Skip to content

Reframe scheduled maintenance guide #29144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Reframe scheduled maintenance guide #29144

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 19 additions & 19 deletions articles/building-webhook-flows-with-fleet-and-tines.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

![Building webhook flows with Fleet and Tines](../website/assets/images/articles/[email protected])

For IT Admins, updating systems is crucial for security and system performance. However, managing updates across numerous devices can be a daunting task. That's where automation tools like Tines and Fleet come into play. In our latest blog post, [Fleet in Your Calendar: Introducing Maintenance Windows](https://fleetdm.com/announcements/fleet-in-your-calendar-introducing-maintenance-windows), we introduced a new feature that allows you to schedule maintenance windows directly in your users' calendar. This feature helps in planning updates and ensures minimal disruption to end users.
For IT Admins, coordinating necessary actions with users is crucial for maintaining system security and performance. However, managing these actions across numerous devices can be a daunting task. That's where automation tools like Tines and Fleet come into play. In our latest blog post, [Fleet in Your Calendar: Introducing Maintenance Windows](https://fleetdm.com/announcements/fleet-in-your-calendar-introducing-maintenance-windows), we introduced a new feature that allows you to schedule maintenance windows directly in your users' calendar. This feature helps in planning necessary actions and ensures minimal disruption to end users.

Building on that, this guide will walk you through setting up an automated workflow using webhooks and Tines. Maintenance windows call the webhook and initiate the workflow we are building here at the beginning of the calendar event for the user. Tines serves as the low-code/no-code environment for this example, but this workflow can be adapted to any low-code/no-code environment that supports webhooks.

We will demonstrate how to receive a webhook callback from Fleet when a device's OS is outdated and automatically send an MDM command to update the OS. By the end of this tutorial, you'll have a fully automated process that leverages the power of Tines to keep your fleet of devices up to date seamlessly.
We will demonstrate how to receive a webhook callback from Fleet when a policy is failing on a device and automatically send an MDM command to address the issue. In this example, we'll use a policy for OS version as an illustration, but the same approach can be used for any policy or remote action you need to coordinate with users. By the end of this tutorial, you'll have a fully automated process that leverages the power of Tines to coordinate necessary actions with your users seamlessly.

Let's dive in and see how you can enhance your IT operations with this powerful integration.

Expand All @@ -27,9 +27,9 @@ A webhook is a custom HTTP callback that allows one application to send data to

## Our example IT workflow

When a device's OS version is outdated, Tines receives a webhook callback from Fleet and using information from the webhook, builds and sends an MDM (Mobile Device Management) command to update the device’s OS version.
In this example, when a policy is failing on a device, Tines receives a webhook callback from Fleet and using information from the webhook, builds and sends an MDM (Mobile Device Management) command to address the issue. For illustration purposes, we'll use a policy related to OS version, but the same approach can be applied to any policy or remote action.

Fleet will send a callback via its calendar integration feature, a maintenance window. Fleet places a scheduled maintenance event on the device users calendar. This event warns the device owner that their computer will be restarted to remediate one or more failing policies. During the calendar event time, Fleet sends a webhook. The IT admin must set up a flow to remediate the failing policy. This article is an example of one such flow.
Fleet will send a callback via its calendar integration feature, a maintenance window. Fleet places a scheduled maintenance event on the device user's calendar. This event informs the device owner that an action needs to be taken during the scheduled time. During the calendar event time, Fleet sends a webhook. The IT admin must set up a flow to handle the necessary action. This article is an example of one such flow.


## Getting started – webhook action
Expand All @@ -56,9 +56,9 @@ _Tines trigger action checking for an error._
We leave this error-handling portion of the story as a stub. In the future, we can expand it by sending an email or triggering other actions.


