The Addigy agent software installed on your Mac devices collects plenty of meaningful data about the Mac and uploads that data to the Addigy platform in the form of facts.
Facts are a great tool for reporting various information about your machines and can even be used to create alerts by Creating a Monitoring Item.
If you need to collect information about your macOS devices that isn't provided in a default fact, you can create a Custom Fact.
Viewing Device Facts
To view Device Facts, you can either navigate to the GoLive > Overview page of a device, or view devices and their device facts by going to the Devices page.
If you would like to see device facts that are not on the default Devices page table view, please reference this article: Customizing the Devices Table
Notes
-
Each fact will return one of the following data types:
-
- String - A collection of words
- Boolean - True or False
- Number - Any positive or negative number
- List - a collection of Strings or Numbers
-
- You can see what an agent device fact runs by using the cat command and specifying the directory to the fact. The .sh files for the facts are stored in /Library/Addigy/auditor-facts/scripts/
- Example: cat /Library/Addigy/auditor-facts/scripts/device_name
- The Auditor binary is responsible for running device facts.
- A device audit can be manually queued up through two methods:
-
Refresh Data > Device Information (found in GoLive)
- Running this command: sudo /Library/Addigy/auditor
-
Refresh Data > Device Information (found in GoLive)
- Addigy Identity User Attribute information can be found in this article
- These values can be used with the Devices lookup in the Addigy API
Device Facts List
Below is a list of Default Device Facts collected from our Agent or MDM and their Description.
Device Fact Name | Description | Collector |
32_bit_applications | Retrieves a list with the paths of the 32 Bit applications. | agent |
active_users | Retrieves a list of user account names on the Mac. It filters out user accounts with UniqueIDs less than 500, which are typically system accounts or service accounts. | agent |
addigy_splashtop_installed | Checks if the Splashtop streamer is installed. Returns true if it is installed and false if it is not found. | agent |
admin_users | A list of users who have administrative privileges on a Mac. | agent |
agent_version | Retrieves the version of the Addigy agent. | agent |
bandwidth_saved_gb | Retrieves the amount of bandwidth (in gigabytes) fetched from other peers in the network. | agent |
bandwidth_served_gb | Retrieves the amount of bandwidth (in gigabytes) served served to other peers in the network. | agent |
battery_capacity_loss_percentage | Retrieves information about the battery capacity of a Mac. Calculates the battery percentage by subtracting the maximum capacity from the design capacity and dividing it by the design capacity. | agent |
battery_charging | The charging status of a Mac. It is 'true', if the device is currently charging, otherwise it is 'false'. | agent |
battery_cycles | The cycle count of the battery on a Mac. The cycle count represents the number of times the battery has been charged and discharged. If the cycle count is not available, it shows 0. Most modern Macs have a maximum of 1000 cycles. Review Apple's Documentation for more details https://support.apple.com/en-us/HT201585. | agent |
battery_failures | If the value is 0, it means that the battery has not permanently failed. Otherwise, it contains the status code indicating the permanent failure of the battery. | agent |
battery_percentage | Retrieves current battery percentage of a Mac. | agent |
battery_temperature_fahrenheit | The current temperature of the battery of a Mac in fahrenheit. It is '0' if the temperature value is not available. | agent |
battery_temperaturecelsius | Retrieves the temperature of the battery on a Mac in celsius. If the temperature is not available, it returns 0. Otherwise, it converts the temperature from a raw value to Celsius and returns the result. | agent |
bluetooth_mac | The Bluetooth MAC address of the Mac. | agent |
build_version | The build version of the macOS system. If the build version is not found, 'n/a' is printed instead. | agent |
crashplan_days_since_last_backup | The number of days that have passed since the last completed backup in CrashPlan. | agent |
current_user | Retrieves the username of the currently logged-in user on a Mac. If there is no user logged in, it returns an empty string. | agent |
device_chip_type | The type of chip used by the device. | agent |
device_model_name | The model name of a Mac. If the model name is found, it is printed to the console. If the model name is not found, an error message is printed. | agent |
device_name | The hostname of the Mac. If a hostname is found, it is printed to the console. If no hostname is found, an error message is displayed. | agent |
