Kolide is capable of collecting a lot of information about a user's device that it makes available to administrators in Inventory. Administrators can also use live query on devices to gather more information. Users can see what information is collected, and who can see it, in the Privacy Center.
In some cases, a Kolide administrator may not want to see all of the data that Kolide collects from the device. These situations can include:
Organizations that have a BYOD policy
Teams that have contractors with sensitive information on their devices
Teams that have users that are not comfortable with sharing this much information with their security team
In these cases, Kolide has built a way to mark a device private. This will hide certain pieces of information about a device from the Kolide administrators, while still reporting on the pass/fail status of security checks. Kolide does still collect this information and uses it to determine if Checks are passing or failing; however, this feature limits the exposure of this data to the administrators permanently. This also limits the ability to Live Query any device that is marked "Private".
With this feature, users can feel comfortable about enrolling in and using Kolide as a way to view the security state of the device without showing all of the information about the device.
What happens when a Device is marked Private?
When a device is marked Private, an administrator will only be able to see basic device details, as outlined below:
In addition, any grouped items in Inventory like Apps, Chrome Extensions, Programs, etc. will have their counts reduced, reflecting the now hidden data. Administrators will not be able to add the device to a list to Live Query, as this feature will be disabled from that feature.
If a private device is assigned to a user, and they were onboarded via Slack, they will receive a Slack notification letting them know of this change.
In the Privacy Center, a user of a private device can still request a download of their device data.
This action is also logged in the audit log.
Marking a Single Device Private
To mark specific devices private, follow these steps:
Navigate to your Kolide instance.
Find the device you would like to mark Private
Click "Actions" on the top right corner
Select "Mark Device Private"
This will pop open a window, where you will see a message which states, "This action cannot be undone. This will permanently mark this device Private."
Type the name of the device to confirm this action.
New Device Enrollment Options
For organizations that want this level of privacy for their entire organization, you can mark devices private at the moment they enroll into Kolide.
To enable this, follow these steps:
Go to the Settings page
In the left-hand menu, go the Device Privacy
By default, your team will have Details Visible for new device enrollments
To mark new devices Private, select Private, and Save Changes.
You can change this setting whenever you want, but the devices that have been marked Private will still remain private.
You will then be asked if you want the rest of your fleet marked Private as well (in the orange box). This is optional, and cannot be reversed.
When you select this, it will provide a final warning and step to complete the process.
PLEASE NOTE: THIS ACTION CANNOT BE UNDONE!
Unmarking a Device Private
To protect the integrity of the feature, marking a device private is an irreversible decision. If you marked a device private by accident, the only way to resolve the situation is to ask the user to uninstall the agent, then delete the device from K2, then have the user re-enroll.
Questions? Comments? Ping us in Intercom, or email email@example.com