Devices

Using Kolide
Home / Using Kolide / Devices

Devices

Once enrolled and registered, Kolide provides administrators with detailed insight into the state of a device and its properties. This can be accessed through the UI and programmatically via the API.

What is a Device?

In Kolide, a Device refers to a unique Kolide Agent or Kolide Mobile App enrollment.

Upon installing the Kolide Agent on a computer or the App on a mobile phone, Kolide issues a unique identifier to the Device, saved locally. Later, when the Device needs to identify itself to Kolide, it uses this identifier.

A Device is the primary object to which many other Kolide concepts are directly linked. This includes Check Results, Issues, Registrations, and Device Properties.

Enrolling Devices

Computers running desktop-class operating systems like macOS, Windows, and Linux are enrolled into Kolide through the installation of the Kolide Agent.

What happens when a Device is reprovisioned to a new employee?
When an employee leaves, IT teams commonly erase the computer and reassign it to a new employee. In this case, since the Kolide Agent’s local database is deleted, Kolide will treat it as a brand new Device upon enrollment.

Depending on your auto-removal settings, Kolide will also delete any old Device records where both the serial number and the hardware UUID match.

Mobile Devices running operating systems like iOS and Android are enrolled by installing the Kolide app from the OS vendor’s app store and then performing end-user registration.

Listing Devices

Users with access to the Kolide interface can view all Devices enrolled in Kolide by clicking Devices in the top navigation.

From this screen, you can view both registered and unregistered Devices, search for specific Devices using the built-in search, and filter Devices based on their platform type, current auth status, form factor, auth mode, device group membership, and Okta push group membership.

Quickly Finding Devices:
To quickly locate a Device, use the search bar in the top-level navigation.

Devices can be searched by:

  • Their display name (e.g., Zack’s MacBook Pro)
  • Their hardware serial number
  • Their unique ID within Kolide
  • The name or email address of their registered owner

Device Details

Viewing a Device in Kolide reveals information accessible on the header of the details page:

The Device details page for a Mac

  • The Display Name
  • Serial number (unavailable for mobile devices)
  • Total uptime since the device last rebooted
  • OS Name and Version (e.g., “macOS 14.1.2 Sonoma”)
  • Hardware model (e.g., “MacBook Pro (16-inch, 2023)”)
  • CPU architecture and model (e.g., “Apple M2 Pro”)
  • MDM/Management Status (macOS and Windows only)
  • IP Address used to communicate with Kolide
  • The Device’s enrollment and registration date
  • The version of the Kolide agent or Kolide mobile app
  • The last time the Device successfully authenticated
  • Total Memory/RAM

For Mobile Devices, this information is updated every time the Kolide Mobile App checks in. On Devices enrolled via the Kolide Agent, this information is updated approximately every two hours when the Device is online.

In addition to this data, if the Device was enrolled using the Kolide agent, you can also view and search additional device properties.

Editing A Device’s Name

A Device enrolled via the Kolide agent will set the Device’s display name based on its local hostname or computer name. If neither is available, Kolide will name it “Unnamed Device”.

Note:
The Kolide agent regularly polls a device to update its display name (every few hours). Since the name is based on local network conditions, it can change depending on the network the Device is using.

For a more stable name, consider customizing the name as described below.

For Mobile Devices, Kolide sets the name based on the hardware model (e.g., “iPhone 14 Pro Max”).

To change the name Kolide automatically assigns to a Device, follow these steps:

  1. Click Devices in the top menu.
  2. Locate the device by entering its name or serial number in the search.
  3. Click the device’s name in the table.
  4. Click the Actions button to reveal the drop-down menu.
  5. Click Edit Name…
  6. The Device’s name will become a text input field. Edit as desired.
  7. Click Save to confirm.

The new name will then appear in the header, with the original default name displayed in parentheses.

Restoring The Original Name:
To restore the original name, edit the name again, clear the input box, and click Save. Clearing the entry instructs Kolide to revert to its default naming strategy.