display_on | Checks if a display is connected to a Mac and if the display is asleep or turned off. If no display is found, it returns 'false'. If the display is asleep or turned off, it also returns 'false'. Otherwise, it returns 'true' indicating that a display is connected and turned on. | agent |
displays_serial_number | The serial numbers of the displays connected to a Mac. | agent |
enrolled_via_dep | Determines whether the device was enrolled via Automated Device Enrollment. If the macOS version is 10.12.3 or earlier, it returns 'false'. | agent |
ethernet_mac_address | MAC address of the Ethernet interface on a Mac. It first checks if there is an Ethernet interface and if so, it retrieves the MAC address. If there is no Ethernet interface, it checks for a LAN interface and retrieves the MAC address if found. | agent |
files_served | The number of files served by the device through LANCache. | agent |
filevault_enabled | The status of FileVault on a Mac. It is 'true' if FileVault is enabled, otherwise it is 'false'. | agent |
firewall_allowed_applications | A list of applications that are allowed to make all connections if the firewall on a Mac is enabled and set to limit incoming connections to specific services and applications. | agent |
firewall_block_all_incoming_connections | If the firewall is set to 'Block all incoming connections', it returns 'true'. Otherwise, it returns 'false'. | agent |
firewall_blocked_applications | The list of blocked applications if the firewall is enabled. | agent |
firewall_enabled | True if the firewall is set to 'Limit incoming connections to specific services and applications' or 'Block all incoming connections', false otherwise. | agent |
firewall_stealth_mode_enabled | True if the firewall is in stealth mode, false otherwise. | agent |
firmware_password_allow_orams | Checks if option ROMs are enabled on a Mac. Option ROMs are firmware extensions that provide additional functionality to the device's hardware. If the script is 'true', it means that option ROMs are allowed and enabled. If it is 'false', it means that option ROMs are not allowed or not enabled. | agent |
firmware_password_exists | If the firmware password is enabled, it will print 'true', otherwise it will print 'false'. | agent |
free_disk_percentage | The fact calculates the percentage of free disk space on the Mac. The result is rounded to the nearest whole number. | agent |
free_disk_space_gb | Retrieves the total free space in gigabytes. The final result is the total free space rounded up to the nearest whole number. | agent |
gatekeeper_enabled | Determines the status of Gatekeeper on a Mac. Gatekeeper is a security feature that helps protect the system from running malicious software. If enabled, Gatekeeper is currently active and will block the execution of unsigned or unidentified applications. | agent |
has_mdm | Checks if the device is enrolled in the Addigy MDM (Mobile Device Management) system. | agent |
has_mdm_profile_approved | Checks if the Mac is enrolled in Addigy MDM and if the user has approved the enrollment profile. If it is not enrolled, it returns 'false'. If the macOS version is 10.12.3 or earlier, it returns 'true'. | agent |
has_wireless | Checks if there is a wireless network interface on the Mac. If a wireless port is found, it returns 'true', otherwise it returns 'false'. | agent |
host_name | The hostname of the device. | agent |
identity_installed | Checks if Addigy Identity is currently installed on the device. | agent |
identity_users | Retrieves the usernames of all users on a Mac that have logged in with their IDP. | agent |
installed_profiles | Retrieves a list of configuration profiles installed on a Mac. | agent |
is_apple_intelligence_compatible | Is Apple intelligence compatible with the device. | agent |
is_mdm_client_stuck | Checks if a Mac has an Addigy MDM profile installed and if the MDM client is stuck. It does this by searching for the presence of the Addigy MDM profile in the system configuration profile data and by checking the latest log entry for the MDMClientStuck flag. If both conditions are met, it returns true; otherwise, it returns false. | agent |
is_mdm_identity_certificate_installed | Checks if a Mac has an Addigy MDM profile installed and if an Addigy MDM identity certificate is present. It returns 'true' if both conditions are met, and 'false' otherwise. | agent |
is_mdm_softwareupdated_stuck | Checks if MDM is stuck processing a software update command. | agent |
is_sequoia_ready | Returns 'true' if the device is eligible to be upgraded to Sequoia. | agent |
is_sonoma_ready | Returns 'true' if the device is eligible to be upgraded to Sonoma. | agent |
java_vendor | Checks if Java is installed on a Mac and determines whether it is an Oracle or Apple Java installation. The script then outputs 'Oracle', 'Apple', or 'Not Available'. | agent |
java_version | Retrieves the version of Java installed on a Mac. It shows 'n/a' if Java is not available. | agent |
