Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Device management + MDM Observability + scripting, monitoring Software management + CVEs, usage, app library Integrations
Get started Built-in checks Raw data Tutorials & guides API SUPPORT Chat Contribute Release notes "Why is Fleet on my computer?" Get your license
Stories
What people are saying News Ask around Take a tour COMPANY Origins   (Fleet & osquery) The handbook Logos/artwork Why open source?
Pricing Try it yourself
{{thisPage.meta.articleTitle}}
search

MDM commands

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Talk to us Talk to us

MDM commands

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

MDM commands

In Fleet you can run MDM commands to take action on your macOS, iOS, iPadOS, and Windows hosts, like restarting the host, remotely.

Custom commands

You can run custom commands and view a specific command's results using the fleetctl command-line interface.

To run a custom command, we will do the following steps:

  1. Create a .xml with the request payload
  2. Choose a target host
  3. Run the command using fleetctl
  4. View our command's results using fleetctl

Step 1: Create an XML file

You can run any command supported by Apple's MDM protocol or Microsoft's MDM protocol.

An icon indicating that this section has important information

The lock and wipe commands are only available in Fleet Premium

For example, to restart a macOS host, we'll use the "Restart a Device" command documented by Apple here.

First, we'll need to create a restart-device.xml file locally with this payload:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Command</key>
    <dict>
        <key>RequestType</key>
        <string>RestartDevice</string>
    </dict>
</dict>
</plist>

To restart a Windows host, we'll use the "Reboot" command documented by Microsoft here.

The restart-device.xml file will have this payload instead:

<Exec>
  <Item>
    <Target>
      <LocURI>./Device/Vendor/MSFT/Reboot/RebootNow</LocURI>
    </Target>
    <Meta>
      <Format xmlns="syncml:metinf">null</Format>
      <Type>text/plain</Type>
    </Meta>
    <Data></Data>
  </Item>
</Exec>

Step 2: Choose a target host

To run a command, we need to specify a target host by hostname.

  1. Run the fleetctl get hosts --mdm command to get a list of hosts that are enrolled to Fleet and have MDM turned on.
  2. Find your target host's hostname. You'll need this hostname to run the command.

Step 3: Run the command

  1. Run the fleetctl mdm run-command --payload=restart-device.xml --hosts=hostname command.
An icon indicating that this section has important information

Replace the --payload and --hosts flags with your XML file and hostname respectively.

  1. Look at the on-screen information. In the output you'll see the command to see results.

Step 4: View the command's results

  1. Run the fleetctl get mdm-command-results --id=<insert-command-id>
  2. Look at the on-screen information.

List recent commands

You can view a list of the 1,000 latest commands:

  1. Run fleetctl get mdm-commands
  2. View the list of latest commands, most recent first, along with the timestamp, targeted hostname, command type, execution status and command ID.

The command ID can be used to view command results as documented in step 4 of the previous section.