diff --git a/ee/tools/puppet/fleetdm/lib/puppet/util/fleet_client.rb b/ee/tools/puppet/fleetdm/lib/puppet/util/fleet_client.rb
index cea78ad485..ff9699019a 100644
--- a/ee/tools/puppet/fleetdm/lib/puppet/util/fleet_client.rb
+++ b/ee/tools/puppet/fleetdm/lib/puppet/util/fleet_client.rb
@@ -25,7 +25,7 @@ module Puppet::Util
         {
           'external_host_identifier' => Puppet[:node_name_value],
           'host_uuid' => uuid,
-          'profile' => Base64.encode64(profile_xml),
+          'profile' => Base64.strict_encode64(profile_xml),
           'group' => group,
         },
       )
@@ -53,7 +53,13 @@ module Puppet::Util
     def send_mdm_command(uuid, command_xml)
       post('/api/latest/fleet/mdm/apple/enqueue',
       {
-        'command' => command_xml,
+        # For some reason, the enqueue function expects the command to be
+        # base64 encoded using _raw encoding_ (without padding, as defined in RFC
+        # 4648 section 3.2)
+        #
+        # I couldn't find a built-in Ruby function to do raw encoding, so we're
+        # removing the padding manually instead.
+        'command' => Base64.strict_encode64(command_xml).gsub(/[\n=]/, ""),
         'device_ids' => [uuid],
       })
     end