Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Get started Guides Vitals Queries Policies Software OS settings Data tables API SUPPORT Chat Contribute Release notes "Why is Fleet on my computer?" Get your license
Stories
What people are saying News Ask around Take a tour Meetups COMPANY Origins   (Fleet & osquery) The handbook Logos/artwork Why open source?
Pricing Try it yourself
{{thisPage.meta.articleTitle}}
search

Custom OS settings

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Talk to an engineer Talk to an engineer

Custom OS settings

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

Custom OS settings

In Fleet you can enforce OS settings like security restrictions, screen lock, Wi-Fi etc., on your your macOS, iOS, iPadOS, and Windows hosts using configuration profiles.

Enforce OS settings

You can enforce OS settings using the Fleet UI, Fleet API, or Fleet's GitOps workflow.

For macOS, iOS, and iPadOS hosts, Fleet recommends the iMazing Profile Creator tool for creating and exporting macOS configuration profiles.

For Windows hosts, copy this Windows configuration profile template and update the profile using any configuration service providers (CSPs) from Microsoft's MDM protocol. Learn more about Windows CSPs here.

Fleet UI:

  1. In the Fleet UI, head to the Controls > OS settings > Custom settings page.

  2. Choose which team you want to add a configuration profile to by selecting the desired team in the teams dropdown in the upper left corner. Teams are available in Fleet Premium.

  3. Select Upload and choose your configuration profile.

  4. To modify the OS setting, first remove the old configuration profile and then add the new one.

An icon indicating that this section has important information

On macOS, iOS, and iPadOS, removing a configuration profile will remove enforcement of the OS setting.

Fleet API: API documentation is here

OS settings status

In the Fleet UI, head to the Controls > OS settings tab.

In the top box, with "Verified," "Verifying," "Pending," and "Failed" statuses, click each status to view a list of hosts:

  • Verified: hosts that applied all OS settings. Fleet verified by running an osquery query on Windows and macOS hosts (declarations profiles are verified with a DDM StatusReport). Currently, iOS and iPadOS hosts are "Verified" after they acknowledge all MDM commands to apply OS settings.

  • Verifying: hosts that acknowledged all MDM commands to apply OS settings. Fleet is verifying. If the profile wasn't delivered, Fleet will redeliver the profile.

  • Pending: hosts that are running MDM commands or will run MDM commands to apply OS settings when they come online.

  • Failed: hosts that failed to apply OS settings. For Windows profiles, the status codes are documented in Microsoft's documentation here.

In the list of hosts, click on an individual host and click the OS settings item to see the status for a specific setting.