Update OS settings (configuration profiles) guide #37982
+52
−25
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
noahtalerman
commented
Jan 7, 2026
noahtalerman
commented
- Main goal is to clarify "Verifying" v. "Verified" for user-scoped Windows profiles
- Also reorganize/update the heading to improve the guides flow
- "user-scoped" and "device-scoped" get a hyphen
- Main goal is to clarify "Verifying" v. "Verified" for user-scoped Windows profiles - Also reorganize/update the heading to improve the guides flow - "user-scoped" and "device-scoped" get a hyphen
noahtalerman
had a problem deploying
to
Docker Hub
GitHub Actions
Error
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
| ``` | ||
|
|
||
| > Currently only device scoped SCEP profiles are supported for Windows devices. | ||
| > Currently only device-scoped SCEP profiles are supported for Windows devices. |
Member
There was a problem hiding this comment.
We actually support user-scoped as well so this can be removed
articles/custom-os-settings.md
Outdated
| #### Upgrading to 4.71.0 | ||
| ### Windows | ||
|
|
||
| To make a Windows configuration profiles user-scoped, replace `./Device` with `./User` in all `<LocURI>` elements. |
Member
There was a problem hiding this comment.
We may want to refer user to the Windows CSP documentation: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider
Few CSPs actually indicate user support. Most are device only
noahtalerman
commented
Jan 7, 2026
noahtalerman
had a problem deploying
to
Docker Hub
GitHub Actions
Error
noahtalerman
commented
Jan 7, 2026
noahtalerman
commented
Jan 7, 2026
| #### Upgrading to 4.71.0 | ||
| ### Windows | ||
|
|
||
| 1. Head to the [Windows configuration profiles (CSPs) documentation](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) to verify that all the settings in your Windows profile support the user scope. For example, the [SCEP setting](https://learn.microsoft.com/en-us/windows/client-management/mdm/clientcertificateinstall-csp#devicescep) supports both the device and user scope. |
noahtalerman
had a problem deploying
to
Docker Hub
GitHub Actions
Error
noahtalerman
commented
Jan 7, 2026
noahtalerman
had a problem deploying
to
Docker Hub
GitHub Actions
Error
noahtalerman
commented
Jan 7, 2026
noahtalerman
commented
Jan 7, 2026
noahtalerman
had a problem deploying
to
Docker Hub
GitHub Actions
Error
noahtalerman
commented
Jan 7, 2026
noahtalerman
had a problem deploying
to
Docker Hub
GitHub Actions
Error
Clarified the verification process for macOS and Windows profiles, including timing for status updates.
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
noahtalerman
commented
Jan 7, 2026
|
|
||
| Hosts that applied all OS settings. | ||
|
|
||
| For macOS configuration profiles and device-scoped Windows profiles, Fleet verified by running an osquery query. It can take up to 1 hour ([configurable](https://fleetdm.com/docs/configuration/fleet-server-configuration#osquery-detail-update-interval)) for these profiles to move from "Verifying" to "Verified". |
Member
Author
There was a problem hiding this comment.
@JordanMontgomery is this "1 hour" part accurate?
cc @ddribeiro
Member
There was a problem hiding this comment.
@noahtalerman that is correct. If the host is online it should happen within 1 hour
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
mike-j-thomas
previously requested changes
Jan 9, 2026
articles/custom-os-settings.md
Outdated
| #### Windows | ||
|
|
||
| 1. Head to the [Windows configuration profiles (CSPs) documentation](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) to verify that all the settings in your Windows profile support the user scope. For example, the [SCEP setting](https://learn.microsoft.com/en-us/windows/client-management/mdm/clientcertificateinstall-csp#devicescep) supports both the device and user scope. | ||
| 2. To make a Windows configuration profiles user-scoped, replace `./Device` with `./User` in all `<LocURI>` elements. |
Member
There was a problem hiding this comment.
@noahtalerman, should this be a Windows configuration profile or Windows configuration profiles? Also, user scoped is the correct grammar for this sentence. It only needs to be hyphenated when modifying a noun, e.g., "user-scoped certificates."
Member
Author
There was a problem hiding this comment.
@mike-j-thomas I went with your Windows configuration profile to be consistent with step 1.
Also,
user scopedis the correct grammar for this sentence. It only needs to be hyphenated when modifying a noun, e.g., "user-scoped certificates."
Got it! Fixed.
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.