// MCP TOOL REFERENCE

FLEET TOOLS

132 tools from the Fleet MCP Server, categorised by risk level.

View the Fleet policy →
// ALL 132 FLEET TOOLS
READ 75 tools
Read fleet_find_software_on_host Find specific software on a host by hostname Read fleet_get_batch_script Get details of a batch script execution Read fleet_get_bootstrap_metadata Get metadata about a bootstrap package for a team Read fleet_get_bootstrap_summary Get summary of bootstrap package deployment Read fleet_get_carve Get detailed information about a specific carve session Read fleet_get_carve_block Get a specific block of data from a carve session Read fleet_get_certificate Get the Fleet server certificate chain Read fleet_get_config Get the current Fleet application configuration Read fleet_get_cve Get detailed information about a specific CVE Read fleet_get_device_info Get device information using a device token Read fleet_get_enroll_secrets Get the enrolment secrets configuration Read fleet_get_filevault_summary Get FileVault encryption summary Read fleet_get_host Get detailed information about a specific host by ID Read fleet_get_host_by_identifier Get host by hostname, UUID, or hardware serial Read fleet_get_host_device_mapping Get device mapping information for a host Read fleet_get_host_encryption_key Get disk encryption recovery key for a host Read fleet_get_host_macadmins Get macadmins data (Munki, MDM profiles) for a host Read fleet_get_host_mdm Get MDM information for a specific host Read fleet_get_host_mdm_profiles Get MDM profiles installed on a specific host Read fleet_get_host_software Get software installed on a specific host Read fleet_get_label Get detailed information about a specific label Read fleet_get_mdm_command_results Get results of MDM commands Read fleet_get_mdm_profiles_summary Get summary of MDM profile deployment status Read fleet_get_osquery_table_schema Get detailed schema for a specific table Read fleet_get_pack Get detailed information about a specific pack Read fleet_get_policy_results Get compliance results for a specific policy Read fleet_get_query Get details of a specific saved query Read fleet_get_query_report Get the latest results from a scheduled query Read fleet_get_script Get details of a specific script Read fleet_get_script_result Get the result of a script execution Read fleet_get_session Get session details by ID Read fleet_get_setup_assistant Get the MDM Apple Setup Assistant configuration Read fleet_get_software Get detailed information about a specific software item Read fleet_get_software_install_result Get the result of a software installation request Read fleet_get_software_title Get detailed information about a specific software title Read fleet_get_team Get details of a specific team Read fleet_get_team_secrets List team-specific enrol secrets Read fleet_get_user Get details of a specific user Read fleet_get_version Get the Fleet server version information Read fleet_get_vulnerabilities List known vulnerabilities with filtering Read fleet_health_check Check Fleet server connectivity and authentication Read fleet_list_activities List Fleet activities and audit logs Read fleet_list_app_store_apps List App Store apps available for installation Read fleet_list_batch_script_hosts List hosts in a batch script execution Read fleet_list_batch_scripts List batch script executions Read fleet_list_carves List file carve sessions Read fleet_list_host_certificates List certificates for a specific host Read fleet_list_host_past_activities List past activities for a specific host Read fleet_list_host_scripts List scripts available for a specific host Read fleet_list_host_upcoming_activities List upcoming activities for a specific host Read fleet_list_hosts List hosts with filtering, pagination, and search Read fleet_list_invites List pending user invites Read fleet_list_labels List all labels Read fleet_list_mdm_apple_installers List all Apple MDM installers Read fleet_list_mdm_commands List MDM commands that have been executed Read fleet_list_mdm_devices List all MDM-enrolled Apple devices Read fleet_list_mdm_profiles List MDM configuration profiles Read fleet_list_osquery_tables List available osquery tables with dynamic discovery Read fleet_list_packs List all query packs Read fleet_list_policies List all compliance policies Read fleet_list_queries List all saved queries with pagination Read fleet_list_scheduled_queries List scheduled queries in a specific pack Read fleet_list_scripts List all scripts available in Fleet Read fleet_list_secrets List secret variables in Fleet Read fleet_list_software List software inventory across the fleet Read fleet_list_software_titles List software titles across the fleet Read fleet_list_team_users List all users that are members of a specific team Read fleet_list_teams List all teams Read fleet_list_user_sessions List active sessions for a user Read fleet_list_users List all users with filtering Read fleet_list_vpp_tokens List VPP tokens configured in Fleet Read fleet_search_hosts Search hosts by hostname, UUID, serial number, or IP Read fleet_search_software Search for software by name Read fleet_suggest_tables_for_query Get AI-powered table suggestions based on intent Read fleet_verify_invite Verify an invite token and get invite details