kernel_panic | Checks if there is a kernel panic log in the system log file. If there is a kernel panic log, it returns true; otherwise, it returns false. | agent |
lan_cache_size_bytes | The total size, in bytes, of all files in the directory /Library/Addigy/download-cache/downloaded. | agent |
last_reboot_timestamp | The timestamp of the last time the Mac was booted. | agent |
local_ip | Retrieves the IP address of the Mac by querying the network interfaces. It shows 'n/a' if no IP address is found. | agent |
locales | The preferred language settings for the currently logged-in user on the Mac. | agent |
localhost_name | Retrieves the local hostname of a Mac. The local hostname is the name that the device uses to identify itself on the local network. If no local hostname is found, an error message is displayed. | agent |
mac_os_x_version | The OS version of the Mac. The value is 'n/a' if the OS version is not available. | agent |
mb_endpoint_account_id | The account ID associated with the Malwarebytes Endpoint Agent Daemon exists on the Mac. The value is an empty string if the agent or account ID is not found. | agent |
mb_endpoint_agent_version | The fact checks if the Malwarebytes Endpoint Agent Daemon is installed on the Mac. It returns 'n/a' if it is not found. | agent |
mb_endpoint_machine_id | The machine ID for the Malwarebytes Endpoint Agent Daemon installed on the Mac. | agent |
mb_endpoint_nebula_machine_id | The Nebula Machine ID for the Malwarebytes Endpoint Agent Daemon installed on the Mac. | agent |
mb_oneview_installed | Checks if the Malwarebytes Endpoint Agent is installed on the Mac. | agent |
mdm_update_eligibility | Indicates that the device can be updated through MDM. | agent |
microsoft_company_portal_version | Returns the version of the Microsoft Company Portal application installed on the Device. | agent |
os_platform | The OS Platform of the device. | agent |
os_version | Retrieves the macOS system version information. The value is 'n/a' if it is not available. | agent |
peer_count | The number of LANCache peers available to the device. | agent |
policy_execution_seconds | Calculates the most recent execution time in seconds of the Addigy Policier binary. | agent |
privileged_mdm | Returns 'true' for Silicon-based devices that are enrolled manually and have the ability to do Automatic Software Updates. This setting must be set manually in the RecoveryOS. Returns 'false' otherwise | agent |
processor_speed_ghz | Returns the CPU speed in GHZ. It will show 'n/a' if the CPU speed cannot be determined. | agent |
processor_type | Returns the name of the processor installed on the device. Returns 'n/a' if the processor name cannot be determined. | agent |
product_description | Product Description or 'n/a' if it cannot be determined. | agent |
product_name | Retrieves the model name of the device. | agent |
remote_desktop_enabled | Returns 'true' if Remote Desktop is enabled, otherwise returns 'false'. | agent |
remote_login_enabled | Checks if remote login is enabled on a Mac. | agent |
serial_number | The serial number of the device. | agent |
smart_failing | Returns 'true' if the status SMART (Self Monitoring Analysis and Reporting Technology) is "Failing", otherwise return 'false'. This only verifies the internal drives. | agent |
software_update_device_id | Software Update Identifier is used internally to detect new software updates. | agent |
splashtop_id | The UUID is a unique identifier assigned to the Splashtop Streamer application, which is used for remote desktop access. | agent |
splashtop_installation_date | Retrieves the installation date of the Splashtop application on a Mac. | agent |
splashtop_version | Retrieves the version number of the Splashtop Streamer application installed on a Mac. | agent |
system_integrity_protection_enabled | Returns 'true' if System Integrity Protection (SIP) is enabled and 'false' if disabled. SIP is a security feature that protects critical system files and processes from being modified or tampered with. | agent |
system_version | Retrieves the system version of a Mac. | agent |
third_party_agents | Lists the files in the '/Library/LaunchAgents/' directory on a Mac. The files in this directory are used to configure and manage user-specific processes that are launched automatically when a user logs in. | agent |
third_party_daemons | The fact lists the launch daemons present in the /Library/LaunchDaemons/ directory of a Mac. The files in this directory are used to configure and manage system wide processes that are launched automatically when the device starts up. | agent |
third_party_kernel_extensions | A list of kernel extensions (kexts) installed on a Mac. It filters out the built-in Apple kexts. | agent |
time_machine_days_since_last_backup | The last time in days that a Time Machine backup was performed on a Mac. | agent |
timezone | Retrieves the current timezone of the Mac. | agent |
tmp_size_mb | The fact calculates the size of the /private/tmp directory in megabytes. | agent |
