Update standard-query-library.yml

[mike-j-thomas]

closes: #24415 (comment)

• Updated policy to the suggestion from @jmwatts in the linked bug report.
• Added caveat note.

@ddribeiro, please can you confirm that the suggested policy edit is good to go?

[ddribeiro]

@mike-j-thomas This new policy works, but our control/remediation profile also needs to be updated to include the DisableFDEAutoLogin this profile query is looking for.

A new version of the profile would look like this (it still includes the old, non-FileVault enabled key):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDisplayName</key>
			<string>Login Window #1</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.loginwindow.CE506065-7C0E-434E-8B8C-12E164116C94</string>
			<key>PayloadType</key>
			<string>com.apple.loginwindow</string>
			<key>PayloadUUID</key>
			<string>CE506065-7C0E-434E-8B8C-12E164116C94</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>DisableFDEAutoLogin</key>
			<true/>
			<key>com.apple.login.mcx.DisableAutoLoginClient</key>
			<true/>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Disable Automatic Login</string>
	<key>PayloadIdentifier</key>
	<string>com.fleetdm.disableautomaticlogin.F07E2CB5-56CC-4699-B061-EAA253220BA8</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>F07E2CB5-56CC-4699-B061-EAA253220BA8</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

I can create a PR to update the control.

[mike-j-thomas]

@eashaw I'm getting an error on this PR from Test Fleet website / build. Can you help me resolve it?