Hello, everyone! My employer recently started requiring the use of Fleet MDM and I have 2 questions: • I don't have a /work/ device: i use my personal devices for work and I have privacy concerns about this. Am I being unreasonable? • I'm using nixos which is incompatible with most precompiled binaries (which I assume the paid version of fleet is). Is there a nixos compatible version? Thread in Slack Conversation

Hey @Theo C., if you do end up getting a work issued laptop that's enrolled in Fleet, we have a transparency page here that shows you what information your company can see about your device. That doesn't necessarily mean they are, just that they have the ability to do so.

Fleet can run any shell script on your device remotely. This is useful for IT teams to help you troubleshoot remotely if you run into any issues with your device.

hmm

nixos is a platform that Fleet will detect in host vitals

nixos is a platform that Fleet will detect in host vitals

meaning it can run without much configuration on my end or there is a documented process for it?

I believe so. I'm not super familiar with nixos, but your company could build a .rpm or .deb installer and you'd use that to enroll Linux hosts. Since it's explicitly listed in our supported platforms array I would expect nixos to work like any other distro

oh javascript!

I think ultimately it's best to have an open dialog with your company about how they're using Fleet. I wanted to provide you with our transparency resources to help with your decision

Yes, that's the plan here, I came here to get more information as well as a few opinions on the situation; Thank you /very/ much for the help

1. you should be able to install osquery on nixos rather than using the fleet binary. 2. I'd like to know if there is a way to prevent admins from running shell scripts on machines too.

@James Script execution can be disabled by not including

--enable-scripts

when building a Fleet installer. It's disabled by default unless that flag is included.