Skip to content

Only report apps managed by Fleet on personal iOS/iPadOS devices (manual enrollment) #36738

Closed
2 of 2 issues completed
Closed
Only report apps managed by Fleet on personal iOS/iPadOS devices (manual enrollment)#36738
2 of 2 issues completed
Assignees
zayhanlon
Labels
#g-softwareSoftware product group:productProduct Design department (shows up on 🦢 Drafting board)customer-pingalistoryA user story defining an entire feature~activation-blockerBlocks a customer activation
Milestone
4.80.0
@marko-lisica

Description

@marko-lisica
marko-lisica
opened on Dec 5, 2025

Goal

User story
As an IT admin,
I want to make sure that we don't track personal apps that are installed on BYOD iOS/iPadOS hosts enrolled to Fleet
so that I can ensure we comply with company policy regarding employee privacy.

Roadmap item

None.

Original requests

None.

Resources

None.

Changes

Product

  • Changes: don't report apps installed by end user, only apps installed through Fleet.
  • UI changes: Change copy on Host > Software > Inventory for manually enrolled iOS/iPadOS hosts: MDM status: On (manual)
    • Image
  • CLI (fleetctl) usage changes: No changes.
  • YAML changes: No changes.
  • REST API changes: No changes.
  • Fleet's agent (fleetd) changes: No changes.
  • GitOps mode UI changes: No changes.
  • GitOps generation changes: No changes.
  • Activity changes: No changes.
  • Permissions changes: No changes.
  • Changes to paid features or tiers: Fleet Free and Premium.
  • My device and fleetdm.com/better changes: No changes.
  • Usage statistics: No changes.
  • Other reference documentation changes: No changes.
  • First draft of test plan added
  • Once shipped, requester has been notified
  • Once shipped, dogfooding issue has been filed. No need to dogfood. @marko-lisica tried this.

Engineering

  • Test plan is finalized
  • Contributor API changes: No changes
  • Feature guide changes: Guide: Fleet only collect iOS/iPadOS (BYOD) software installed through Fleet #39838
  • Database schema migrations: None
  • Load testing: Low risk, minimal load testing needed. Additional JOIN only affects iOS/iPadOS manual enrollment subset. Existing indexes on host_id handle the join efficiently. Recommend basic validation that software list queries don't degrade.
  • Load testing/osquery-perf improvements: No changes required. iOS/iPadOS software is reported via MDM InstalledApplicationList command, not osquery.
  • This is a premium only feature: No

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires testing in a hosted environment: No
  • Requires load testing: No
  • Risk level: Low

Test plan

Make sure to go through the list and consider all events that might be related to this story, so we catch edge cases earlier.

  • Make sure that only managed apps (installed by Fleet) are reported in Host > Software > Inventory for iOS/iPadOS hosts that have MDM status On (manual).
  • Make sure that the copy on the page above is updated as specified under "UI changes".
  • Make sure that only managed apps are returned in the API.
  • Make sure that after the first refetch upon release of this feature, all non-managed apps are removed from the host inventory for iOS/iPadOS hosts that are manually enrolled.

Testing notes

Confirmation

  1. Engineer: Added comment to user story confirming successful completion of test plan.
  2. QA: Added comment to user story confirming successful completion of test plan.

Metadata

Metadata

Assignees

Labels

#g-softwareSoftware product group:productProduct Design department (shows up on 🦢 Drafting board)customer-pingalistoryA user story defining an entire feature~activation-blockerBlocks a customer activation

Type

No type

Projects

🌦️ :help-customers

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions