Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
mdm
mdm
Information on the device's MDM enrollment.
| Column | Type | Description |
|---|---|---|
| access_rights | integer | The access rights of the payload. The resulting number is the total of every AccessRight added up. |
| checkin_url | text | The URL the Mac checks in with, which should point to your MDM server. |
| dep_capable | text | Indicates if the computer is DEP capable or not, even if it is not currently enrolled into MDM. |
| enrolled | text | Indicates if the computer is enrolled into MDM. |
| has_scep_payload | text | Indicates if the computer has a certificate used by the MDM server to authenticate it. |
| identity_certificate_uuid | text | The UUID of the SCEP certificate. |
| install_date | text | The date on which the MDM payload was installed on the Mac. |
| installed_from_dep | text | Indicates if the MDM payload was installed via DEP or not. |
| payload_identifier | text | The identifier of the MDM payload. |
| server_url | text | The URL of the MDM server used by this computer. |
| sign_message | text | Indicates if messages sent and received from the MDM server must be signed. |
| topic | text | The topic MDM listens to for push notifications. |
| user_approved | text | Indicates if this MDM payload was approved by the user. |
Example
Identify Macs that are DEP capable but have not been enrolled to MDM.
SELECT * FROM mdm WHERE dep_capable='true' AND enrolled='false';Notes
This table is from the Mac Admins osquery extension.
- Due to changes in macOS 12.3, the output of
profiles show -type enrollmentcan only be generated once a day. If you are running this command with another tool, you should set thePROFILES_SHOW_ENROLLMENT_CACHE_PATHenvironment variable to the path you are caching this. The cache file should bejsonwith the keysdep_capableandrate_limited present, both booleans representing whether the device is capable of DEP enrollment and whether the response fromprofiles show -type enrollmentis being rate limited or not.
Questions?
SOC2 Type 2
