Add iOS/iPadOS updates to example YAML, reference from guide

Also temporarily removes deadline exact time note because we're not consistent between Nudge and profile-based right now
fleetdm · Oct 29, 2024 · 06e4eb5 · 06e4eb5
1 parent 6e9955d
commit 06e4eb5
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 14 deletions.
diff --git a/articles/enforce-os-updates.md b/articles/enforce-os-updates.md
@@ -2,23 +2,31 @@
 
 _Available in Fleet Premium_
 
-In Fleet, you can enforce OS updates on your macOS, Windows, iOS, and iPadOS hosts remotely using the Fleet UI, Fleet API, or [Fleet's GitOps workflow](https://github.com/fleetdm/fleet-gitops).
+In Fleet, you can enforce OS updates on your macOS, Windows, iOS, and iPadOS hosts remotely using the Fleet UI, Fleet API, or Fleet's GitOps workflow.
 
-Fleet UI:
+## Turning on enforcement
+
+### Fleet UI
 
 1. Head to the **Controls** > **OS updates** tab.
 
 2. To enforce OS updates for macOS, iOS, or iPadOS, select the platform and set a **Minimum version** and **Deadline**.
 
 3. For Windows, select **Windows** and set a **Deadline** and **Grace period**.
 
-Fleet API: API documentation is [here](https://fleetdm.com/docs/rest-api/rest-api#modify-team).
+### Fleet API
+
+Use the [modify team endpoint](https://fleetdm.com/docs/rest-api/rest-api#modify-team) to turn on minimum OS version enforcement. The relevant payload keys are `macos_updates`, `ios_updates`, `ipados_updates`, and `windows_updates` under the `mdm` object.
+
+### GitOps
+
+OS version enforcement options are declared within the [controls](https://fleetdm.com/docs/configuration/yaml-files#controls) section of a Fleet GitOps YAML file, using [macos_updates](https://fleetdm.com/docs/configuration/yaml-files#macos-updates), [is_updates](https://fleetdm.com/docs/configuration/yaml-files#ios-updates), [ipados_updates](https://fleetdm.com/docs/configuration/yaml-files#ipados-updates), and [windows_updates](https://fleetdm.com/docs/configuration/yaml-files#windows-updates) keys.
 
 ## End user experience
 
 ### macOS
 
-When a minimum version is enforced, the end users see a native macOS notification (DDM) once per day. Users can choose to update ahead of the deadline or schedule it for that night. 24 hours before the deadline, the notification appears hourly and ignores Do Not Disturb. One hour before the deadline, the notification appears every 30 minutes and then every 10 minutes.   
+When a minimum version is enforced, end users see a native macOS notification (DDM) once per day. Users can choose to update ahead of the deadline or schedule it for that night. 24 hours before the deadline, the notification appears hourly and ignores Do Not Disturb. One hour before the deadline, the notification appears every 30 minutes and then every 10 minutes.   
 
 If the host was turned off when the deadline passed, the update will be scheduled an hour after it’s turned on.
 

diff --git a/docs/Configuration/yaml-files.md b/docs/Configuration/yaml-files.md
@@ -215,8 +215,14 @@ controls:
   windows_enabled_and_configured: true
   enable_disk_encryption: true # Available in Fleet Premium
   macos_updates: # Available in Fleet Premium
-    deadline: "2023-06-13"
-    minimum_version: 13.4.1
+    deadline: "2024-12-31"
+    minimum_version: 15.1
+  ios_updates: # Available in Fleet Premium
+    deadline: "2024-12-31"
+    minimum_version: 18.1
+  ipados_updates: # Available in Fleet Premium
+    deadline: "2024-12-31"
+    minimum_version: 18.1
   windows_updates: # Available in Fleet Premium
     deadline_days: 5
     grace_period_days: 2
@@ -244,24 +250,24 @@ controls:
 
 ### macos_updates
 
-- `deadline` specifies the deadline in the form of `YYYY-MM-DD`. The exact deadline time is at 04:00:00 (UTC-8) (default: `""`).
+- `deadline` specifies the deadline in `YYYY-MM-DD` format. (default: `""`).
 - `minimum_version` specifies the minimum required macOS version (default: `""`).
 
-### windows_updates
-
-- `deadline_days` (default: null)
-- `grace_period_days` (default: null)
-
 ### ios_updates
 
-- `deadline` specifies the deadline in the form of `YYYY-MM-DD`. The exact deadline time is at 04:00:00 (UTC-8) (default: `""`).
+- `deadline` specifies the deadline in `YYYY-MM-DD` format; the exact deadline is set to noon local time. (default: `""`).
 - `minimum_version` specifies the minimum required iOS version (default: `""`).
 
 ### ipados_updates
 
-- `deadline` specifies the deadline in the form of `YYYY-MM-DD`. The exact deadline time is at 04:00:00 (UTC-8) (default: `""`).
+- `deadline` specifies the deadline in `YYYY-MM-DD` format; the exact deadline is set to noon local time. (default: `""`).
 - `minimum_version` specifies the minimum required iPadOS version (default: `""`).
 
+### windows_updates
+
+- `deadline_days` specifies the number of days before Windows installs updates (default: null)
+- `grace_period_days` specifies the number of days before Windows restarts to install updates (default: null)
+
 ### macos_settings and windows_settings
 
 - `macos_settings.custom_settings` is a list of paths to macOS configuration profiles (.mobileconfig) or declaration profiles (.json).