total_disk_space_gb | The total disk space in gigabytes. | agent |
total_memory_gb | Retrieves the total memory in gigabytes. It rounds up the calculated total memory to the nearest whole number. | agent |
udid | Retrieves the UDID (Universally Unique Identifier) of a Mac. The UDID is a unique identifier assigned to each device and can be used to identify and track the device. | agent |
uptime_days | Retrieves the number of days that the Mac has been running. If the device has been running for less than a day, it returns 0. Otherwise, it returns the number of days. | agent |
used_memory_gb | The amount of used memory on a Mac in gigabytes rounded to the nearest whole number. It retrieves information about pageable internal memory, purgeable memory, wired down memory, and memory occupied by the compressor. | agent |
warranty_days_left | The number of warranty days left on the device. It will return 'n/a' if the warranty has already expired. | agent |
wifi_mac_address | Retrieves the MAC address of the Wi-Fi interface on a Mac. The MAC address is a unique identifier assigned to the network interface card (NIC) of the device. It is used to identify the device on a network. | agent |
xcode_installed | Checks if Xcode Command Line Tools or Xcode is installed on a Mac. | agent |
battery_health | The device’s battery health. Available in iOS 17 and later on iPhone only (iPad returns unsupported), and macOS 14.4 and later on Apple silicon Mac computers. Possible Values: non-genuine, normal, service-recommended, unknown, unsupported | ddm |
agentid | The Addigy Agent ID is a unique identifier assigned to an Apple device by Addigy. | server side |
audit_execution_time_seconds | Audit Execution (seconds) refers to the amount of time it takes for an audit process to be executed. This metric measures the speed and efficiency of the audit process, with a lower number indicating faster execution. | server side |
azure_ad_device_ids | Azure AD Device IDs is a list of unique identifiers assigned to devices that are registered with Azure Active Directory. These device ids are used to uniquely identify and manage devices within an organization's Azure AD environment. | server side |
azure_ad_user_ids | Azure AD User IDs refers to a list of unique identifiers assigned to users in Azure Active Directory. These user IDs are used to authenticate and authorize users to access various resources and services within the Azure ecosystem. | server side |
client_ip | The IP address of the device that is accessing a network or server. | server side |
filevault_key_escrowed | Indicates whether the FileVault key for the Apple device has been escrowed. If the value is true, it means that the FileVault key has been stored securely by MDM, allowing for recovery of the key if it is lost or forgotten. If the value is false, it means that the FileVault key has not been escrowed and recovery of the key would not be possible. | server side |
identity_email | The email address associated with a user in their IDP. | server side |
identity_employee_department | The department of an employee in an organization within the IDP. It is used to identify the specific department that an employee belongs to within the organization. | server side |
identity_employee_hire_date | The date when an employee was hired, as fetched from the IDP. It is used to track the length of an employee's tenure with the company and can be used for various HR and administrative purposes. | server side |
identity_employee_type | Refers to the type of employee within an organization within the IDP. | server side |
identity_job_title | The job title associated with a user within the IDP. | server side |
identity_mobile_phone | The phone number associated with the logged in user within the IDP. | server side |
identity_office_location | The Office Location associated with the logged in user within the IDP. | server side |
identity_password_last_set_date | The date when the password for was last set within the IDP. This date is important for security purposes as it helps track when the password was last changed. | server side |
identity_provider_name | The name of the service or platform that is used for user authentication and authorization. It could be a third-party service like Azure, Google or Okta. | server side |
identity_usage_location | The geographic location where the user logged in with their IDP. | server side |
identity_user_display_name | The name of the user associated with the IDP. It is typically used for displaying the user's name in various applications and settings on the device. | server side |
identity_username | The unique username associated with a the IDP. It is used for various purposes such as signing in. | server side |
is_compliant | The fact is describing whether an Apple device is compliant with its associated Benchmarks. | server side |
