Vitals
Fleet’s built-in queries for collecting and storing important device information.
Apple
Linux
Windows
ChromeOS
Battery
Disk encryption
Disk space
Google Chrome profiles
MDM
MDM configuration profiles
MDM Disk encryption key file
MDM Disk encryption key file lines
Munki info
Network interfaces
Orbit information
Operating system information
Osquery flags
Osquery information
Scheduled osquery statistics
Software
Software codesign
Software Firefox
VScode extensions
Uptime
Users
Disk encryption
Disk space
Google Chrome profiles
Network interfaces
Orbit information
Operating system information
Osquery flags
Osquery information
Scheduled osquery statistics
Software
VScode extensions
Uptime
Users
MDM
MDM
Retrieves information about the mobile device management (MDM) solution a windows device is enrolled in.
WITH registry_keys AS (
SELECT *
FROM registry
WHERE path LIKE 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\%%'
),
enrollment_info AS (
SELECT
MAX(CASE WHEN name = 'UPN' THEN data END) AS upn,
MAX(CASE WHEN name = 'DiscoveryServiceFullURL' THEN data END) AS discovery_service_url,
MAX(CASE WHEN name = 'ProviderID' THEN data END) AS provider_id,
MAX(CASE WHEN name = 'EnrollmentState' THEN data END) AS state,
MAX(CASE WHEN name = 'AADResourceID' THEN data END) AS aad_resource_id
FROM registry_keys
GROUP BY key
),
installation_info AS (
SELECT data AS installation_type
FROM registry
WHERE path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType'
LIMIT 1
)
SELECT
e.aad_resource_id,
e.discovery_service_url,
e.provider_id,
i.installation_type
FROM installation_info i
LEFT JOIN enrollment_info e ON e.upn IS NOT NULL
WHERE COALESCE(e.state, '0') IN ('0', '1', '2', '3')
LIMIT 1
$installationKey = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
try {
$installProps = Get-ItemProperty -Path $installationKey -ErrorAction Stop
$installationType = $installProps.InstallationType
}
catch {
$installationType = $null
}
$enrollmentsPath = "HKLM:\SOFTWARE\Microsoft\Enrollments"
$enrollmentKeys = Get-ChildItem -Path $enrollmentsPath -ErrorAction SilentlyContinue
foreach ($key in $enrollmentKeys) {
try {
$props = Get-ItemProperty -Path $key.PSPath -ErrorAction Stop
}
catch {
continue
}
$upn = $props.UPN
$discoveryServiceUrl = $props.DiscoveryServiceFullURL
$providerId = $props.ProviderID
$state = $props.EnrollmentState
$aadResourceId = $props.AADResourceID
if (-not $state) { $state = "0" }
if ($upn -and @("0","1","2","3") -contains $state) {
$result = [PSCustomObject]@{
AADResourceID = $aadResourceId
DiscoveryServiceURL = $discoveryServiceUrl
ProviderID = $providerId
InstallationType = $installationType
}
$result | ConvertTo-Json -Compress
break
}
}
PowerShell commands are currently work in progress, contributions welcome.
Vitals
Battery
Disk encryption
Disk space
Google Chrome profiles
MDM
MDM configuration profiles
MDM Disk encryption key file
MDM Disk encryption key file lines
Munki info
Network interfaces
Orbit information
Operating system information
Osquery flags
Osquery information
Scheduled osquery statistics
Software
Software codesign
Software Firefox
VScode extensions
Uptime
Users
Disk encryption
Disk space
Google Chrome profiles
Network interfaces
Orbit information
Operating system information
Osquery flags
Osquery information
Scheduled osquery statistics
Software
VScode extensions
Uptime
Users
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
