Fleet announces open-source, cross-platform MDM solution

The fast-growing Apple enterprise space now has a new name to play with: Fleet has introduced its own open-source take on MDM with a cross-platform solution for macOS, Windows, Linux, and ChromeOS.

fleet macos disk encryption2x

As enterprise spending pivots from hardware purchases into service subscriptions, the fast-growing, ever-busy Apple enterprise space now has a new name to play with: Fleet. The company today introduced its own open-source take on mobile device management (MDM) with a cross-platform solution for macOS, Windows, Linux, and ChromeOS.

I spoke with Fleet CEO Mike McNeil and CTO Zach Wasserman to find out more.

What is Fleet?

fleet zach wasserman Fleet

Fleet CTO Zach Wasserman

Fleet’s MDM solution (FleetDM, referred to as Fleet) works out of the box with all supported platforms and will integrate with third-party platforms and DevOps processes via a REST API. This makes it possible for admins to run queries and build customized solutions for their business.

Fleet co-founder and CTO Zach Wasserman explained:

“Fleet is built for programmatic automation. Automating audit logs with third-party platforms like Splunk is much easier with Fleet… you can say, ‘Turn on FileVault,’ and then run a query that says, ‘how many computers have FileVault turned on?’ and you'll see that it was 100% successful.”

The solution is based on the open-source project osquery, co-developed in 2014 by Wasserman, then working at Meta. Wasserman co-founded Kolide in 2016 and created Fleet, an open-source platform that enables enterprises to use osquery. Fleet’s existing services are already in use at Uber, Atlassian, Square, Ernst & Young, and elsewhere.

What are the key features of Fleet?

Key features of the new platform include these:

  • A GitOps-driven consensus model enables close collaboration among security, developer, and operations teams.
  • “Bring your own” capabilities for scripting and packaging tools let IT use the tools they already have.
  • Closed-loop feedback on deployments means IT can tell when changes are applied to a system.

The admin dashboard is also cross-platform and supports automatic enrolment of new employees with Okta or any identity provider; software update and patch management using tools such as Puppet, Munki, or Chef; disk encryption (for macOS) using Apple FileVault; remote locks and wipes; and critical security controls for Mac and Windows devices.

Fleet also supports multiple user accounts and activity auditing. The service’s source code is available publicly on GitHub.

Why open source?

fleet mike mcneil Fleet

Fleet CEO Mike McNeil

Both McNeil and Wasserman believe there is a market for highly configurable, open-source device management solutions.

Indeed, in 2022, McNeil described the future of device management as being “cross-platform, developer-friendly, universal, and most importantly, open source."

“We first built a battle-tested open-source platform that security teams trust, and then layered on top of it the configuration and APIs that IT teams want to see,” said McNeil. “We see the future of IT being unlocked by a DevOps mindset, and we aim to be at the forefront of that revolution.”

The support for osquery means IT can use standard SQL queries to search for any relevant device data. The tool’s capacity to play well with others means it can integrate with tools like Crowdstrike, Munki, Jamf, and others.

This approach may be a missing link for some enterprises seeking ways to integrate existing tools and workflows with new management and security processes.

What does Fleet hope for?

The bet Fleet is making is that there are many companies in the space seeking to use open-source tools and integrations between those and off-the-shelf solutions to create unique MDM solutions for their business — but pulling such solutions together takes a huge amount of work. It makes less sense to replicate the same work across every business, so why not build a business providing solutions to help build that?

Wasserman put it this way:

“There's so many folks out there that are already considering using open-source MDM, and they're standing at the precipice looking over like, ‘man, that's going to be a lot of work.’ And then some of them are just doing it. They just jump in and they're getting maybe a few months in, maybe they're stopping… maybe they're actually running their own open source MDM, but it's a lot for an org to take on right now and I think that there's a there's a big opportunity to help some of those folks get this over the line…”

The Fleet CTO says he thinks there's single digit millions in revenues in that space, and this is what the company seems to be pursuing.

What about the Mac?

Fleet is an open-source solution, and one of the platforms it supports is the Mac. Both company leaders agree that the Mac is where it’s at for enterprise IT.

“The narrative that we've seen over the last 10 years especially [is] the professionalization of macOS, where 10 years ago people were fighting to use macOS in the enterprise. Now it's becoming more and more a standard choice,” said Wasserman.

He observed that over time, MDM on the platform has continued to evolve. Apple has released its MDM protocols, companies have built solutions around them, and open-source tools have jumped into being across the Mac admins community. Wasserman mentioned a few, including Puppet, Munki, MicroMDM, NanoMDM, and others.

“The narrative that we see is this professionalization is coming. We are now the first open-source commercial MDM for macOS. So, we're a serious choice for people who want to bring DevOps practices into their IT management,” Wasserman told me.

What about iOS?

Eagle-eyed readers will spot that iOS isn’t yet supported by Fleet. I asked both executives about this, and they clarified that while they are certainly interested in offering such support, Apple has chosen to keep that platform slightly more closed.

“Apple has locked down the access to information on the iOS devices,” said Wasserman.

That means that while technically FleetDM can work on the platform, an admin doesn’t have the visibility and assurance the developers want to provide within their systems.

On life beyond the wall

Apple faces a great deal of pressure to open its platforms up. This may be good for some businesses, but others will be concerned at the potential impact of doing so. After all, for the majority of enterprises moving to Apple devices, security, as well as employee choice, is a big consideration.

McNeil said, “The thing that I'm really interested in is seeing how they thread the needle between security and general utility and whether we'll see a merging of macOS and iOS and the kind of more sandbox security model. It's great for security. It's challenging for productivity.

"So how will Apple work with macOS to do that? And how will Apple work with the vendors and the end users to ensure there's the right balance there? I think that’s the big, interesting question over the next few years,” he added.

Follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2023 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon