We’re excited to have you here!

The goal of this document is to give you some ideas of things to look at when testing FleetDM. It is a bit of a different MDM - although it is very powerful, deployed in leading companies (Dropbox, Atlassian, Toast, Uber) and on millions of devices, it does not look like other MDMs. This is why we have created this small guide to get you setup.

Primo vs FleetDM

FleetDM powers the MDM part of Primo. With your Primo subscription, you get a Fleet Premium subscription ($7/device/month) and your FleetDM instance is hosted, maintained and updated for you.

We have built a powerful synchronisation between Primo and FleetDM, allowing us to build a better onboarding and offboarding software, connected Apps, HR integration and more while transparently benefiting from the power of FleetDM for your devices.

Prerequisites

Access to Primo & FleetDM

A couple of test devices enrolled: we recommend at least one Mac

iMazing Profile Creator: you can download it here

Testing FleetDM and Primo

Controls

💡

Controls are where you can manage your computers remotely and set them to your standard. Controls are broken down in OS Updates, OS Settings with Encryption & Custom Settings, Setup Experience and Scripts.

Use iMazing to create a profile. You can create whichever one you want to test, but we recommend trying out Chrome Extensions.
- Search for “Chrome” in the search bar
- Select “Google Chrome” and click on “add paylod”
- In the tab bar, select “Extensions”
- Navigate to “Extension/App IDs and update URLs to be silently installed”
- Click on “+” and enter the ID of any Chrome Extension. Here are a few examples:
  - 1Password: aeblfdkhhhdcdjpifhhbdiojplfjncoa
  - Hubspot: oiiaigjnkhngdbnoookogelabohpglmd
  - Kaspr: kkfgenjfpmoegefcckjklfjieepogfhg
  - To find the ID of a Chrome Extension, navigate to the Chrome Web Store. The ID is in the URL:
  - Save the Profile. You will need to enter your device’s admin username/password. If your computer is enrolled, you can sign the profile with Fleet.
- Enroll other devices, if you wish
- Navigate to Controls > OS Settings > Custom Settings and upload the Profile
- Within a few seconds, the extension should appear in your Chrome browser ✅

Queries

💡

Queries allow you to get information about all your devices very quickly and at scale.

You can for example report on all devices that have a process running that match a certain name. This query will return the date since when the process has been running, how many processor-days it has consumed and the total memory size it consumes.

SELECT
  pid,
  name,
  ROUND((system_time / 86400), 2) AS system_time_days,
  strftime('%d/%m/%Y', datetime(start_time, 'unixepoch')) AS start_time_date,
  ROUND((total_size / 1048576), 2) AS total_size_mb
FROM
  processes
WHERE
  name LIKE '%RTProtection%';

Policies

💡

Policies allow you to get Yes/No answers on your devices, as well as display them to the employees through the Fleet agent.

You can test out policies by using some of the templates that Fleet has (for example, “Gatekeeper active”).

Example of a failing policy on the employee side

Frequently Asked Questions/Good to know

Sync frequency between FleetDM & Primo: The current sync frequency is 30min between FleetDM and Primo. While this is not usually a problem, when testing enrolling devices, it can be surprising to not see the device appear immediately. We will be improving this with a new, real-time infrastructure in the next few weeks.

Unsigned profiles: If you create profiles with a computer that is enrolled in MDM, these profiles will be “signed”. If not, they won’t be signed and will display a red warning saying “this profile is not signed”. No worries - once your computer is enrolled, any profile you generate will be signed.

Display for an unsigned profile

Display for a signed profile