Fleet 4.47.0 is live. Check out the full changelog or continue reading to get the highlights. For upgrade instructions, see our upgrade guide in the Fleet docs.
/hosts
APIFleet has added the ability to remotely wipe devices across macOS, Windows, and Linux operating systems. This functionality is essential for IT and security professionals needing to ensure data security, especially when devices may be lost, stolen, or compromised. By facilitating the remote erasure of sensitive information, Fleet provides an added security layer, helping prevent unauthorized access to corporate data. This feature is part of Fleet's ongoing commitment to effectively equip administrators with comprehensive tools for managing and securing their environments. It underscores our focus on providing robust, practical solutions that address the evolving challenges today's IT and security teams face.
A dedicated vulnerabilities page within the Software page has been added to provide a centralized overview of all vulnerabilities (CVEs) identified across hosts. This feature enables security engineers to quickly identify, assess, and prioritize CVEs affecting their fleet. More importantly, it offers the functionality to export a list of hosts affected by a specific CVE, streamlining the process of passing crucial information to the engineers responsible for remediation. This development supports proactive security management by offering clear, actionable insights into the fleet's vulnerability status, thus facilitating a more efficient response to potential security threats. This aligns with Fleet's commitment to transparency and actionability, empowering teams with the necessary tools to enhance their security posture effectively.
Fleet enhances the scope of remote script execution capabilities by extending support for longer scripts saved within the Fleet platform and enabling the execution of scripts by their name through the fleetctl
CLI. This improvement directly responds to the needs of IT administrators and security professionals who require the flexibility to run extensive scripts across their device fleets for comprehensive diagnostics, maintenance, or security tasks. Additionally, the ability to execute scripts by name simplifies the process, making script management more efficient and reducing the potential for errors. This update represents Fleet's commitment to providing practical, user-centric solutions that enhance the effectiveness and ease of managing and securing your fleet. It reflects an understanding of modern IT infrastructure's complex, evolving needs and the importance of adaptable, reliable tools in addressing those needs.
Fleet now supports the <Add>
element in Windows configuration profiles, addressing a specific need for IT administrators managing Windows devices. This development allows for more nuanced control over Windows OS settings, including adding new configurations such as Wi-Fi profiles, a functionality particularly useful in scenarios where the <Replace>
element is ineffective. This enhancement simplifies the management of Windows devices, providing administrators with the flexibility to enforce policies and settings essential for maintaining device security and operational efficiency. Fleet seeks to empower IT professionals, ensuring administrators have the tools to tailor their environments according to specific requirements and best practices.
Webhooks can be configured at the team level to alert administrators when a specified percentage of their team's hosts go offline. This allows an admin to prioritize webhooks for critical teams while setting a higher threshold for less critical teams. The web UI allows for standard configurations, with additional customizable options available in the configuration file for more tailored setups. Such granularity in notifications ensures that team admins can promptly address potential issues specific to their teams, enhancing their environments' overall responsiveness and management. This addition reflects Fleet's dedication to providing tools that support proactive and informed management, aligning with the platform's commitment to transparency and adaptability in device monitoring and security.
MacOS hosts may occasionally face issues during the Device Enrollment Program (DEP) profile assignment process, now called Automatic Device Enrollment (ADE). Recognizing the challenges posed by the Mobile Device Management (MDM) API's rate limitations, this update implements a smart retry mechanism. When a profile application to a host fails, the process times out and is scheduled to retry within the hour. This approach is designed to mitigate the impact of API rate limits, enhancing the efficiency of profile assignments. Most failed DEP profile assignments are resolved within this timeframe, streamlining the enrollment process and reducing administrative overhead. Fleet is dedicated to simplifying device management tasks, ensuring a smoother, more reliable enrollment experience.
/hosts
APIPolicy data is now included directly within the GET /hosts
API response in Fleet. This is tailored for users who prefer streamlined data access by querying a single API endpoint to retrieve comprehensive policy data for all hosts. With this enhancement, users can efficiently export this data into an external database, facilitating the custom creation of dashboards and reports that suit their specific monitoring and analysis needs. This development underscores Fleet's dedication to efficiency and adaptability, aiming to provide users with the tools they need for effective and tailored fleet management. By simplifying the process of data aggregation and visualization, Fleet empowers users to understand their device compliance posture better and make informed decisions based on comprehensive policy adherence metrics.
populate_policies=true
query parameter.POST /api/v1/fleet/hosts/:id/wipe
Fleet Premium API endpoint.fleetctl run-script
to include new flags and POST /scripts/run/sync
API to receive new parameters.<Add>
nodes in Windows MDM profiles.mdm.enable_disk_encryption
JSON null values causing issues.mdm.enable_disk_encryption
where a null
JSON value caused issues with MDM profiles in the PATCH /api/v1/fleet/config
endpoint.redis.conn_wait_timeout
configuration setting for Redis standalone (it was previously only supported on Redis cluster).POST /api/latest/fleet/queries/{id}/run
GET /api/latest/fleet/queries/run
POST /api/latest/fleet/hosts/identifier/{identifier}/query
POST /api/latest/fleet/hosts/{id}/query
Visit our Upgrade guide in the Fleet docs for instructions on updating to Fleet 4.47.0.