## Checking whether webhook indicates an outdated OS
## Checking the webhook payload for failing policies

At the same time, we also check whether the webhook was triggered by a policy indicating an outdated OS. From previous testing, we know that the webhook payload will look like this:
At the same time, we also check what policy triggered the webhook. From previous testing, we know that the webhook payload will look like this:

```json
{
Expand All @@ -84,14 +84,14 @@ The payload contains:
* Serial number.
* A list of failing policies.

We are interested in the failing policies. When one of the failing policies contains a policy named macOS - OS version up to date,” we know that the device’s OS is outdated. Hence, we create a trigger that looks for this policy.
We are interested in the failing policies. For this example, we'll look for a policy named "macOS - OS version up to date," but you could adapt this to check for any policy relevant to your needs. We create a trigger that looks for this specific policy.


![Tines trigger action checking for an outdated OS](../website/assets/images/articles/[email protected] "Tines trigger action checking for an outdated OS")
![Tines trigger action checking for a specific policy](../website/assets/images/articles/[email protected] "Tines trigger action checking for a specific policy")



_Tines trigger action checking for an outdated OS._
_Tines trigger action checking for a specific policy._

We use the following formula, which loops over all policies and will only allow the workflow to proceed if true:

Expand Down Expand Up @@ -120,9 +120,9 @@ To access Fleet’s API, we need to provide an API key. We store the API key as
_Add credential to Tines story._


## Creating MDM command payload to update OS version
## Creating MDM command payload for our example action

Now that we have the devices UUID, we can create the MDM payload. The payload contains the command to update the OS version. We use the [ScheduleOSUpdate](https://developer.apple.com/documentation/devicemanagement/schedule_an_os_update?language=objc) command from Apples MDM protocol.
Now that we have the device's UUID, we can create the MDM payload. For this example, we'll use a command related to OS updates, but you could adapt this to any MDM command relevant to your needs. We use the [ScheduleOSUpdate](https://developer.apple.com/documentation/devicemanagement/schedule_an_os_update?language=objc) command from Apple's MDM protocol as an illustration.

