to test that. |
@marko-lisica and I confirmed this earlier today on a call. He'll have a copy update for me to implement in the AM. |
We need that command on the host to know which migration flow to send the user down. Fleet can only tell fleetd that some migration is needed, not which one specifically. |
@jahzielv doesn't fleetd know whether it's in ABM or not? And if it is, go through the automatic enrollment migration (Remote Management screen) |
> Related issue: #19625 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Fleet does know, but it only sends a single type of notification to fleetd to indicate whether a migration is needed, not which type. As currently implemented, the type is determined purely on fleetd. We'd need to change the notifications flow to make Fleet tell fleetd which type of migration to do in this case. As currently implemented, I believe that the Perhaps this is a bug we could come back for in a quick improvement (only suggesting that because it's a very edge case)? |
|
Thanks @jahzielv!
Up to @marko-lisica. |
@jahzielv I agree, this is an edge case and I think we shouldn't change anything right now, in order to move quickly. We can always improve this later if we learn this is a real problem. |
|
QA Notes: I was able to test the following -
test notes and screenshots - macOS 13 Ventura 
macOS 14 |
Hey @gillespi314 and @jahzielv, heads up I added the above the "Engineering" section in the issue. Can you please update the guide as part of this story? This is for to the following OKR: A tutorial (article) exists that IT admins can follow to migrate to Fleet in the minimal number of steps. |
|
cc @georgekarrv ^^ |
lukeheath
added
:product
|
Hey @jahzielv, just following up on my comment here. Did we update this guide? |
|
hey @noahtalerman , thanks for the ping! Looks like it fell between the cracks 😓 I'll own getting that guide updated ASAP! I created a bug here: #22097 so it won't get lost in the sauce this time. |
|
Thanks @jahzielv! |
Goal
Context
macOS 14 (Sonoma) introduced a new experience for macOS hosts in Apple Business Manager. Instead of a notification that appears in notification center, new dialog pops up over whole screen. In "Forced" migration mode, Fleet shows a window every 15 minutes to end user, telling them to start migration process.This Fleet window conflicts with new macOS Sonoma experience.
Changes
Product
Engineering
QA
Risk assessment
Manual testing steps
Testing notes
Confirmation
The text was updated successfully, but these errors were encountered: