Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Docs
Stories
What people are saying News Ask around Take a tour Meetups COMPANY Origins   (Fleet & osquery) The handbook Logos/artwork Why open source?
Pricing Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

mdm

click to open the table of contents
macOS logo

mdm

Information on the device's MDM enrollment.

Column Type Description
access_rights integer The access rights of the payload. The resulting number is the total of every AccessRight added up.
checkin_url text The URL the Mac checks in with, which should point to your MDM server.
dep_capable text Indicates if the computer is DEP capable or not, even if it is not currently enrolled into MDM.
enrolled text Indicates if the computer is enrolled into MDM.
has_scep_payload text Indicates if the computer has a certificate used by the MDM server to authenticate it.
identity_certificate_uuid text The UUID of the SCEP certificate.
install_date text The date on which the MDM payload was installed on the Mac.
installed_from_dep text Indicates if the MDM payload was installed via DEP or not.
payload_identifier text The identifier of the MDM payload.
server_url text The URL of the MDM server used by this computer.
sign_message text Indicates if messages sent and received from the MDM server must be signed.
topic text The topic MDM listens to for push notifications.
user_approved text Indicates if this MDM payload was approved by the user.

Example

Identify Macs that are DEP capable but have not been enrolled to MDM.

SELECT * FROM mdm WHERE dep_capable='true' AND enrolled='false';

Notes

This table is from the Mac Admins osquery extension.

  • Due to changes in macOS 12.3, the output of profiles show -type enrollment can only be generated once a day. If you are running this command with another tool, you should set the PROFILES_SHOW_ENROLLMENT_CACHE_PATH environment variable to the path you are caching this. The cache file should be json with the keys dep_capable and rate_limited present, both booleans representing whether the device is capable of DEP enrollment and whether the response from profiles show -type enrollment is being rate limited or not.
Edit page

Questions?

Ask us anything
{{table.title}} evented table