last_online | Date of the last time that the device connected to Addigy Services. It can be useful for tracking the activity or usage patterns of a device, or for determining if a device is currently online or offline. | server side |
mac_uuid | A unique identifier assigned to each Apple device. It is a string of alphanumeric characters that can be used to uniquely identify a specific Apple device. | server side |
online | Returns true if device is online and connected to Addigy Services and false otherwise. | server side |
policy_id | The Policy ID shows the a legacy single policy assignment for the device. Now that devices can be assigned to multiple policies you should use the 'Policy IDs' fact for a more accurate view of the device's policy assignments. | server side |
policy_ids | Policy IDs refer to a list of Policies that the device is assigned to. | server side |
registration_date | Returns the date that the device was registered with Addigy. | server side |
mb_endpoint_last_scan | Returns date when last Malwarebytes scan was performed on the Apple device. It provides information about the most recent scan conducted by Malwarebytes to detect and remove any potential malware or malicious software from the device. | mbov |
mb_endpoint_suspicious_activity_count | A numerical value that represents the number of suspicious activities detected by the Malwarebytes software on an Apple device. This count indicates the level of potential security threats or malicious activities that have been identified and blocked by Malwarebytes. | mbov |
mb_endpoint_suspicious_activity_detected | Indicates whether Malwarebytes has detected any suspicious activity on the Apple device. If the value is true, it means that Malwarebytes has detected suspicious activity, while a value of false means that no suspicious activity has been detected. | mbov |
active_managed_users | Active Managed Users refers to the number of users who are currently enrolled in MDM. | mdm |
authenticated_root_volume_enabled | Indicates whether the authenticated root volume feature is enabled on the Apple device. When enabled, the device verifies the integrity of the operating system at startup to ensure it has not been tampered with or modified. | mdm |
awaiting_configuration | The fact is describing whether an Apple device is currently in the process of being configured. If the value is true, it means that the device is awaiting configuration in Setup Assistant. If the value is false, it means that the device has already been configured. | mdm |
bootstrap_token_allowed_for_authentication | Refers to a feature in Apple devices that allows the use of a bootstrap token for authentication. A bootstrap token is a cryptographic token that is used to securely authenticate a device with an external service or system. This feature enhances the security and authentication capabilities of Apple devices. The value returned is the bootstrap token itself. | mdm |
bootstrap_token_required_for_kernel_extension_approval | Indicates whether a bootstrap token is required for kernel extension approval on an Apple device. If the value is true, it means that a bootstrap token is required. If the value is false, it means that a bootstrap token is not required. | mdm |
bootstrap_token_required_for_software_update | Indicates whether a bootstrap token is required for software updates on the Apple device. If the value is true, it means that a bootstrap token is required. If the value is false, it means that a bootstrap token is not required. | mdm |
carrier_settings_version | The software version that is specific to a particular carrier and is installed on an iPhone. It includes settings and configurations that are necessary for the device to connect to the carrier's network and access certain features, such as cellular data and voice calling. | mdm |
cellular_technology | The technology used in Apple devices to connect to cellular networks and access the internet. It allows users to make phone calls, send text messages, and use data services while on the go, without relying on Wi-Fi connections. | mdm |
current_carrier_network | The mobile network operator that a specific Apple device is currently connected to. This information is useful for determining the network coverage and services available to the device, as well as for troubleshooting network-related issues. | mdm |
current_mcc | The Mobile Country Code of the current network that an Apple device is connected to. The MCC is a unique identifier assigned to each country or region, and it is used to determine the country or region of the mobile network that the device is currently using. | mdm |
current_mnc | MNC (Mobile Network Code) is a unique identifier assigned to a mobile network operator. It is used to identify the network that an Apple device is currently connected to. | mdm |
data_roaming_enabled | Indicates whether data roaming is enabled on the Apple device. If data roaming is enabled, the device can connect to cellular networks outside of its home network and use data services while roaming. | mdm |
