diff --git a/.github/workflows/validate-fleetd-base-checksums.yml b/.github/workflows/validate-fleetd-base-checksums.yml
new file mode 100644
index 000000000000..59dfabb12761
--- /dev/null
+++ b/.github/workflows/validate-fleetd-base-checksums.yml
@@ -0,0 +1,88 @@
+name: Validate fleetd base checksums
+
+on:
+  schedule:
+    - cron: '0 0 * * *' # Runs every 24 hours
+  workflow_dispatch: # Allows manual trigger
+
+jobs:
+  check-files:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: sudo apt-get update
+
+      - name: Download files from Cloudflare R2
+        env:
+          R2_ACCESS_KEY: ${{ secrets.R2_ACCESS_KEY }}
+          R2_SECRET_KEY: ${{ secrets.R2_SECRET_KEY }}
+          R2_BUCKET: your-r2-bucket-name
+          R2_REGION: your-r2-region
+        run: |
+          mkdir -p downloads
+          cat << 'EOF' > download_files.sh
+          #!/bin/bash
+          set -e
+
+          ENDPOINT_URL="https://<R2_ENDPOINT_URL>"
+
+          FILES=("fleetd-base-manifest.plist" "fleetd-base.msi" "fleetd-base.pkg" "meta.json")
+
+          for FILE in "${FILES[@]}"; do
+            aws s3 cp s3://$R2_BUCKET/$FILE downloads/$FILE --endpoint-url $ENDPOINT_URL
+          done
+EOF
+
+          chmod +x download_files.sh
+          ./download_files.sh
+
+      - name: Validate checksums
+        run: |
+          cat << 'EOF' > validate_checksums.sh
+          #!/bin/bash
+          set -e
+
+          validate_checksum() {
+              local file_path=$1
+              local expected_checksum=$2
+              local actual_checksum=$(shasum -a 256 "$file_path" | awk '{ print $1 }')
+
+              if [ "$actual_checksum" != "$expected_checksum" ]; then
+                  echo "Checksum mismatch for $file_path: expected $expected_checksum, got $actual_checksum"
+                  return 1
+              fi
+          }
+
+          declare -A checksums
+          checksums["downloads/fleetd-base-manifest.plist"]="expected_checksum_1"
+          checksums["downloads/fleetd-base.msi"]="expected_checksum_2"
+          checksums["downloads/fleetd-base.pkg"]="expected_checksum_3"
+          checksums["downloads/meta.json"]="expected_checksum_4"
+
+          all_valid=true
+
+          for file_path in "${!checksums[@]}"; do
+              expected_checksum=${checksums[$file_path]}
+              if ! validate_checksum "$file_path" "$expected_checksum"; then
+                  all_valid=false
+              fi
+          done
+
+          if [ "$all_valid" = false ]; then
+              exit 1
+          fi
+EOF
+
+          chmod +x validate_checksums.sh
+          ./validate_checksums.sh
+
+      - name: Notify Slack on failure
+        if: failure()
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        run: |
+          curl -X POST -H 'Content-type: application/json' --data '{"text":"File validation failed in the GitHub workflow!"}' $SLACK_WEBHOOK_URL
diff --git a/it-and-security/lib/macos-device-health.policies.yml b/it-and-security/lib/macos-device-health.policies.yml
index 9fa29bae541d..f06480bd5035 100644
--- a/it-and-security/lib/macos-device-health.policies.yml
+++ b/it-and-security/lib/macos-device-health.policies.yml
@@ -1,10 +1,3 @@
-- name: macOS - Check if latest version
-  query: SELECT 1 FROM os_version WHERE major = '14' AND minor = '5';
-  critical: false
-  description: This policy check if macOS version is most recent version available.
-  resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
-  platform: darwin
-  calendar_events_enabled: true
 - name: macOS - Enable FileVault
   query: SELECT 1 FROM filevault_status WHERE status = 'FileVault is On.';
   critical: false
diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml
index 31c661e14ca0..88956449974f 100644
--- a/it-and-security/teams/workstations.yml
+++ b/it-and-security/teams/workstations.yml
@@ -44,8 +44,8 @@ controls:
     enable_end_user_authentication: true
     macos_setup_assistant: null
   macos_updates:
-    deadline: "2024-05-31"
-    minimum_version: "14.5"
+    deadline: ""
+    minimum_version: ""
   windows_settings:
     custom_settings: null
   windows_updates:
@@ -61,6 +61,13 @@ policies:
   - path: ../lib/macos-device-health.policies.yml
   - path: ../lib/windows-device-health.policies.yml
   - path: ../lib/linux-device-health.policies.yml
+  - name: macOS - Check if latest version
+    query: SELECT 1 FROM os_version WHERE major = '14' AND minor = '5';
+    critical: false
+    description: This policy check if macOS version is most recent version available.
+    resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
+    platform: darwin
+    calendar_events_enabled: true
 queries:
   - path: ../lib/collect-failed-login-attempts.queries.yml
   - path: ../lib/collect-usb-devices.queries.yml