osquery has a remote management API but the osquery agent initiates connections to the outside world (over TLS).

Basic Question - noob here. For Mac Do the configurations on the endpoint go into the /var/osquery/osquery.conf and /var/osquery/osquery.conf.d/ for it to communicate with the server?

Typically you would provide a flagfile (or just CLI flags) to set up the comms with the server, then the rest of the configuration would come from the server.