Meta pixel
Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Endpoint operations Device management (MDM) Vulnerability management Integrations
Docs REST API Built-in queries Data tables SUPPORT Chat Hosting Release notes Get your license Contribute
Community
Chat News Podcasts Articles COMPANY Handbook Logos/artwork Why open source?
Pricing Start now
All platforms
Windows
Linux
macOS
ChromeOS
search

A menu icon Tables {{numberOfTablesDisplayed}}

right chevron down chevron

Tables{{numberOfTablesDisplayed}}

macOS logo Windows logo Linux logo macOS logo

mdm

Information on the device's MDM enrollment.

Column Type Description
access_rights integer The access rights of the payload. The resulting number is the total of every AccessRight added up.
checkin_url text The URL the Mac checks in with, which should point to your MDM server.
dep_capable text Indicates if the computer is DEP capable or not, even if it is not currently enrolled into MDM.
enrolled text Indicates if the computer is enrolled into MDM.
has_scep_payload text Indicates if the computer has a certificate used by the MDM server to authenticate it.
identity_certificate_uuid text The UUID of the SCEP certificate.
install_date text The date on which the MDM payload was installed on the Mac.
installed_from_dep text Indicates if the MDM payload was installed via DEP or not.
payload_identifier text The identifier of the MDM payload.
server_url text The URL of the MDM server used by this computer.
sign_message text Indicates if messages sent and received from the MDM server must be signed.
topic text The topic MDM listens to for push notifications.
user_approved text Indicates if this MDM payload was approved by the user.

Example

Identify Macs that are DEP capable but have not been enrolled to MDM.

SELECT * FROM mdm WHERE dep_capable='true' AND enrolled='false';

Notes

  • This table is not a core osquery table. It is included as part of Fleet's agent (fleetd).
  • Code based on work by Kolide.
  • Due to changes in macOS 12.3, the output of profiles show -type enrollment can only be generated once a day. If you are running this command with another tool, you should set the PROFILES_SHOW_ENROLLMENT_CACHE_PATH environment variable to the path you are caching this. The cache file should be json with the keys dep_capable and rate_limited present, both booleans representing whether the device is capable of DEP enrollment and whether the response from profiles show -type enrollment is being rate limited or not.
Edit page

Need more help?

Slack logo Ask the community on Slack