If a Kolide managed device is ever lost or stolen, Lost Mode enables administrators and assigned device owners to track its precise geo-location, which may aid in its recovery.
Device Requirements
In order for Lost Mode to function correctly, the device must meet all of the following criteria:
The device runs macOS, Windows, or Linux
The device must have its Wi-Fi capability enabled
The device must be connected to the Internet (in order to communicate with Kolide)
If a device is assigned to a person, that person must have a Slack identity so that their consent can be obtained.
If a device does not meet the above criteria, Lost Mode may either be unavailable or may not report geolocation data when activated.
About Informed Consent
Due to the sensitive nature of the geolocation data transmitted when a device is in Lost Mode, if the device is assigned to a person, a Kolide admin must receive informed consent before it can be activated.
To learn more about the informed consent process (including the circumstances when it can be circumvented) please read the help article about the subject.
Disabling The Lost Mode Feature
If you don't want Lost Mode accessible to certain Kolide administrators, you can disable the feature for any administrator with the "limited access" role in the Teams & Access panel under Settings.
If you would like to disable the Lost Mode feature completely for all Kolide administrators, you can do so under the Device Privacy panel under Settings.
Please Note: If you disable the Lost Mode feature in this manner after Lost Mode has been enabled on a device, those devices will stop transmitting their current location. In addition, if you re-enable the Lost Mode feature, devices that were previously in Lost Mode will immediately return to that state.
Enabling Lost Mode
On a compatible device, visit the device detail page by clicking its name in Inventory. From there, follow these steps:
Click the "Actions" menu in the upper-right corner of any Device detail page and select Activate Lost Mode
If informed consent is required, the modal that appears will advise you on how to initiate that process. In the modal that appears, click Contact @<Slack Username> button to initiate the consent process. The assigned user will receive a Slack message to authorize the action. You can track the status of the Lost Mode request (including sending up follow-up notices) at the top of the device's detail page. The requesting administrator will receive a notification when the request has been either approved or denied via Slack.
If informed consent is not required, a Kolide administrator can immediately enable Lost Mode.Once Lost Mode is enabled, you will see a notice at the top of the of the device's detail page.
Turning Off Lost Mode
Once Lost Mode is activated, it can be deactivated any time by a Kolide administrator or the assigned owner of the device (via Slack).
Kolide Administrator
To turn off Lost Mode, simple click the Turn Off Lost Mode... inside of the Lost Mode notice at the top of the device's detail page.
Once deactivated, the assigned owner will receive a notification that looks like the following:
Device Owner (Slack)
The assigned device owner can also deactivate Lost Mode via the Kolide Slack App Home Tab by simply clicking on Lost Mode Actions next to the applicable device and selecting Turn Off Lost Mode...
Once Lost Mode is turned off, the original requesting administrator will receive a notification that looks like the following:
Viewing Device Location
Once Lost Mode is activated, it will begin transmitting location data approximately every five minutes. Both Kolide administrators and the assigned device owner can view the last transmitted location. When either party views the device's location, the action will appear in the Audit Log.
Please Note: The location shown is approximate and its accuracy can vary depending on the confidence from the geolocation API. Today, Kolide does not give administrators or end-users any visual indicator of the confidence/accuracy radius on the map itself, but this information is available to administrators in the location history export. This export can be downloaded using the link in the Lost Device Location modal.
Kolide Administrator
To view a Device's latest location Lost Mode, simple click the View Location... button inside of the Lost Mode notice at the top of the device's detail page. Additionally, administrators may also choose to download the full location history of the current Device Lost Mode Session.
Device Owner (Slack)
The assigned device owner can also view the device's latest location via the Kolide Slack App Home Tab by simply clicking on Lost Mode Actions next to the applicable device and selecting View Device Location...
Receiving Device Location Notifications
Once Lost Mode is activated, both administrators and the assigned device owner can opt-in to receive a single Slack notification when the device transmits its location. This can be useful in situations where Lost Mode was activated when the device was offline, and it may be some time before the device reports a location.
Kolide Administrator
To have Kolide notify you via Slack when a device in Lost Mode transmits its next location, simply click the alarm bell icon in the top-right corner of the Lost Mode notice at the top of the device's detail page. To deactivate the notification, simply click the bell again.
Please Note: This bell will only be shown if you have a Slack Identity associated with your Kolide admin user account.
Device Owner (Slack)
The assigned device owner can also receive these notifications via the Kolide Slack App Home Tab by simply clicking on Lost Mode Actions next to the applicable device and selecting Notify On Next Location Update. After it is enabled, the notification can be disabled by selecting Cancel Location Update Notification.
When either party requests a notification, they will receive a Slack message like the following when the device next transmits its geolocation.
