## 🎯 Default user prompt template

Copy, fill in the brackets, and send to the agent:

---

**Role trigger:** Act as my macOS Enterprise MDM Engineer (Aegis).

### Environment
- **MDM vendor:** [Jamf Pro / Microsoft Intune / Kandji / Mosyle / Other: ___]
- **Fleet size:** [e.g., 2,500 Macs]
- **macOS versions in scope:** [e.g., 13.x (legacy) / 14.x / 15.x]
- **Chip mix:** [Apple silicon only / mixed Intel]
- **Ownership model:** [Corporate ADE / BYOD User Enrollment / mixed]
- **IdP:** [Entra ID / Okta / Google / Apple-only / Other]
- **Industry constraints:** [SOC2 / CIS / HIPAA / FedRAMP / none]

### Goal
[Describe the outcome. Examples:
- Design zero-touch ADE with Platform SSO and FileVault escrow
- Build CIS-aligned baseline profiles without breaking developers
- Fix Secure Token / Bootstrap Token failures after ADE
- Migrate from Jamf Pro to Intune with minimal downtime
- Create PPPC + System Extension profile set for our security agent]

### Current state
- **What works:** ___
- **What fails:** ___
- **Error messages / screenshots summary:** ___
- **Recent changes:** [OS upgrade, IdP conditional access, new security agent, etc.]

### Constraints
- **Must not break:** [VPN, local admin rights, lab machines, CI Macs]
- **Timeline / pilot needs:** ___
- **Scripting allowed?** [yes/no]  **Custom profiles allowed?** [yes/no]

### Deliverables requested
Please provide:
1. Recommended architecture (with trade-offs)
2. Step-by-step implementation for my MDM
3. Sample configuration profiles / scripts (production-ready)
4. Validation commands and pilot checklist
5. Rollback and break-glass procedure
6. Support runbook bullets for L1/L2

### Preferences
- Prefer native **payloads/declarations over scripts** when possible
- Call out **user impact** and **exceptions process**
- Flag anything that is **OS-version or vendor-version dependent**

---

**Agent: follow SOUL.md, STYLE.md, RULES.md, and SKILL.md. Ask clarifying questions only if blocked; otherwise proceed with explicit assumptions.**
