Skip to main content

How the Devices Insights (Deel Agent) Works

Ophelia Boamah Ampoh
  • Updated

Device Insights uses the OSQuery framework to monitor and manage devices across multiple platforms. 

You can deploy it to your entire estate through your MDM tool in a few clicks. Once deployed, your Deel IT asset tracker will automatically populate with details about every device in your global fleet—simplifying the management of your IT equipment worldwide.

Once installed, you can: 

  • View the Pending import tab to see devices discovered by the Device Insights
  • Import devices and add them to the asset tracker
  • Access detailed device statistics
Warning
Important
This feature was previously known as Deel Agent. Users who accessed the feature before March 2026 will continue to see the previous name. For users accessing it from March 2026 onward, the feature is labeled Device Insights .

In This Article

Before Starting

Device Insights is lightweight and has minimal system requirements. It requires approximately 30MB of disk space when compressed and 120MB when uncompressed. Administrator privileges are needed for installation and uninstallation.

To successfully install the Device Insights, you must be on one of the two supported Operating Systems:

  • Mac
  • Windows

Installing the Device Insights (Trial or Manual Deployment)

Warning

Before installing the Device Insights, please know that Linux isn't supported.

Device Insights can be installed manually or distributed through your MDM provider. During the activation flow, you’ll be prompted to either deploy the Device Insights or trial it.

After accepting the Terms & Conditions, the installation package for your selected OS (Mac or Windows) will download. You can then run the installer on your device to complete the installation.

The installer is universal for your entire organization; no unique installer per worker is needed.

You can distribute the installation packages to your workers and ask them to install the Device Insights. Note that workers will need admin access on their devices to complete the installation.

 

Deploying Device Insights Through MDM

For a more automated approach, deploy the Device Insights to your entire fleet using your MDM tool. Since MDM providers handle software deployment differently, refer to your MDM provider’s documentation for specific instructions.

 

Uninstalling Device Insights

To uninstall the Agent, use the following commands:

On Mac

Run sudo bash /Library/HofyAgent/uninstall.sh as root. Allow up to 300 seconds for the process to complete.

 

On Windows

  1. To use the command on Windows, you will need your .msi IdentifyingNumber (example: 0F874714-9488-4060-AF85-9D72F38951A1)
To locate it, use the helper command: Get-WmiObject -Class Win32_Product -Filter "Name='Deel Agent'" | Select-Object -ExpandProperty IdentifyingNumber
 
     2. After fetching the IdentifyingNumber, run the command: Start-Process -Wait msiexec.exe -ArgumentList "/x {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} /quiet" -Verb RunAs, replacing the X value with the IDNumber you retrieved.

An example: Start-Process -Wait msiexec.exe -ArgumentList "/x {0F874714-9488-4060-AF85-9D72F38951A1} /quiet" -Verb RunAs

Importing Devices

Once the Device Insights is installed on a device and reports back, the device will appear in your asset tracker as Pending import. To include it in the main Deel IT asset tracker, you’ll need to import it.

We use an auto matching logic for newly discovered devices:
1. The system checks if the device’s serial number matches an existing device in your asset tracker.
2. If no match is found, we use OSquery to pull the user’s email address from their Chrome profile (if Chrome is used). This email is then matched with the user’s email in Deel.

You can also:

  • Manually match devices or change the auto-assigned assignee.
  • Ignore devices you don’t want to import.

Device Health

Device Insights displays the following device health statistics:

  • MDM profile
  • Battery health
  • Disk space
  • Disk encryption
  • Last restart
  • IP address

Device Insights Architecture + Security

The Device Insights is built on OSQuery, providing a read-only, SQL-like interface to the host operating system. Each device insights binary (`.msi` or `.pkg` file) is signed with Deel credentials and is unique to your organization, including a custom installer and uninstaller.

To ensure efficiency and security, we use a custom build of Device Insights that applies least-privilege principles, reducing the amount of information queried from the host. A watchdog process is also in place to limit resource consumption (CPU, RAM), ensuring the Device Insights remains lightweight and non-intrusive.

Security Measures:

  • The OSQuery scope is predefined during binary creation, ensuring only authorized queries are executed. Unauthorized queries outside this scope are not possible.
  • Data is transmitted hourly to Deel servers using authenticated, TLS-secured connections and is segregated by organization within a multi-tenant architecture.
  • We follow data minimization principles, collecting only the data necessary for asset tracking, hardware, and software management.
  • All data sent from the OSQuery is encrypted using TLS, and endpoint security configurations ensure only secure connections (HTTPS) are accepted, requiring TLS certificates on the server.
  • A watchdog process caps resource usage at 10% of CPU for 12 seconds and limits RAM usage to 200 MB. Queries exceeding these limits are terminated.
  • Profiling is used to analyze, optimize, and benchmark query performance before deployment.
  • Queries are executed once per hour on a predetermined schedule. Ad-hoc querying of the host is not supported.

 

Was this article helpful?
0 out of 0 found this helpful
Was this article helpful?
not helpful
very helpful
Return to top

Related articles