fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Lock command can be sent via API to macOS host that has MDM turned on and then turned off.

Open marko-lisica opened this issue 6 months ago • 0 comments

Fleet version: 4.69.0

💥  Actual behavior

I hit POST /api/v1/fleet/hosts/:id/lock to lock host that has MDM turned off. It was successful and lock pending badge appeared on the host details.

Image

🧑‍💻  Steps to reproduce

  1. Find a macOS host that has MDM turned off
  2. Take the host ID.
  3. Hit POST /api/v1/fleet/hosts/:id/lock
  4. Observe successful request, even though MDM is required to lock Mac

🕯️ More info (optional)

N/A

🛠️ To fix

Product designer: @marko-lisica

The user shouldn't be able to send a lock request via API to Apple hosts that have MDM turned off.

Show error if the user tries to do so. Can't lock the host because it doesn't have MDM turned on.

marko-lisica avatar Jun 20 '25 16:06 marko-lisica