Adding Notes

Kolide allows users with access to the management UI to add custom notes to a Device. These notes are useful for remembering details about a Device that Kolide doesn’t automatically collect.

To add or modify a Device note, follow these steps:

  1. Click Devices in the top menu.
  2. Locate the device by entering its name or serial number in the search.
  3. Click the device’s name in the table.
  4. Click the Notes tab in the menubar underneath the Device summary.
  5. Add your note in the textarea, using markdown syntax.
  6. Click Save.

Your note will be displayed with the markdown formatting applied. Additionally, you can view Device notes programmatically via the API.

Note Revisions:
Each time a user modifies a note, Kolide tracks the changes, including who made the change. View these changes by clicking View Revision History. You can revert to a previous version of a note, creating a new version, using the modal.

Removing Devices

Removing a Device from Kolide also removes the data Kolide has collected from the Device, including Check Results, Issues, Registrations, and Device Properties (Audit and Auth Logs are still retained).

Note:
If a user’s sole registered device is deleted, their Trust on First Use status will be reset, allowing them to register a new device without requiring approval

Note:
Removing Devices only affects the data stored by Kolide and prevents the agent from re-enrolling; the Device itself is not impacted. This is NOT a remote erase feature.

Devices can be removed from Kolide manually by users with access to the Kolide management UI, programmatically via the API, or automatically based on inactivity.

Manual Removal

Warning:
When removing a device, Kolide will send an disable signal to the Kolide agent to prevent it from automatically re-enrolling.

If you want to fully remove all traces of the agent, please follow the agent uninstall guide.

To manually remove a device, follow these steps:

  1. Click Devices in the top menu.
  2. Locate the device by entering its name or serial number in the search.
  3. Click the device’s name in the table.
  4. Click the Actions button to reveal the drop-down menu.
  5. Click Confirm when the warning label appears.

After confirming removal, Kolide gives you an additional three minutes in case you change your mind. Once this period expires, the removal process starts and typically takes 5 to 10 minutes to complete.

Programmatic Device Removal

Devices can be removed programmatically via the API. Refer to Kolide’s API Reference for details on how to remove a device.

Automatic Device Removal

Note:
Only admins with “Full Access” can edit Automatic Device Removal settings.

Kolide automatically prunes Device records based on rules defined by Kolide administrators in settings. Access these settings by:

  1. Clicking your avatar in the upper-right corner of the app.
  2. Clicking Settings.
  3. Clicking Auto Device Removal in the left sidebar menu.

Inactivity Removal

Devices enrolled in Kolide regularly “check in” either via the Kolide Agent or when the Kolide Mobile App is opened on a Mobile Device.

If a Device stops checking in, Kolide can automatically remove it after a customizable period of inactivity (Kolide suggests a value of 90 days for most retention requirements.)

Note:
Once auto deletion is enabled, allow approximately 24 hours for inactive devices to be purged.

Duplicate Device Removal

In situations where a computer is erased and re-provisioned to a new user, you may wish to automatically purge the data associated with the old device record that shares the same Serial Number and Hardware UUID.

If this is enabled, shortly after a device with a matching Serial Number and Hardware UUID enrolls, Kolide will begin removing the older duplicate device. This action will be logged in the Audit Log.

Serial Number Uniqueness:

Kolide will only group devices together if both their hardware UUID and serial number exactly match and the serial number appears to be “unique-looking”.

For example, Kolide does not consider a serial number unique-looking if it contains any of the following strings:

  • “to be filled”
  • “system serial number”
  • “not applicable”
  • “default”
  • “string”
  • “123456789”

What is a Hardware UUID?
The UUID (Universally Unique Identifier) for computers, specifically referred to as a hardware or system UUID, is a unique identifier assigned to a computer’s hardware components. This identifier is generally stable except in cases where the motherboard or the SoC (System on a Chip) is replaced during service.