days_since_last_cloud_backup | The number of days that have passed since the last cloud backup of an Apple device. This backup includes data such as photos, contacts, and app settings, which can be restored in case of device loss or damage. | mdm |
eas_device_identifier | A unique identifier assigned to an Apple device that is used for Exchange ActiveSync (EAS) communication. It allows the device to securely connect and synchronize with an Exchange server, enabling features such as email, calendar, and contacts syncing. | mdm |
ethernet_ma_cs | The Ethernet Media Access Control (MAC) sublayer and Carrier Sense (CS) mechanism. This technology is used in Apple devices to control access to the Ethernet network and ensure that multiple devices can share the network without causing collisions or data loss. | mdm |
external_boot_level | The boot level of an Apple device that is connected to an external source, such as a computer. It indicates whether the device is currently booting up or has successfully booted up from the external source. | mdm |
firmware_password_change_pending | Whether a firmware password change is pending. If the value is true, it means that a firmware password change is pending. If the value is false, it means that there is no pending firmware password change. | mdm |
hardware_encryption_caps | Refers to the ability of iPhones to encrypt data using hardware-based encryption. This means that the encryption process is performed by dedicated hardware components within the device, which provides faster and more efficient encryption compared to software-based encryption methods. This capability enhances the security of data stored on iPhones, protecting it from unauthorized access. | mdm |
hardware_model | The specific model of an Apple device, such as iPhone X or MacBook Pro. It is a unique identifier that distinguishes one device from another and is often used for compatibility and support purposes. | mdm |
has_unlock_token | Indicates whether the Apple device has an unlock token. An unlock token is a unique identifier that allows the device to be unlocked and accessed by the user. | mdm |
iccid | The iCCID is a unique identifier for a SIM card in an Apple device. It stands for Integrated Circuit Card Identifier and is used to identify the SIM card and establish a connection with the cellular network. | mdm |
imei | The IMEI (International Mobile Equipment Identity) is a unique identifier for a mobile device. It is a 15-digit number that is used to identify and track individual devices, such as iPhones. The IMEI can be found in the device settings. | mdm |
is_activation_lock_enabled | Indicates whether the Activation Lock feature is enabled on an Apple device. Activation Lock is a security feature that prevents unauthorized users from activating or using a device that has been lost or stolen. When Activation Lock is enabled, the device requires the user's Apple ID and password to be entered before it can be activated or used. | mdm |
is_activation_lock_manageable | Describes whether the Activation Lock feature on an Apple device is manageable or not. If the value is true, it means that the Activation Lock can be managed, allowing the user to enable or disable it as needed. If the value is false, it means that the Activation Lock cannot be managed and is permanently enabled on the device. | mdm |
is_apple_silicon | Indicates whether the Apple device is powered by Apple Silicon or not. | mdm |
is_cloud_backup_enabled | Indicates whether cloud backup is enabled on the Apple device. If the value is true, it means that the device is set up to automatically backup its data to the cloud. If the value is false, it means that cloud backup is not enabled and the device's data is not being backed up to the cloud. | mdm |
is_device_locator_service_enabled | Indicates whether the location service is enabled on the Apple device. If the value is true, it means that the device is allowed to access and use location information for various apps and services. If the value is false, it means that the location service is disabled and the device will not provide location data to apps or services. | mdm |
is_do_not_disturb_in_effect | Indicates whether the Do Not Disturb feature is enabled on the Apple device. If the value is true, it means that the Do Not Disturb feature is currently active and notifications will be silenced. If the value is false, it means that the Do Not Disturb feature is not active and notifications will be received as usual. | mdm |
is_mdm_activation_lock_enabled | The fact is describing whether the MDM Activation Lock is enabled on an Apple device. If the value is true, it means that the Activation Lock feature is enabled, which requires the user to enter their Apple ID and password before the device can be activated or used. If the value is false, it means that the Activation Lock feature is disabled. | mdm |
