[Enhancement]: Document the Managed Login Items config in the Deploy Elastic Endpoint instructions #5793
Description
Description
This issue is a spin-off from #5749.
In PR #5749, we received the following feedback from @brunerd:
Another very important thing to document for our Enterprise customer is Managed Login Items. It prevents admins on macOS Ventura (and up) from disabling Agent via System Settings → General → Login Items. Apple makes it easy to turn it off:
Above is how our Elastic Macs are set up, it can't be toggled in the GUI. I've been pulled into a couple SDHs about this and have really been hoping it'd be documented and these easily solved SDHs would be deflected.
I've documented Managed Login Items back on Jan 22, 2024 https://github.com/elastic/sdh-beats/issues/4291#issuecomment-1906650343 with Jamf screenshots and again the same issue https://github.com/elastic/sdh-beats/issues/4291#issuecomment-1908406861 with platform agnostic iMazing Profile Editor… and even back in January 31, 2023 https://github.com/elastic/sdh-beats/issues/2992.
Note: A Managed Login Item config profile should never be deployed to macOS v11 (Big Sur) and under, macOS won't process it even after an upgrade to Ventura (v12) and up. So it won't be applied.
We should document this config in the Deploy Elastic Endpoint instructions.
There's a related docs issue in ingest-docs, so we may need to coordinate this effort with the Platform Docs team.
Related links / assets
Please include each of the following, if applicable:
Doc URL:
Subject matter expert:
Figma link(s):
Github epic link(s):
Github issue link(s):
Which documentation set needs improvement?
ESS and serverless
Software version
TBD
Collaborators
PM:
Designer:
Developer:
Others (if applicable):
Timeline / deliverables
N/A