Device Checks

Kolide has over a hundred checks to help you measure and achieve your organization's compliance and security goals. Here are some of our most popular:

Achieve your security and compliance goals with ease.

No SQL Queries to Write
User/Okta Driven Remediation
Security Training for End-Users

You can use Device Checks to...

Block GitHub Copilot

Github Copilot can put the IP rights of your code at risk. You may want to block engineers from using it.

And many more checks...

1Password
Disallow 1Password Emergency Kit to Be Stored in Plaintext
1Password
Require 1Password 8 Meets Minimum Version
1Password
Require 1Password be Logged into Work Account
Android Lock Screen
Require Lock Screen Configuration
Android Software Updates
Ensure Android OS Is Up-to-date
Apple Intelligence
Require Apple Intelligence to Be Disabled
Arc
Require Arc Browser To Be Up-to-date
AWS Credentials
Require AWS Credentials File to Be Encrypted
BIOS
Require CPU "No Execute" to Be Enabled
BIOS
Require Secure Boot to Be Enabled
BitDefender
Require BitDefender App to Be Installed and Running
BitLocker
Require Primary Disk to Be Encrypted
Brave
Require Brave Browser to Be Up-to-date
ClamAV
Require ClamAV to Be Installed and Running
ClamAV
Require Clamscan Job to Be Running
ClamAV
Require Freshclam Job to Be Running
CrowdStrike
Ensure Endpoint Device Meets Minimum Required ZTA Score
CrowdStrike
Require CrowdStrike Agent to Be Installed and Running
Device Uptime
Require Device to Be Restarted Regularly
Disk Health
Ensure Sufficient Free Space on Primary Disk
Dropbox
Dropbox App Should Not Be Installed
ESET
Require ESET Agent to Be Installed and Running
F5 VPN
Require F5 VPN to Be Installed
Firefox
Require Firefox Browser to Be Up-to-date
Gatekeeper
Require macOS Gatekeeper to Be Enabled
GitHub Copilot
GitHub Copilot Should Not Be Installed
GitHub
Require GitHub 2FA Recovery Codes to Be Encrypted
Google Chrome
Require Chrome Browser to Be Up-to-date
Google
Require GSuite 2FA Recovery Codes to Be Encrypted
Grammarly
Grammarly Browser Extension Should Not Be Installed
Grammarly
Grammarly Mac App Should Not Be Installed
Homebrew
Require Homebrew Packages To Be Up-to-date
iCloud
Require iCloud Private Relay to Be Disabled
iOS Passcode
Require Passcode Configuration
iOS Software Updates
Ensure iOS Meets Minimum Required Version
iOS Software Updates
Ensure iOS Version Is Up-to-date
iTerm2
Require Secure Keyboard Entry to Be Enabled
Kolide Agent
Require Kolide Agent to Have Full Disk Access Entitlement
Linux Disk Encryption
Require Disk To Be Encrypted
Linux Firewall
Ensure iptables Has Suitable Default Policy
Linux Firewall
Require Uncomplicated Firewall (UFW) To Be Enabled
Linux Package Updates
Ensure Linux Packages Are Up-to-date
Linux Screen Lock
Require Cinnamon Secure Screen Lock Configuration
Linux Screen Lock
Require Gnome Secure Screen Lock Configuration
Linux Screen Lock
Require Mate Secure Screen Lock Configuration
Linux Workspace ONE UEM
Require Device To Be Enrolled
Linux Workspace ONE UEM
Require Device to be Enrolled in and Properly Configured to Workspace ONE
Linux Workspace ONE UEM
Require Device To Have All Profiles Installed
Linux Workspace ONE UEM
Require Device To Satisfy Dependencies
Login and Access
Ensure Root Account Shells Are Set to nologin
Login and Access
Ensure System Account Shells Are Set to nologin
Login and Access
Require Guest User Account to Be Disabled
Login and Access
Require Root Accounts Have a Password Set or Be Locked
Login and Access
