The Secureframe Agent is built on Fleet!

This long standing partnership exist to better serve our customers achieve security and compliance when using the Secureframe Agent.

As this partnership grows, we are now displaying the Fleet logo on the device when the agent is installed. 

This update does not change Secureframe Agent’s functionality or its read-only access permissions, those all remain completely the same. 

What’s Changing?

• A new Fleet menu bar item will appear on devices with the Secureframe Agent installed. See below how the logo will be displayed depending on your operating system.

Windows:

Mac:

Linux:

About the Fleet Menu Bar Item

The Secureframe Agent is built on an open-source platform called Fleet, and the new menu bar logo reflects the Fleet project’s branding.

The menu includes three links:

1. My Device – Opens a page displaying basic information about the user’s device.
2. Self-Service – Also provides basic device information. Users can only see their own device details.
3. About Fleet – Links to Secureframe’s Agent + Fleet Transparency Page, which explains what information Secureframe can access via the Secureframe Agent.

💡 Note: This update does not change Secureframe Agent’s functionality or its read-only access permissions.

What data does the Secureframe Agent (Fleet-based) have access to?

Secureframe’s Agent is built on FleetDM, an open-source device management framework. While FleetDM publicly documents a broad set of potential device capabilities, Secureframe explicitly restricts and disables many of those capabilities by configuration and design.

Data Secureframe does NOT collect or access

Secureframe explicitly disables or does not use the following capabilities:

• Browser history or browsing activity - Browser history collection is disabled and not accessible to Secureframe.

• User activity monitoring - Keystrokes, application usage, or behavioral monitoring are not collected.

• File contents or file carving - Secureframe disables file access and file carving entirely.

• Script execution or remote commands - Secureframe does not allow running scripts or commands on user devices.

• Location data - Secureframe does not retrieve, store, or use device location data in any way.

Data Secureframe does collect (compliance-only)

Secureframe collects a minimal set of device posture data required for security and compliance checks, including:

• Device identifier and asset name

• Operating system and version

• Last check-in timestamp

• Disk encryption status

• Antivirus status

• Firewall status

• Screen lock and password policy status

• Assigned device owner (email)

Need Help?

If you have any questions about this update, please reach out to Secureframe’s Support Team at support@secureframe.com for quick assistance.

Frequently Asked Questions (FAQ)

What data can Secureframe actually see or access on my device?

Secureframe only collects a limited set of device posture data required for security and compliance, such as:

• Operating system and version

• Device identifier and last check-in time

• Disk encryption, antivirus, firewall, and screen lock status

• Assigned device owner (email)

Secureframe does not collect or access:

• Browser history or browsing activity

• User behavior, keystrokes, or application usage

• Files or file contents

• Device location

• Script execution or remote commands

Can the Fleet icon be disabled for the Agent?

• No, the Fleet Agent icon cannot be disabled at this time.

Did any permissions change with this update? 

• No, This update does not change Secureframe Agent’s functionality or its read-only access permissions.

What does a device check-in involve and what do I need to do?

• This particular device check-in is a one time action.
• Devices simply need to be online for approximately 5 minutes to receive the update.
• Once the update is installed, users will notice a new icon in the status bar and your maintenance is complete. 

What if the device check-in doesn't work for some users?

• Secureframe will provide a full list of devices that did not properly check-in so Admins are able to resolve individually, if needed. 

The fleet logo icon is not appearing for macOS 12.7.5, and I’m seeing an NSOSStatusErrorDomain error in the logs. What is the OS requirement for the Fleet logo?

• The Fleet logo requires macOS 13 or higher. While older documentation states that macOS 12+ is supported, this is the first confirmed case where 12.x no longer works by default for the logo display. If you are on macOS 12.7.5 and experiencing this issue, upgrade to macOS 13+ and try again.

Why does my device show "Added to Fleet: Never" or "Offline" in the Fleet app, and why are system data fields missing?

• The device status displayed in the Fleet app, such as "Added to Fleet: Never" or "Offline," along with missing system data fields (OS, disk, memory), is primarily for user visibility and is not critical for the integration or the device's actual reporting status. This behavior is a known issue with no confirmed fix, and it does not impact the overall functionality or the device's ability to report to the system.