e9e3ad8564
## Summary - Adds a **macOS battery health check** policy that verifies the battery health is "Good" and condition is "Normal" using the osquery `battery` table's macOS-specific `health` and `condition` columns. - Adds a **Windows battery health check** policy that verifies the battery's full charge capacity remains above 80% of its designed capacity using the osquery `battery` table's `max_capacity` and `designed_capacity` columns. - References both new policies in the **Workstations** team config (`it-and-security/fleets/workstations.yml`). - **Desktop computers (no battery) automatically pass** both policies. The queries use a `NOT EXISTS` pattern so that devices returning zero rows from the `battery` table are not treated as failures. ## Changes | File | Description | |------|-------------| | `it-and-security/lib/macos/policies/battery-health-check.yml` | New macOS battery health policy | | `it-and-security/lib/windows/policies/battery-health-check.yml` | New Windows battery health policy | | `it-and-security/fleets/workstations.yml` | Added policy references for both platforms | ## Testing - Policy queries validated against the [osquery `battery` table schema](https://github.com/fleetdm/fleet/blob/main/schema/tables/battery.yml). - macOS query: `SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM battery WHERE health != 'Good' OR condition != 'Normal');` - Windows query: `SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM battery WHERE designed_capacity > 0 AND CAST(max_capacity AS REAL) / designed_capacity <= 0.80);` ### Expected behavior | Scenario | Result | |----------|--------| | Laptop with healthy battery | PASS | | Laptop with unhealthy battery | FAIL | | Desktop (no battery / zero rows) | PASS | --- Built for [Allen Houchins](https://fleetdm.slack.com/archives/D0AFASNBZMW/p1774454193574469?thread_ts=1774453340.076579&cid=D0AFASNBZMW) by [Kilo for Slack](https://kilo.ai/features/slack-integration) --------- Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| fleets | ||
| lib | ||
| default.yml | ||
| README.md | ||
Fleet
These files allow you to configure, patch, and secure computing devices for your organization.
Whether you're making changes by hand or spinning them up from Slack or Teams using a tool like Claude or Kilo Code (e.g. "Make our endpoints compliant with ISO 27001" or "Fix CVE-2026-XXXX"), your team reviews, merges, and it deploys to thousands of endpoints in seconds. This makes it straightforward to instantly rollback a change, and history is fully tracked.
You can read more about the anatomy of these files and what they do in Fleet's documentation. You can also opt to manage particular aspects of Fleet in the graphical user interface instead, such as software or labels.
Unsure? Talk to a human at fleetdm.com/support
What is Fleet?
Fleet is high-agency device management software. It is especially popular with IT and security teams who manage lots of endpoints.
All source code is public and the product is supported by a company called Fleet Device Management that enrolls millions of laptops, tablets, phones, servers, and other computing devices in 90+ countries.