diff --git a/server/service/osquery_utils/queries.go b/server/service/osquery_utils/queries.go
index 081cb79e67..81fc68b8d6 100644
--- a/server/service/osquery_utils/queries.go
+++ b/server/service/osquery_utils/queries.go
@@ -646,15 +646,23 @@ func directIngestMDM(ctx context.Context, logger log.Logger, host *fleet.Host, d
 		logger.Log("component", "service", "method", "ingestMDM", "warn",
 			fmt.Sprintf("mdm expected single result got %d", len(rows)))
 	}
-
+	enrolledVal := rows[0]["enrolled"]
+	if enrolledVal == "" {
+		return ctxerr.Wrap(ctx, fmt.Errorf("missing mdm.enrolled value: %d", host.ID))
+	}
+	enrolled, err := strconv.ParseBool(enrolledVal)
+	if err != nil {
+		return ctxerr.Wrap(ctx, err, "parsing enrolled")
+	}
+	if !enrolled {
+		// A row with enrolled=false and all other columns empty is a host with the osquery
+		// MDM table extensions installed (e.g. Orbit) but MDM unconfigured/disabled.
+		return nil
+	}
 	installedFromDep, err := strconv.ParseBool(rows[0]["installed_from_dep"])
 	if err != nil {
 		return ctxerr.Wrap(ctx, err, "parsing installed_from_dep")
 	}
-	enrolled, err := strconv.ParseBool(rows[0]["enrolled"])
-	if err != nil {
-		return ctxerr.Wrap(ctx, err, "parsing enrolled")
-	}
 
 	return ds.SetOrUpdateMDMData(ctx, host.ID, enrolled, rows[0]["server_url"], installedFromDep)
 }
diff --git a/server/service/osquery_utils/queries_test.go b/server/service/osquery_utils/queries_test.go
index 5aee701b2a..6ae055ca32 100644
--- a/server/service/osquery_utils/queries_test.go
+++ b/server/service/osquery_utils/queries_test.go
@@ -1,6 +1,7 @@
 package osquery_utils
 
 import (
+	"context"
 	"encoding/json"
 	"sort"
 	"testing"
@@ -301,3 +302,19 @@ func TestGetDetailQueries(t *testing.T) {
 	sortedKeysCompare(t, queriesWithUsersAndSoftware,
 		append(baseQueries, "users", "software_macos", "software_linux", "software_windows"))
 }
+
+func TestDirectIngestMDM(t *testing.T) {
+	var host fleet.Host
+
+	err := directIngestMDM(context.Background(), log.NewNopLogger(), &host, nil, []map[string]string{}, true)
+	require.NoError(t, err)
+
+	err = directIngestMDM(context.Background(), log.NewNopLogger(), &host, nil, []map[string]string{
+		{
+			"enrolled":           "false",
+			"installed_from_dep": "",
+			"server_url":         "",
+		},
+	}, false)
+	require.NoError(t, err)
+}
diff --git a/server/service/service_osquery.go b/server/service/service_osquery.go
index d818594228..f58383be7e 100644
--- a/server/service/service_osquery.go
+++ b/server/service/service_osquery.go
@@ -760,7 +760,7 @@ func (svc *Service) SubmitDistributedQueryResults(
 		}
 
 		if err != nil {
-			logging.WithErr(ctx, ctxerr.New(ctx, "error in live query ingestion"))
+			logging.WithErr(ctx, ctxerr.New(ctx, "error in query ingestion"))
 			logging.WithExtras(ctx, "ingestion-err", err)
 		}
 	}