When I set up a FleetDM, do I also need MDM server like NanoMDM or MicroMDM for device enrollment?

nope! You just need some way of distributing the osquery client (orbit, for instance)

Thanks! If I use https://github.com/fleetdm/fleet/tree/main/orbit, do I need to enroll a Macbook at all? How does Orbit distribute into Macbook in the first place?

if you’re talking about deploying FleetDM to a bunch of Macs, you probably need a centralised way of doing that- which could include an MDM. If you need to manage as well as monitor a bunch of Macs, an MDM could be useful in this case too.

Hi @Angelo! The packages you generate are pre-configured and easy to install, without any need for post-install scripts etc. You’d still need, as Jason pointed out, a way to distribute the client. That could be giving the package to employees who manually install it, distributing it via MDM, or distributing it with an open source tool like Munki. As soon as the package gets installed, it’ll reach out to your Fleet instance, since it’s pre-configured.

Yes, So I think this is the difference between Osquery agent and MDM. MDM can wipe out the laptop and install the apps but a OSquery agent is only used to monitor the device. Osquery is much better at giving you deep, granular info about the state of the os.

osquery is indeed meant to give you in depth, fast access to all of the details. MDM can give you things like software inventory at a slower (much) refresh rate, and definitely has a very very small amount of data it can get compared to osquery’s ~300 tables