Require System Account Passwords To Be Locked
Login and Access
Require User Account Passwords To Be Locked or Set
macOS Battery
Ensure Device Battery Is Healthy
macOS Finder
Require File Extensions to Be Visible in Finder
macOS Find My
Require Find My Service to Be Disabled
macOS Find My
Require Find My Service to Be Enabled
macOS Firewall
Require Firewall to Be Enabled
macOS Location Services
Require Location Services to Be Enabled
macOS MDM
Require Device to Be Enrolled in macOS MDM
macOS MDM
Require Jamf Protect Agent to Be Installed and Running
macOS Notifications
Require Sensitive Previews to Be Disabled on Lock Screen
macOS Screen Lock
Require Secure Screen Lock Configuration
macOS Sharing
Require Bluetooth Sharing to Be Disabled
macOS Sharing
Require Content Caching to Be Disabled
macOS Sharing
Require Disc Sharing to Be Disabled
macOS Sharing
Require File Sharing to Be Disabled
macOS Sharing
Require Internet Sharing to Be Disabled
macOS Sharing
Require Printer Sharing to Be Disabled
macOS Sharing
Require Remote Apple Events or App Scripting To Be Disabled
macOS Sharing
Require Remote Login to Be Disabled
macOS Sharing
Require Remote Management to Be Disabled
macOS Sharing
Require Screen Sharing to Be Disabled
macOS Software Updates
Ensure OS Meets Minimum Required Version
macOS Software Updates
Ensure OS Version Is Supported by Apple
macOS Software Updates
Ensure OS Version Is Up-to-date
macOS Software Updates
Require Automatic Updates to Be Enabled
Microsoft Edge
Require Edge Browser To Be Up-to-date
Microsoft Intune
Require Device Enrollment
Microsoft Intune
Require Regular Device Check In
Microsoft Software Licenses
Require Microsoft Windows to Be Licensed
Mobile OS
Ensure Device Is Enrolled in Organization MDM
Mobile OS
Ensure Device Is Not Jailbroken or Rooted
Munki
Require Munki to Be Installed and Run Recently
Network Time Protocol
Require Date and Time to Be Set Automatically
OpenAI
ChatGPT Mac App Should Not Be Installed
OpenAI
ChatGPT Mac App Should Use Approved Workspace
Password Policies
Require Password Policies to Be Configured Securely
Rapid7
Require Rapid7 App to Be Installed and Running
Remote Access
Remote Access Daemon Should Not Be Installed or Running
Removable Media
Require Autorun to Be Disabled
Salt
Require Salt App to Be Installed
SentinelOne
Require SentinelOne Agent to Be Installed, Running, and Configured
Sophos
Require Sophos App to Be Installed and Running
SSH Keys
Require SSH Keys to Be Encrypted
Sudo
Disallow Passwordless Invocation
Sudo
Require use_pty to Be Configured
Symantec
Require Symantec Endpoint Protection to Be Installed and Running
System Integrity Protection
Require System Integrity Protection to Be Enabled
Ubuntu
Ensure Cron Is Running
Ubuntu
Ensure OS Version Is Supported
Ubuntu
Require Unattended Upgrades to Be Properly Configured
Vulnerabilities
Insecure Zoom Video Conference Server
Windows 11
Disallow TPM/CPU Installation Bypass
Windows Explorer
Require File Extensions to Be Visible
Windows MDM
Require Device to Be Enrolled in Windows MDM
Windows Security Center
Require Antivirus to Be Enabled
Windows Security Center
Require Ransomware Protection (Controlled Folder Access) to Be Enabled
Windows Software Updates
Ensure Important OS Updates Are Installed
Windows Software Updates
Ensure OS Meets Minimum Version Requirement
Windows Software Updates
Ensure OS Version Is Supported by Microsoft
Windows UAC
Require User Account Control to Be Enabled
Zscaler
Require Zscaler App to Be Installed