MacBook Endpoint Management Implementation Feedback
This issue is used for asking specific questions about the Macbook endpoint management process. The assignees of the issue will update the description when there is a question that has not been answered, with the short description and the link to the merge request.
The questions below are being answered with an individual MR each. The MR is linked next to the question:
- Security topic - gitlab-com/www-gitlab-com!54947 (merged)
- Compliance topic - gitlab-com/www-gitlab-com!54948 (merged)
- Safeguards and controls topic - gitlab-com/www-gitlab-com!55112 (merged)
- Software management, SSH access and Remote wipe topics - gitlab-com/www-gitlab-com!55114 (merged)
Roles and Responsibilities
The issues below are currently being used to track the work involved for User and Admin User access audit discussions.
In order to ensure that the quality of the answers are satisfactory, we need to use a clearer, tighter controlled workflow. This is due to:
- The number of comments asked in multiple MR's, this issue and a Slack thread is not manageable
- It was unclear what the SSOT is and where the questions can be asked, or answers received
Ownership of the workflow
- @marin will update this issue description to create a template that will be used going forward
- @marin will prepare a MR updating the endpoint management handbook page to prepare the structure to allow multiple parallel MR's
- @pkaldis and @marin will collect the unaddressed feedback from this issue, as well as the original MR in gitlab-com/www-gitlab-com!48867 (merged) and update this issue description with a link to MR where the feedback is going to be addressed
- @pkaldis will create a link between the source of the comment and the MR where the feedback is going to be addressed
- @marin to update the description of this issue with a template on 2020-07-01
- @marin to provide a MR changing the handbook page structure on 2020-07-01 => MR is up in gitlab-com/www-gitlab-com!54761 (merged)
- @pkaldis, @marin and anyone willing to help to collect unaddressed feedback by end of day 2020-07-02
- The week of 2020-07-06 will be used to continue discussions in individual MR's
- The week of 2020-07-13 to be used to evaluate the status, and make further decisions
- The week of 2020-07-20 will be used to continue discussions in individual MRs and work with legal to draft an admin user audit process.
- The week of 2020-07-27 will be used to evaluate the status and make further decisions regarding rollout
- The week of 2020-08-03 will be used to continue work with Legal and Security around audit reviews
The week of 2020-08-10 will be used to continue work with:
- Legal and Security around audit reviews
- Legal and IT completing DPIA
- IT to answer remaining questions on open MRs
- The week of 2020-08-17 will be used to rollout JAMF Opt-In Enrollment Pilot
- The week of 2020-08-31 will be used to review existing MRs and processes
- The week of 2020-09-07 will be used to review current Opt-In enrollment status
- The week of 2020-09-14 will be used to regroup and review enrollment status
- The week of 2020-09-21 will be used to communicate rollout plan
Does this workflow have an impact on the decision choice?
The workflow is there only to ensure that we can provide as clear answers as we can to the widest possible audience. The decision on what software is used and how is still a business decision. We are attempting to get to a situation similar to https://gitlab.com/gitlab-com/packaging-and-pricing/pricing-handbook/-/issues/3 where the feedback is exposing positive and negative aspects for the decision makers.
IT is currently working with a few volunteers to build more transparency into JAMF and to sandbox the JAMF local agent. If you would like to participate in either or both of these projects, please comment in the related issues or reach out to Peter Kaldis on slack.
- Friendly Ghost Project - Build more transparency into JAMF
- Ecto-containment-unit project - Sandbox the JAMF local agent
Initial Merge Requests that prompted discussions are:
- Endpoint management initial MR
- Revert of the endpoint management initial MR
- Re-introducing endpoint management with additional FAQ additions
The complete list of merge requests that are addressing the topic of Macbook Endpoint Management can be found on the www-gitlab-com repository: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests?scope=all&utf8=%E2%9C%93&state=all&label_name=Endpoint%20Management .