Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Get started Built-in checks Raw data App library Tutorials & guides API SUPPORT Chat Contribute Release notes "Why is Fleet on my computer?" Get your license
Stories
What people are saying News Ask around Take a tour Meetups COMPANY Origins   (Fleet & osquery) The handbook Logos/artwork Why open source?
Pricing Try it yourself
{{thisPage.meta.articleTitle}}
search

Teams

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Talk to an engineer Talk to an engineer

Teams

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

Teams

Available in Fleet Premium

In Fleet, you can group hosts together in a "team" in Fleet. This way, you can apply queries, policies, scripts, and more that are tailored to a host's risk/compliance needs.

A host can only belong to one team.

You can give users access to only some teams.

You can manage teams by selecting your avatar in the top navigation and then Settings > Teams.

Best practice

Fleet's best practice teams:

  • 💻 Workstations: End users' production work computers (macOS, Windows, and Linux)
  • 💻🐣 Workstations (canary): IT team's test work computers. Sometimes, for demos or testing, includes end user's work computers. Used for dogfooding a new workflow or feature that may or may not be rolled out to the "Workstations" team.
  • ☁️ Servers: Security team's production servers.
  • ☁️🐣 Servers (canary): Security team's test servers.
  • Compliance exclusions: All contributors' test work computers or virtual machines (VMs). Used for validating workflows for Fleet customers or reproducing bugs in the Fleet product.
  • 📱🏢 Company-owned iPhones: iPhones purchased by the organization that enroll to Fleet automatically via Apple Business Manager. For example, iPhones used by iOS Engineers.
  • 🔳🏢 Company-owned iPads: iPads purchased by the organization that enroll to Fleet automatically via Apple Business Manager. For example, conference-room iPads.
  • 📱🔐 Personally-owned iPhones: End users' personal iPhones, like those enrolled through a BYOD program, that have access to company resources.

If some of your hosts don't fall under the above teams, what are these hosts for? The answer determines the the hosts' risk/compliance needs, and thus their security basline, and thus their "team" in Fleet. If the hosts' have a different compliance needs, and thus different security baseline, then it's time to create a new team in Fleet.

Adding hosts to a team

You can add hosts to a new team in Fleet by either enrolling the host with a team's enroll secret or by transferring the host via the Fleet UI after the host has been enrolled to Fleet.

Advanced

You can automatically enroll hosts to a specific team in Fleet by installing a fleetd with a team enroll secret. Learn more here.

Changing the host's enroll secret after enrollment will not cause the host to be transferred to a different team.