WRITE 32 tools
Write fleet_add_app_store_app Add an App Store app for distribution via MDM Write fleet_add_labels_to_host Add labels to a host Write fleet_add_team_users Add one or more users to a specific team Write fleet_batch_set_software Batch upload/set software installers for a team Write fleet_cancel_batch_script Cancel a batch script execution in progress Write fleet_cancel_host_activity Cancel an upcoming activity for a specific host Write fleet_create_invite Create a new user invite Write fleet_create_label Create a new label for host classification Write fleet_create_pack Create a new query pack Write fleet_create_policy Create a new compliance policy Write fleet_create_query Create a new saved query Write fleet_create_script Create and upload a new script Write fleet_create_secret Create a new secret variable Write fleet_create_setup_assistant Create or update MDM Apple Setup Assistant config Write fleet_create_team Create a new team Write fleet_create_user Create a new user account Write fleet_modify_script Modify an existing script Write fleet_remove_labels_from_host Remove labels from a host Write fleet_remove_team_user Remove a specific user from a team Write fleet_transfer_hosts Transfer hosts to a different team Write fleet_unlock_host Unlock a host device remotely Write fleet_update_app_store_app Update App Store app distribution settings Write fleet_update_config Update the Fleet application configuration Write fleet_update_enroll_secrets Update the enrolment secrets configuration Write fleet_update_invite Update a pending invite Write fleet_update_label Update an existing label Write fleet_update_pack Update an existing query pack Write fleet_update_policy Update an existing compliance policy Write fleet_update_user Update an existing user account Write fleet_upload_bootstrap_package Upload a bootstrap package for MDM enrolment Write fleet_upload_mdm_apple_installer Upload a new Apple MDM installer package Write fleet_upload_mdm_profile Upload a new MDM configuration profile
DESTRUCTIVE 15 tools
Destructive fleet_delete_bootstrap_package Delete a bootstrap package for a team Destructive fleet_delete_host Permanently remove a host from Fleet Destructive fleet_delete_invite Delete a pending invite Destructive fleet_delete_label Delete a label by name permanently Destructive fleet_delete_mdm_profile Delete an MDM configuration profile Destructive fleet_delete_pack Delete a query pack by name permanently Destructive fleet_delete_policy Delete a compliance policy permanently Destructive fleet_delete_query Delete a saved query permanently Destructive fleet_delete_script Delete a script permanently Destructive fleet_delete_secret Delete a secret variable by ID Destructive fleet_delete_session Delete and invalidate a specific session Destructive fleet_delete_setup_assistant Delete the MDM Apple Setup Assistant config Destructive fleet_delete_user_sessions Delete all sessions for a specific user Destructive fleet_delete_vpp_token Delete a VPP token permanently Destructive fleet_unenroll_host_mdm Unenrol a host from MDM management
EXECUTE 10 tools
Execute fleet_install_software Install software on a specific host Execute fleet_lock_device Lock an MDM-enrolled device remotely Execute fleet_lock_host Lock a host device remotely Execute fleet_query_host Run an ad-hoc live query against a specific host Execute fleet_query_host_by_identifier Run a live query by hostname, UUID, or serial Execute fleet_refetch_host Force a host to refetch and update its data Execute fleet_run_batch_script Run a script on multiple hosts simultaneously Execute fleet_run_live_query_with_results Execute a live query and collect results from hosts Execute fleet_run_saved_query Run a saved query against hosts Execute fleet_run_script Run a script on a specific host
// RUNNING THIS SERVER

The managed route: connect Fleet through the PolicyLayer gateway — every tool call above is checked against your policy before it runs, with a full audit log.

DIRECT INSTALL (UNMANAGED) npx -y fleet-mcp
// FAQ
How many tools does the Fleet MCP server have? +

The Fleet MCP server exposes 132 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on Fleet tools? +

Route the Fleet server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do Fleet tools fall into? +

Fleet tools are categorised as Read (75), Write (32), Destructive (15), Execute (10). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.