Fleet MDM Review – Open-Source Device Management Built on osquery

Fleet MDM is an open-source device management platform that gives IT teams real-time visibility and control across macOS, Windows, Linux, ChromeOS, iOS, and Android – all from a single console. It's built on osquery, Facebook's open-source endpoint agent, and it's the first MDM with native GitOps support.

For MSPs evaluating alternatives to vendor-locked platforms like Jamf, Workspace ONE, or NinjaOne, Fleet represents a fundamentally different approach. You get the source code. You control the deployment. And you manage every OS your clients run without stitching together three different tools.

Fleet raised $27M in funding to expand its open device management platform, and companies like Fastly, Gusto, and Uber are already running it in production. The question isn't whether Fleet works at scale – it's whether it works for your MSP.

This review breaks down the features, setup process, pricing, and the specific scenarios where Fleet MDM makes sense for managed service providers.

Core Features That Matter for MSPs

Fleet isn't trying to be an RMM. It's a device management and security visibility platform. That distinction matters when you're evaluating where it fits in your stack.

Cross-Platform Management from One Console

Fleet manages macOS, Windows, Linux, ChromeOS, iOS, and Android from a unified interface. That alone solves a real problem. Most MSPs juggle Jamf for Macs, Intune for Windows, and something else for Linux – if they manage Linux at all. Fleet collapses that into one pane.

Real-Time Device Visibility via osquery

This is Fleet's biggest differentiator. Traditional MDM tools poll devices on intervals – sometimes hours apart. Fleet uses osquery to deliver sub-30-second reporting. You can query any enrolled device and get answers in near real-time: What software is installed? Is FileVault on? When was the last OS update?

For MSPs handling incident response across multiple clients, that speed isn't a nice-to-have. It's the difference between containing a threat in minutes versus discovering it tomorrow.

Declarative Policy Management

Fleet enforces desired device states automatically. Set a policy – say, "all macOS devices must have disk encryption enabled" – and Fleet continuously checks and remediates. When a device drifts out of compliance, Fleet brings it back. No manual intervention.

Policies are defined in YAML, which means they're version-controlled, peer-reviewed, and deployable through CI/CD pipelines. If you've ever fat-fingered a GPO that bricked 200 machines, you'll appreciate the pull-request workflow.

Zero-Touch Enrollment

Fleet supports Apple Business Manager for macOS/iOS and Windows Autopilot for Windows devices. Ship a laptop to a client's new hire, they open the lid, and it enrolls automatically – configured with the right profiles, software, and policies for that client's environment.

Automated Patching and Software Deployment

Fleet handles OS updates using Apple's Declarative Device Management (DDM) framework and manages third-party software deployment. You define what should be installed, Fleet handles the rest. It also flags known vulnerabilities against CVE databases and supports CIS benchmark compliance checks.

Native Integrations

Fleet connects to the tools MSPs already use: Okta and Active Directory for identity, Splunk and Elastic for SIEM, Jira and Zendesk for ticketing. The API is well-documented and flexible enough for custom automations.

Fleet MDM Setup: What It Actually Takes

Let's be honest about the setup. Fleet isn't a SaaS product you sign up for and start clicking around in five minutes. It can be – if you use Fleet's managed cloud hosting. But most MSPs evaluating open-source MDM want self-hosted deployments, and that requires some infrastructure work.

Self-Hosted Deployment (Docker Compose)

The fastest path to a self-hosted Fleet instance is Docker Compose. The core stack has three components:

• Fleet server – the application itself
• MySQL – primary database for device records, policies, and query results
• Redis – handles the live query queue and caching

Fleet publishes an official Docker image and a ready-to-use Docker Compose file. The basic process:

1. Clone the repo or grab the compose file
2. Configure your .env with database credentials and TLS certificates
3. Run docker-compose up
4. Access the web UI and create your first admin account
5. Enroll devices using the Fleet agent (fleetd) or MDM enrollment profiles

For production, you'll want proper TLS certificates (not self-signed), S3-compatible storage for software installers, and a backup strategy for MySQL. Fleet's deployment docs walk through each step.

Managed Cloud Option

Don't want to run infrastructure? Fleet offers a managed cloud deployment where they handle hosting, updates, and availability. Same features, no ops burden. For MSPs who'd rather spend time on client work than babysitting MySQL replication, this is the pragmatic choice.

Honest Assessment

If your team is comfortable with Docker, Linux, and basic database administration, self-hosted Fleet is straightforward. If those words make your techs nervous, use the managed cloud or keep looking. Fleet doesn't hide this complexity – the setup guides are thorough, but they assume a baseline of DevOps literacy.

Fleet Pricing: Free vs. Premium

Fleet's pricing model is simpler than most MDM vendors:

Fleet Free – The full open-source platform. Self-hosted. No device limits. No feature gates on core functionality. You get cross-platform device management, osquery, policy enforcement, and vulnerability reporting.

Fleet Premium – $7 per host per month. Adds enterprise support, premium integrations, and features like automated software deployment and advanced access controls. Available as managed cloud or self-hosted.

For context, Jamf Pro runs $3.33–$11.83/device/month depending on contract size. NinjaOne doesn't publish pricing but typically lands in the $3–$6/device range. Mosyle starts around $1–$2/device but only covers Apple.

