Many of our customers use Kolide to verify the security of an employee's personal devices. Thanks to Kolide's user-friendly stance on privacy, we've always been a great solution for the Bring Your Own Device (BYOD) use-case.
With that said, Kolide is working on several new features (like our upcoming MDM), where the distinction between a user-owned device and an organization-owned device will be even more important.
To that end, today we are excited to announce an official way to flag devices as User Owned. This flag can be set either by a Kolide administrator, or by a user during the Slack-based enrollment process. Once this flag is set, a device cannot be re-assigned to any other user in the system.
Changes to Onboarding
Starting today, when you onboard a new user to Kolide via Slack and enroll a device, they will be asked about the device's ownership. Based on this selection, Kolide will generate a custom package that will set the device's ownership mode correctly.
Here is what the flow looks like when you choose the option, "I own this device"
Once the user downloads and installs the package, Kolide will automatically assign it to them and mark it as user-owned.
Note: We have renamed the
installers Slack app command to
enroll. Both commands now initiate this same enrollment workflow as shown above.
Manually Marking Devices User Owned
While the new onboarding flow is nice, you may have a few existing devices that need to be marked as user-owned.
To do this, simply go to the device you want to mark, click Actions in the upper-right corner and choose Mark User Owned... This will open a modal that will allow you to confirm the switch.
Once the switch is made, the end-user will be notified via Slack and the device will be marked as "User Owned" with a badge in the header.
User-Owned Devices & Privacy
You may be familiar with Private Mode, which restricts the visibility a Kolide administrator has into a device to just the results of Checks. This mode will remain separate from User Owned and both modes can be applied independently to each device. Depending on your requirements, it may make sense for all user-owned devices to be marked Private as well.
Changes to API
To help users of our API differentiate private and user-owned devices, we've added two new attributes are now available when querying devices in the API
owned_by. We have also introduced a new Webhook event
devices.personalized that fires when an administrator manually marks a device as User Owned.
Future Plans for User-Owned Mode
Right now, the only functional change in marking a device User Owned is that Kolide will not allow you to re-assign it to someone else. While that doesn't sound like a big deal today, Kolide has several planned features with its upcoming MDM that will require informed consent, from an end-user before they can be used. It's important that end-users understand that this consent process cannot be circumvented by re-assigning the device to someone else, especially for devices that they own.
As always, if you need any help, have questions, or concerns please let us know and we will address them as soon as possible.