spec(gururmm): SPEC-017 mobile device support + Apple cert memory
- Update guru-rmm submodule pointer (SPEC-017 mobile device support) - Record Apple Developer + MDM Push certs (acquired 2026-05-29); MDM push cert renews annually on the same Apple ID or all enrolled iOS devices break Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -73,6 +73,7 @@
|
|||||||
- [Mac gururmm setup pending](project_mac_gururmm_setup_pending.md) — ACTION REQUIRED: run `bash scripts/install-hooks.sh` in gururmm repo on Mikes-MacBook-Air before any RMM work
|
- [Mac gururmm setup pending](project_mac_gururmm_setup_pending.md) — ACTION REQUIRED: run `bash scripts/install-hooks.sh` in gururmm repo on Mikes-MacBook-Air before any RMM work
|
||||||
|
|
||||||
## Project
|
## Project
|
||||||
|
- [Apple MDM + Developer certs (GuruRMM mobile)](project_apple_mdm_certs.md) — ACG holds both Apple Developer+signing and Apple MDM Push certs (acquired 2026-05-29) for SPEC-017 mobile support. MDM push cert RENEWS ANNUALLY on the same Apple ID or all enrolled iOS devices break. Capture Apple ID + expiry.
|
||||||
- [Only RMM & GC are versionable products](project_versionable_products.md) — GuruRMM + GuruConnect are the only products with own repos/submodules; everything else stays in the claudetools monorepo. Split only for independent pipeline OR versioned external consumer.
|
- [Only RMM & GC are versionable products](project_versionable_products.md) — GuruRMM + GuruConnect are the only products with own repos/submodules; everything else stays in the claudetools monorepo. Split only for independent pipeline OR versioned external consumer.
|
||||||
- [Quantum GoDaddy M365 tenant](project_quantum_godaddy_m365_tenant.md) — quantumwms.com parked in a GoDaddy-provisioned M365 tenant (id ddf3d2c9-b76c-40d9-a216-9f11a1a26f97, netorg18235235.onmicrosoft.com); blocks Pax8 migration until GoDaddy removed. Managed = no DNS takeover; need GoDaddy/GA access.
|
- [Quantum GoDaddy M365 tenant](project_quantum_godaddy_m365_tenant.md) — quantumwms.com parked in a GoDaddy-provisioned M365 tenant (id ddf3d2c9-b76c-40d9-a216-9f11a1a26f97, netorg18235235.onmicrosoft.com); blocks Pax8 migration until GoDaddy removed. Managed = no DNS takeover; need GoDaddy/GA access.
|
||||||
- [Cascades Migration Plan](project-cascades-migration-plan.md) — Active multi-day migration. Plan file: `C:\Users\Howard\.claude\plans\wise-discovering-panda.md`. Syncro ticket: #110680053. Resume: "resume the Cascades migration plan".
|
- [Cascades Migration Plan](project-cascades-migration-plan.md) — Active multi-day migration. Plan file: `C:\Users\Howard\.claude\plans\wise-discovering-panda.md`. Syncro ticket: #110680053. Resume: "resume the Cascades migration plan".
|
||||||
@@ -88,4 +89,4 @@
|
|||||||
- [Cascades CA phased rollout](project_cascades_ca_phased_rollout.md) — Caregiver CA policies scoped to SG-Caregivers-Pilot, expand by dept; PATCH excludeGroups, never delete the all-users-MFA policy.
|
- [Cascades CA phased rollout](project_cascades_ca_phased_rollout.md) — Caregiver CA policies scoped to SG-Caregivers-Pilot, expand by dept; PATCH excludeGroups, never delete the all-users-MFA policy.
|
||||||
- [Cascades caregiver pilot cleanup](project_cascades_pilot_cleanup.md) — Remove pilot accounts (pilot.test@, howard.enos@) at the end of the caregiver bypass pilot.
|
- [Cascades caregiver pilot cleanup](project_cascades_pilot_cleanup.md) — Remove pilot accounts (pilot.test@, howard.enos@) at the end of the caregiver bypass pilot.
|
||||||
- [Proposal: centralize config in identity.json](proposal_identity_centralization.md) — Rationale for the identity.json machine-config centralization (claudetools_root, ollama/python); now implemented.
|
- [Proposal: centralize config in identity.json](proposal_identity_centralization.md) — Rationale for the identity.json machine-config centralization (claudetools_root, ollama/python); now implemented.
|
||||||
- [ACG MSP tool stack](reference_acg_msp_stack.md) — ScreenConnect/CW Control, Splashtop, Syncro, Datto RMM, Datto EDR/AV, GuruRMM are ACG's OWN tools; do not flag as foreign/threat on managed machines (Defender-off is expected when Datto AV is active).
|
- [ACG MSP tool stack](reference_acg_msp_stack.md) — ScreenConnect/CW Control, Splashtop, Syncro, Datto RMM, Datto EDR/AV, GuruRMM are ACG's OWN tools; do not flag as foreign/threat on managed machines (Defender-off is expected when Datto AV is active).
|
||||||
|
|||||||
23
.claude/memory/project_apple_mdm_certs.md
Normal file
23
.claude/memory/project_apple_mdm_certs.md
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
name: project_apple_mdm_certs
|
||||||
|
description: ACG holds Apple Developer + MDM Push certificates (acquired 2026-05-29) for GuruRMM mobile/MDM; MDM push cert renews annually or all enrolled iOS devices break
|
||||||
|
metadata:
|
||||||
|
type: project
|
||||||
|
---
|
||||||
|
|
||||||
|
As of 2026-05-29, Arizona Computer Guru holds both Apple certificates needed for GuruRMM
|
||||||
|
mobile device support ([[SPEC-017]], `projects/msp-tools/guru-rmm/docs/specs/SPEC-017-mobile-device-support.md`):
|
||||||
|
|
||||||
|
1. **Apple Developer Program enrollment + Distribution/code-signing cert + APNs (.p8) key** — unblocks
|
||||||
|
iOS app build, signing, TestFlight/App Store distribution, and silent push (iOS Phase 1).
|
||||||
|
2. **Apple MDM Push Certificate** (from Apple Push Certificates Portal, identity.apple.com) — unblocks
|
||||||
|
iOS true remote lock/wipe via an MDM enrollment profile (iOS Phase 2).
|
||||||
|
|
||||||
|
**Why:** These were the iOS blockers in SPEC-017. Both iOS phases are now Apple-cert-unblocked;
|
||||||
|
remaining iOS work is engineering (MDM-protocol implementation), not credential acquisition.
|
||||||
|
|
||||||
|
**How to apply:** The **MDM Push Certificate expires annually and must be RENEWED on the same Apple ID**
|
||||||
|
— regenerating a fresh cert, or losing the Apple ID it was issued under, silently invalidates the MDM
|
||||||
|
enrollment of EVERY iOS device and forces fleet-wide re-enrollment. Record the owning Apple ID and set
|
||||||
|
a renewal reminder ~30 days before expiry. TODO: capture the exact owning Apple ID + expiry date (not
|
||||||
|
yet recorded — ask Mike).
|
||||||
Submodule projects/msp-tools/guru-rmm updated: 9b34393d37...417856e5fd
Reference in New Issue
Block a user