is_mdm_lost_mode_enabled | Indicates whether the Mobile Device Management (MDM) Lost Mode is enabled on the Apple device. Lost Mode is a feature that can be activated remotely to help locate a lost or stolen device. When enabled, the device will display a custom message with contact information and can be tracked using Find My iPhone/iPad/Mac. | mdm |
is_recovery_lock_enabled | The fact is describing whether the Recovery Lock feature is enabled on an Apple device. Recovery Lock is a security feature that prevents unauthorized access to the device by requiring the user to enter their Apple ID and password before erasing or reactivating the device. | mdm |
is_roaming | Indicates whether the Apple device has roaming enabled or not. | mdm |
is_shared_ipad | Is iPad device a Shared iPad. | mdm |
is_supervised | Indicates whether an Apple device is supervised or not. Supervised devices have additional management capabilities and restrictions compared to unsupervised devices. | mdm |
is_user_enrollment | Returns true if the device is enrolled as BYOD (Bring Your Own Device) otherwise false. User Enrollment allows organizations to securely manage and separate personal and work data on Apple devices. It provides a dedicated work profile for business data and apps, while keeping personal data separate and private. | mdm |
languages | Describes the list of languages supported by an Apple device. | mdm |
last_cloud_backup_date | The most recent date and time when the data on an Apple device was backed up to the cloud. This backup includes various types of data such as photos, videos, contacts, messages, and app data. It is important to regularly back up devices to ensure that data is safe and can be restored in case of device loss, damage, or software issues. | mdm |
maximum_resident_users | Max Resident Users refers to the maximum number of users that can be logged in and active on an Apple device at the same time. | mdm |
mdm_last_connected | The date when a mobile device management (MDM) solution last connected to an Apple device. This information is useful for tracking the last time the device was managed or updated by the MDM solution. | mdm |
meid | Returns the MEID (Mobile Equipment Identifier). MEID is unique identification number assigned to a Apple devices for activation and registration purposes. | mdm |
modem_firmware_version | Firmware version of cellular modem. The modem is responsible for managing the device's cellular connectivity and performance, including features like call quality, data speeds, and network compatibility. | mdm |
passcode_compliant | Returns 'true' if Passcode is compliant with security requirements specified by IT admins, otherwise it returns 'false'. | mdm |
passcode_compliant_with_profiles | Returns 'true' if Passcode is compliant with security requirements specified by IT admins via MDM Profiles otherwise it returns 'false'. | mdm |
passcode_lock_grace_period | The user preference for the number of seconds before a locked screen requires the device passcode to unlock it. This value is only available for Shared iPad. | mdm |
passcode_lock_grace_period_enforced | The enforced value for the number of seconds before a locked screen requires the device passcode to unlock it. If a device has a passcode, changing PasscodeLockGracePeriod to a larger value doesn't take effect until the user logs out or removes the passcode. This value is only available for Shared iPad. | mdm |
passcode_present | Indicates whether or not the Apple device has a passcode set. If the value is true, it means that a passcode is present on the device. If the value is false, it means that no passcode is set. | mdm |
personal_hotspot_enabled | Indicates whether the Apple device has the Personal Hotspot feature enabled or not. | mdm |
phone_number | The phone number associated with an Apple device. | mdm |
push_certificate_name | Push certificate name that a device is associated to. | mdm |
push_certificate_topic | Push certificate topic that a device is associated to. | mdm |
secure_boot_level | The level of security implemented in the boot process of an Apple device. Possible values are 'Full', 'Off', and 'Not Supported'. Full means that the device will only boot with legitimate and unmodified OS. Off means that OS integrity will not be verified. Not supported means that this is an older device that does not support this feature. | mdm |
sim_carrier_network | The mobile network operator that provides cellular service to an Apple device. It is the company that the device is connected to for making calls, sending texts, and accessing mobile data. | mdm |
subscriber_carrier_network | The name of the subscriber carrier network. | mdm |
subscriber_mcc | The current HotSpot 2.0 subscriber Mobile Country Code (MCC) settings. | mdm |
voice_roaming_enabled | Indicates whether voice roaming is enabled on the Apple device. If voice roaming is enabled, the device can make and receive phone calls while connected to a different cellular network than its home network. | mdm |