The real cost difference for MSPs isn't the per-device price – it's the infrastructure overhead. Fleet Free requires your team to run and maintain the server. Fleet Premium with managed cloud offloads that. Factor in the labor cost of self-hosting before assuming "free" is cheaper.

GitOps and osquery: Why MSPs Should Care

Most MDM platforms treat configuration like a GUI exercise. Click here, toggle that, hope nobody changed it since last Tuesday. Fleet treats device configuration like code.

Configuration-as-Code

Every Fleet policy, query, and configuration profile lives in YAML files that you store in Git. Want to update a firewall policy across 12 client environments? Write the change, open a pull request, get a peer review, merge, and Fleet deploys it. Every change is tracked, attributed, and reversible.

For MSPs managing multiple clients, this is a structural advantage. You can maintain per-client configuration repos, templatize common policies, and audit exactly who changed what and when. No more "someone must have toggled that setting in the GUI."

osquery as the Foundation

osquery turns every enrolled device into a queryable SQL database. Want to know which devices across all your clients are running a vulnerable version of Chrome? That's a SQL query. Need to check if a specific registry key exists on every Windows machine in Client X's environment? Also a SQL query.

This approach gives MSPs a level of endpoint visibility that traditional RMM and MDM tools don't match. You're not limited to whatever the vendor decided to surface in their dashboard – you can ask any question about any device.

Where Fleet MDM Fits (and Where It Doesn't)

Fleet isn't for every MSP. Here's where it shines and where it falls short.

Good Fit

• MSPs with mixed-OS client environments. If you manage macOS, Windows, and Linux for the same client, Fleet eliminates multi-tool sprawl.
• Compliance-heavy verticals. Healthcare, finance, government contractors – clients who need audit trails and provable policy enforcement. Fleet's GitOps model creates automatic compliance documentation.
• Security-focused MSPs. The osquery foundation makes Fleet a natural fit if you're doing vulnerability management, detection engineering, or posture-based access control.
• Tech-forward teams comfortable with CLI and Git. Fleet rewards DevOps-minded MSPs. If your team already uses Terraform, Ansible, or similar tools, Fleet's workflow will feel natural.

Poor Fit

• MSPs looking for an all-in-one RMM+PSA platform. Fleet is device management and security visibility. It doesn't replace ConnectWise, Halo, or your PSA. You'll still need those. If you're looking to replace your full RMM stack, not just MDM, we compared the best Kaseya alternatives in a separate review.
• Pure Windows shops with no DevOps capacity. If your team lives in the GUI and you only manage Windows endpoints, Intune or NinjaOne will get you further with less effort.
• Small MSPs managing fewer than 100 devices. The overhead of self-hosting (or the per-host cost of Premium) may not justify the tooling investment at that scale.

Fleet MDM vs. Jamf, NinjaOne, and Mosyle

Fleet's advantage is clear on cross-platform coverage and openness. Jamf wins on Apple-only depth. NinjaOne wins on traditional RMM workflows. Mosyle wins on Apple-only price. Your choice depends on your client base and how you want to work. For a deeper breakdown of PSA options to pair with your MDM, see our MSP PSA software comparison.

FAQs

Is Fleet MDM free?

Yes. Fleet's core platform is open source and free to self-host with no device limits. Fleet Premium ($7/host/month) adds enterprise support, managed cloud hosting, and premium features like automated software deployment.

Does Fleet MDM support Windows?

Yes. Fleet manages Windows, macOS, Linux, ChromeOS, iOS, and Android. Windows support includes MDM enrollment, policy enforcement, software deployment, and real-time osquery visibility. Fleet supports Windows Autopilot for zero-touch enrollment.

Can MSPs use Fleet MDM for multiple clients?

Yes. Fleet supports multi-team configurations that let MSPs segment devices by client. Combined with GitOps workflows, you can maintain separate configuration repos per client while sharing common policy templates across your entire portfolio.

What is osquery and why does Fleet use it?

osquery is an open-source tool originally built by Facebook that lets you query device data using SQL. Instead of relying on a vendor's predefined dashboards, you can ask any question about any endpoint – installed software, running processes, network connections, registry keys, anything. Fleet uses osquery as its telemetry engine because it provides deeper, faster, and more flexible device visibility than traditional agent-based approaches.

How does Fleet MDM compare to traditional RMM tools?

Fleet isn't a direct RMM replacement. RMM tools like ConnectWise Automate or Datto RMM focus on remote access, scripting, and ticket-driven workflows. Fleet focuses on device state management, security visibility, and compliance. Many MSPs run Fleet alongside their existing RMM – using Fleet for policy enforcement and osquery-powered visibility while keeping their RMM for remote support and automation.

Fleet MDM gives MSPs something the traditional MDM market doesn't: full source code access, cross-platform coverage, and a GitOps workflow that treats device management like software engineering. It's not the easiest tool to set up, and it won't replace your RMM or PSA. But for MSPs who want real-time endpoint visibility across every OS their clients run – without handing another vendor a blank check – Fleet is worth a serious look.

OpenMSP community tracks tools like Fleet MDM so you don't have to. Check our MSP tool reviews for more vendor breakdowns, or join the OpenMSP community to compare notes with other MSPs building independent stacks.