Looking at moving from Launcher to osqueryd and have re-enrolled a machine previously enrolled with Launcher (top entry). The osqueryd + kollide-enroll entry shows as running Mac OS X 10.16.0 - is there anything I need to tweak to get this showing correctly?

This is actually what macOS reports when asked for the version (you can verify via osqueryi or live query). I wonder if Apple changed this in 11.2.2? My machine says it will upgrade tonight and can potentially confirm.

The machine in the screenshot is running 11.2.2. If I look though my list of hosts (all running/enrolled via Launcher) I see a variety of versions, including 11.1, 11.2 etc. I’m pretty sure this is the first time I’ve seen 10.16 shown in Fleet (after enrolling a host running osqueryd, enrolled with kolide-enroll.pkg). There aren’t any other ‘10.16’ hosts on my Fleet server.

Thanks! I guess I’m just curious why Launcher seems to ‘correctly’ report 11.x.x compared to osqueryd and its 10.16 reporting

It correctly reports it because osquery is launched by fleet with a magic ENV that tells Apple we do not want this 10.16 version compatibility. Which is terribly misleading IMO

I think we can look at whether to "fix" it in Fleet, but so far we think it's best to report whatever osquery provides.

Mike if you are able to set the magic ENV var in whatever mechanism you use to launch osqueryd then it will show up correctly in fleet

Cool, that makes sense. Thanks for the info both!