```xml
<?xml version="1.0" encoding="UTF-8"?>
Expand All @@ -149,14 +149,14 @@ Now that we have the device’s UUID, we can create the MDM payload. The payload
</plist>
```

This command will download macOS 14.5, install it, and pop up a 60-second countdown dialog box before restarting the device. Note that the `<<UUID()>>` Tines function creates a unique UUID for this MDM command.
This example command would download macOS 14.5, install it, and pop up a 60-second countdown dialog box before restarting the device. Note that the `<<UUID()>>` Tines function creates a unique UUID for this MDM command. Remember, this is just an example - you would adapt the command to whatever action you need to perform.


![Tines event to create ScheduleOSUpdate MDM command](../website/assets/images/articles/[email protected] "Tines event to create ScheduleOSUpdate MDM command")
![Tines event to create an MDM command](../website/assets/images/articles/[email protected] "Tines event to create an MDM command")



_Tines event to create ScheduleOSUpdate MDM command._
_Tines event to create an MDM command._

The Fleet API requires the command to be sent as a base64-encoded string. We add a “Base64 Encode” action to the story to encode the XML payload. It uses the Tines `BASE64_ENCODE` function.

Expand All @@ -179,19 +179,19 @@ Finally, we send the MDM command to the device. We add another “HTTP Request

_Tines HTTP Request action to run MDM command on the device._

The MDM command will run on the device, downloading and installing the OS update.
The MDM command will run on the device, performing the action you've specified.


![macOS restart notification after OS update.](../website/assets/images/articles/[email protected] "macOS restart notification after OS update.")
![Example of a macOS notification.](../website/assets/images/articles/[email protected] "Example of a macOS notification.")



_macOS restart notification after OS update._
_Example of a macOS notification._


## Conclusion

In this article, we built a webhook flow with Tines. We received a webhook callback from Fleet when a device had an outdated OS version. We then sent an MDM command to update the OS version. This example demonstrates how Tines can automate workflows and tasks in IT environments.
In this article, we built a webhook flow with Tines. We received a webhook callback from Fleet when a policy was failing on a device. We then sent an MDM command to address the issue. While we used an OS version policy as an example, this same approach can be used for any policy or remote action you need to coordinate with your users. This example demonstrates how Tines can automate workflows and tasks in IT environments, making it easier to coordinate necessary actions with your users through scheduled maintenance windows.



Expand All @@ -204,4 +204,4 @@ In this article, we built a webhook flow with Tines. We received a webhook callb
<meta name="category" value="guides">
<meta name="publishedOn" value="2024-05-30">
<meta name="articleImageUrl" value="../website/assets/images/articles/[email protected]">
<meta name="description" value="A guide to workflows using Tines and Fleet via webhook to update outdated OS versions.">
<meta name="description" value="A guide to workflows using Tines and Fleet via webhook to coordinate necessary actions with users through scheduled maintenance windows.">
18 changes: 9 additions & 9 deletions articles/fleet-in-your-calendar-introducing-maintenance-windows.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,34 +4,34 @@

![Fleet in your calendar: introducing maintenance windows](../website/assets/images/articles/fleet-in-your-calendar-introducing-maintenance-windows-cover-900x450@2x.png)

Fleet is excited to announce the release of "maintenance windows", a new feature in Fleet v4.48 that helps make sure OS updates occur during times that disrupt your users the least. Now, just like any good colleague, when Fleet needs some of your time, it puts it on your calendar. This approach avoids interrupting your key activities or important meetings, whether in the office, on the road, or working remotely.
Fleet is excited to announce the release of "maintenance windows", a new feature in Fleet v4.48 that helps coordinate necessary actions with your users at times that disrupt them the least. Now, just like any good colleague, when Fleet needs some of your time, it puts it on your calendar. This approach avoids interrupting your users' key activities or important meetings, whether in the office, on the road, or working remotely.

<div purpose="embedded-content">
<iframe src="https://www.youtube.com/embed/nhufmzGUeNk?si=hZFMob6WR0bc3Y_A" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>

_Maintenance windows_ is designed to enhance your workday by scheduling security updates when they are least likely to interrupt your important tasks. By analyzing your calendar, Fleet identifies optimal times for these updates—times when your device is not in use. This could be during a lunch break, before the start of the workday, or during other low-activity periods, ensuring that your focus on critical tasks remains uninterrupted.
_Maintenance windows_ is designed to enhance your workday by scheduling necessary actions when they are least likely to interrupt important tasks. By analyzing your users' calendars, Fleet identifies optimal times for these actions—times when their devices are not in use. This could be during a lunch break, before the start of the workday, or during other low-activity periods, ensuring that your users' focus on critical tasks remains uninterrupted.

![Example downtime maintenance window calendar event](../website/assets/images/articles/fleet-in-your-calendar-introducing-maintenance-windows-1-900x450@2x.png "Example downtime maintenance window calendar event")

Fleet provides AI-generated explanations directly in the calendar events, detailing why the updates are necessary and what changes to expect. This level of transparency helps demystify the update process, providing clarity and fostering trust between administrators and end-users.
Fleet provides AI-generated explanations directly in the calendar events, detailing why the actions are necessary and what changes to expect. This level of transparency helps demystify the process, providing clarity and fostering trust between administrators and end-users.

![Example downtime maintenance window calendar event](../website/assets/images/articles/fleet-in-your-calendar-introducing-maintenance-windows-2-900x450@2x.png "Example downtime maintenance window calendar event")

## _Maintenance windows_ include:

* **Personalized scheduling:** Updates are timed based on individual calendar events, so interventions happen when they are least intrusive.
* **Rescheduling flexibility:** If a scheduled update becomes impractical for any reason, users have the option to manually move the maintenance window to a more suitable time. We suggest rescheduling within one week to ensure timely updates.
* **Enhanced compliance:** With auto-scheduled maintenance windows, compliance with security protocols is maintained effortlessly, ensuring all devices are up to date without manual intervention.
* **Personalized scheduling:** Actions are timed based on individual calendar events, so interventions happen when they are least intrusive.
* **Rescheduling flexibility:** If a scheduled maintenance window becomes impractical for any reason, users have the option to manually move it to a more suitable time. We suggest rescheduling within one week to ensure timely completion of necessary actions.
* **Enhanced coordination:** With auto-scheduled maintenance windows, you can coordinate remote actions or request user actions at times that work best for them, improving the overall experience and compliance.

_Maintenance windows_ is a direct response to common challenges faced in workplace productivity, particularly unplanned disruptions from essential updates. Fleet aims to support smoother, more efficient work environments by incorporating user feedback and addressing these long-standing issues.
_Maintenance windows_ is a direct response to common challenges faced in workplace productivity, particularly unplanned disruptions from necessary IT actions. Whether you need to run a remote action or require users to take specific steps, maintenance windows help coordinate these activities at optimal times. Fleet aims to support smoother, more efficient work environments by incorporating user feedback and addressing these long-standing issues.

We are excited for you to experience the benefits of _Maintenance windows_. We look forward to supporting your organization in achieving a balance between strong security practices and high productivity.

<meta name="category" value="announcements">
<meta name="authorFullName" value="JD Strong">
<meta name="authorGitHubUsername" value="spokanemac">
<meta name="publishedOn" value="2024-04-30">
<meta name="publishedOn" value="2025-05-14">
<meta name="articleTitle" value="Fleet in your calendar: introducing maintenance windows">
<meta name="articleImageUrl" value="../website/assets/images/articles/fleet-in-your-calendar-introducing-maintenance-windows-cover-900x450@2x.png">
<meta name="description" value="Like any good colleague, when Fleet needs some of your time, it puts it on your calendar.">
<meta name="description" value="Like any good colleague, when Fleet needs some of your users' time, it puts it on their calendar.">
2 changes: 1 addition & 1 deletion articles/roadmap-preview-january-2025.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ In the next 3 months, Fleet will ship...

Big opportunities that Fleet is building towards in the near future (next 180 days):
- 🍏 Account-based user enrollment for personal devices (BYOD)
- 🗓️ Native patching for apps and OS during maintenance windows
- 🗓️ Enhanced coordination of remote actions during maintenance windows
- 🤖 AI-generated osquery queries

Any feedback or a questions? Contributions welcome! You can find us [where we hang out](https://fleetdm.com/support).
Expand Down
Loading