Once enrolled and registered, Kolide provides administrators with detailed insight into the state of a device and its properties. This can be accessed through the UI and programmatically via the API.

What is a Device?

In Kolide, a Device refers to a unique Kolide Agent or Kolide Mobile App enrollment.

Upon installing the Kolide Agent on a computer or the App on a mobile phone, Kolide issues a unique identifier to the Device, saved locally. Later, when the Device needs to identify itself to Kolide, it uses this identifier.

A Device is the primary object to which many other Kolide concepts are directly linked. This includes Check Results, Issues, Registrations, and Device Properties.

Enrolling Devices

Computers running desktop-class operating systems like macOS, Windows, and Linux are enrolled into Kolide through the installation of the Kolide Agent.

Mobile Devices running operating systems like iOS and Android are enrolled by installing the Kolide app from the OS vendor’s app store and then performing end-user registration.

Listing Devices

Users with access to the Kolide interface can view all Devices enrolled in Kolide by clicking Devices in the top navigation.

From this screen, you can view both registered and unregistered Devices, search for specific Devices using the built-in search, and filter Devices based on their platform type, current auth status, form factor, auth mode, device group membership, and Okta push group membership.

Device Details

Viewing a Device in Kolide reveals information accessible on the header of the details page:

• The Display Name
• Serial number (unavailable for mobile devices)
• Total uptime since the device last rebooted
• OS Name and Version (e.g., “macOS 14.1.2 Sonoma”)
• Hardware model (e.g., “MacBook Pro (16-inch, 2023)”)
• CPU architecture and model (e.g., “Apple M2 Pro”)
• MDM/Management Status (macOS and Windows only)
• IP Address used to communicate with Kolide
• The Device’s enrollment and registration date
• The version of the Kolide agent or Kolide mobile app
• The last time the Device successfully authenticated
• Total Memory/RAM

For Mobile Devices, this information is updated every time the Kolide Mobile App checks in. On Devices enrolled via the Kolide Agent, this information is updated approximately every two hours when the Device is online.

In addition to this data, if the Device was enrolled using the Kolide agent, you can also view and search additional device properties.

Editing A Device’s Name

A Device enrolled via the Kolide agent will set the Device’s display name based on its local hostname or computer name. If neither is available, Kolide will name it “Unnamed Device”.

For Mobile Devices, Kolide sets the name based on the hardware model (e.g., “iPhone 14 Pro Max”).

To change the name Kolide automatically assigns to a Device, follow these steps:

1. Click Devices in the top menu.
2. Locate the device by entering its name or serial number in the search.
3. Click the device’s name in the table.
4. Click the Actions button to reveal the drop-down menu.
5. Click Edit Name…
6. The Device’s name will become a text input field. Edit as desired.
7. Click Save to confirm.

The new name will then appear in the header, with the original default name displayed in parentheses.

Adding Notes

Kolide allows users with access to the management UI to add custom notes to a Device. These notes are useful for remembering details about a Device that Kolide doesn’t automatically collect.

To add or modify a Device note, follow these steps:

1. Click Devices in the top menu.
2. Locate the device by entering its name or serial number in the search.
3. Click the device’s name in the table.
4. Click the Notes tab in the menubar underneath the Device summary.
5. Add your note in the textarea, using markdown syntax.
6. Click Save.

Your note will be displayed with the markdown formatting applied. Additionally, you can view Device notes programmatically via the API.

Removing Devices

Removing a Device from Kolide also removes the data Kolide has collected from the Device, including Check Results, Issues, Registrations, and Device Properties (Audit and Auth Logs are still retained).

Devices can be removed from Kolide manually by users with access to the Kolide management UI, programmatically via the API, or automatically based on inactivity.

Manual Removal

To manually remove a device, follow these steps:

1. Click Devices in the top menu.
2. Locate the device by entering its name or serial number in the search.
3. Click the device’s name in the table.
4. Click the Actions button to reveal the drop-down menu.
5. Click Confirm when the warning label appears.

After confirming removal, Kolide gives you an additional three minutes in case you change your mind. Once this period expires, the removal process starts and typically takes 5 to 10 minutes to complete.

Programmatic Device Removal

Devices can be removed programmatically via the API. Refer to Kolide’s API Reference for details on how to remove a device.

Automatic Device Removal

Kolide automatically prunes Device records based on rules defined by Kolide administrators in settings. Access these settings by:

1. Clicking your avatar in the upper-right corner of the app.
2. Clicking Settings.
3. Clicking Auto Device Removal in the left sidebar menu.

Inactivity Removal

Devices enrolled in Kolide regularly “check in” either via the Kolide Agent or when the Kolide Mobile App is opened on a Mobile Device.

If a Device stops checking in, Kolide can automatically remove it after a customizable period of inactivity (Kolide suggests a value of 90 days for most retention requirements.)

Duplicate Device Removal

In situations where a computer is erased and re-provisioned to a new user, you may wish to automatically purge the data associated with the old device record that shares the same Serial Number and Hardware UUID.

If this is enabled, shortly after a device with a matching Serial Number and Hardware UUID enrolls, Kolide will begin removing the older duplicate device. This action will be logged in the Audit Log.