Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Solutions A small chevron
Device management

Device management

Remotely manage, and protect laptops and mobile devices.

Orchestration

Orchestration

Automate tasks across devices, from app installs to scripts.

Software management

Software management

Inventory, patch, and manage installed software.

Extend Fleet

Extend Fleet

Integrate your favorite tools with Fleet.

Customers A small chevron
Stripe + Fleet

Stripe + Fleet

Stripe consolidates multiple tools with Fleet.

Foursquare + Fleet

Foursquare + Fleet

Foursquare quickly migrates to Fleet for device management.

What people are saying

What people are saying

Stories from the Fleet community.

Pricing
More A small chevron
Try it yourself Get a demo
{{thisPage.meta.articleTitle}}
search

Fleet Desktop

{{articleSubtitle}}

| The author's GitHub profile picture

Mo Zhu

Share

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Get a demoGet a demo

Fleet Desktop

{{articleSubtitle}}

| The author's GitHub profile picture

Mo Zhu

Fleet Desktop

Fleet Desktop is a menu bar icon available on macOS, Windows, and Linux that gives your end users visibility into the security posture of their machine. This unlocks two key benefits:

  • Self-remediation: end users can see which policies they are failing and resolution steps, reducing the need for IT and security teams to intervene
  • Scope transparency: end users can see what the Fleet agent can do on their machines, eliminating ambiguity between end users and their IT and security teams
An icon indicating that this section has important information

Self-remediation is only available for users with Fleet Premium

Install Fleet Desktop

For information on how to install Fleet Desktop, visit: Adding Hosts.

Upgrade Fleet Desktop

Once installed, Fleet Desktop will be automatically updated via Fleetd. To learn more, visit: Self-managed agent updates.

Organizations with complex security postures can direct end users to a resource of their choice to serve custom content.

An icon indicating that this section has important information

The custom transparency link is only available for users with Fleet Premium

To turn on the custom transparency link in the Fleet UI, click on your profile in the top right and select Settings. On the settings page, go to Organization Settings > Fleet Desktop > Custom transparency URL.

For information on setting the custom transparency link via a YAML configuration file, see the configuration files documentation.

Secure Fleet Desktop

Requests sent by Fleet Desktop and the web page that opens when clicking on the "My Device" tray item use a Random (Version 4) UUID token to uniquely identify each host.

The server uses this token to authenticate requests that give host information. Fleet uses the following methods to secure access to this information.

Successfully brute-forcing this UUID is about as likely as you getting hit by a meteorite this year.

Rate limiting

To prevent brute-forcing attempts, Fleet rate-limits the endpoints used by Fleet Desktop on a per-IP basis. If an IP requests more than 720 invalid UUIDs in a one-hour interval, Fleet will return HTTP error code 429.

Token rotation

ℹ️  In Fleet v4.22.0, token rotation for Fleet Desktop was introduced.

Starting with Fleet v4.22.0, the server will reject any token older than one hour since it was issued. This helps Fleet protect against unintentionally leaked or brute-forced tokens.

As a consequence, Fleet Desktop will issue a new token if the current token is:

  • Rejected by the server
  • Older than one hour

This change is imperceptible to users, as clicking on the "My device" tray item always uses a valid token. If a user visits an address with an expired token, they will get a message instructing them to click on the tray item again.