Create Your First Monitoring Check

BEST PRACTICESMONITORINGOPENFRAMETUTORIAL

Phase 4 — Monitoring & Policies · Step 2

Section

June 19, 2026

Published

Vladislav Marchenko

Vladislav Marchenko

Head Of Marketing

Create Your First Monitoring Check

Phase 4 — Monitoring & Policies · OpenFrame Onboarding

A monitoring check is a policy — an osquery query that each device passes or fails. Let's build one end to end. We'll use a simple, useful example: confirm Windows machines are on at least Windows 10.


Before you start

  • You need an Admin role.
  • The devices you want to check should have the Fleet/osquery agent installed and online (check the device's Agents tab if unsure). A device without the agent can't be evaluated.
  • A little osquery SQL helps, but you can copy the example below and adjust. The Osquery Documentation link in the editor lists every table you can query.

Create the policy

  1. Go to Monitoring → Policies → Add Policy.

  2. Name — give it something scannable, e.g. Windows version.

  3. Description — say what it checks in plain language, e.g. Validate that version is at least 10. Your future self (and teammates) will thank you.

  4. Query — write the osquery SQL that defines passing. The trick: a device passes if the query returns a row, and fails if it returns nothing. So write the query to match only compliant devices.

    For our example:

    sql
    SELECT major FROM os_version WHERE major >= 10
    

    A device on Windows 10 or newer returns a row (passes); an older one returns nothing (fails).


Test before you save

Click Test Policy to run the query against real devices first. This is the step that saves you from rolling out a check with a typo or a wrong table name. Confirm it returns what you expect, then fix the SQL if it doesn't.

Write checks as "what good looks like." Because returning a row = pass, your query should describe the compliant state. "Encryption is on," "OS is current," "the right agent is installed." If you accidentally write it to match the bad state, every healthy device will show as failing.


Assign devices

Scroll to the Devices section and choose which machines this policy runs against. You can pick individual devices, filter by Device Tags, or Add All Devices. This is covered in full in Assign Devices to a Monitoring Policy — for your first check, add a couple of test devices you know the answer for.


Save and read the results

Click Save Policy. OpenFrame distributes the check to the assigned devices, and as each one reports back you'll see:

  • On the policy's detail page, a Devices table with PASSING / FAILING per device.
  • On the Policies list, the policy's aggregate StatusCOMPLIANT when every assigned device passes.
  • In the dashboard tiles, the Compliance Rate and Failed Policies counts update.

Results aren't instant — the agent has to run the check on its next cycle, so give it a little time and refresh.


Editing later

Open the policy and click Edit to change the name, description, query, or device assignment. Test Policy is available here too, so you can iterate safely.


Quick checklist

  • Named the policy and wrote a clear description
  • Wrote the query so a compliant device returns a row
  • Used Test Policy to confirm it behaves
  • Assigned a few known devices
  • Saved, then confirmed PASSING/FAILING came back as expected

What's next

That's a compliance check. For the data-collection side — pulling info on a schedule rather than judging pass/fail — see Create a Monitoring Query. To target checks at the right machines in bulk, see Assign Devices to a Monitoring Policy.


Based on OpenFrame v0.9.19. Screens and defaults may shift between releases — when in doubt, what's in your console wins.

Vladislav Marchenko

Head Of Marketing

Hi all! My name is Vlad and I’ve been brought on to head the marketing team at Flamingo. Thankfully, this isn’t the first time I will be building a marketing department from scratch, so the experience should come in handy. Now it’s time to dive into the world of MSPs and find myself in this new world.

More in Phase 4 — Monitoring & Policies

Related Content

Product Releases

Webinars

Case Studies

Blog Posts

Frequently Asked Questions

MSP AI Agents

Yes. In production MSP shops today, 10% to 25% of tickets close before a human opens them. Thread alone has processed 173 million tickets across 750-plus MSP partners at 96% triage accuracy, handing back 490,000-plus technician hours. Agents own the low-risk, high-volume work (password resets, MFA enrollment, known installs, onboarding and offboarding) and flag anything that touches production data or needs judgment for a human to take.
On a five-person desk, reported deployments show $78,000 to $130,000 in annual direct labor savings, roughly 30% fewer escalations, and 15% to 20% better SLA compliance. Broader MSP adoption data adds ticket handling time cut by 45% and five to 12 points of margin, all from reclaimed capacity rather than headcount cuts.

AI MSP

Start with a readiness assessment, not a tool purchase. Confirm your ticket history is clean and your RMM, PSA, and monitoring systems connect. Then pick one high-volume, low-risk workflow, usually ticket triage, and pilot it on internal tickets before any client sees it.
Automate high-volume, low-risk tasks first. Ticket triage and alert noise reduction top the list because they run constantly and a human still resolves the underlying issue. Save security approvals, billing changes, and client-facing actions for later, always with a human in the loop.

AI Safety

It can be, with governance. Keep a human in the loop on high-risk actions, log every automated step for audit, and choose platforms that keep your data yours with no vendor lock-in. Pilot on internal data first so you catch issues before client systems are involved.

AI for MSPs

Set a baseline before rollout, then track tickets closed per technician, mean time to resolution, percentage of tickets resolved with no human touch, technician hours reclaimed, and cost per ticket. AI-driven automation commonly cuts operational cost per ticket by 25 to 40%.

About OpenFrame

OpenFrame isn't built to plug into your stack. It replaces it. Instead of duct-taping a dozen tools together (RMM, MDM, SIEM, patching, remote access, each its own login and bill), we bundle it into one unified platform: RMM, MDM, monitoring, automation, remote access, patch management, security monitoring, and ticketing, plus built-in AI copilots. So "does it integrate with X?" usually means: you won't need X anymore.

Zabbix for MSPs

Yes. Zabbix is open source under GPLv2 with no license fee, no per-device pricing, and no paywalled features. You can monitor unlimited hosts at zero software cost. The real expense is the infrastructure to host it and the engineering time to configure and maintain it.

Log Aggregation

Yes. Self-hosted Loki is free and open source under the AGPLv3 license, so you pay only for the infrastructure you run it on. Grafana Cloud is the paid, managed option, starting at $0.45 per GB of logs ingested with 50 GB free each month.

MSP Password Manager

There is no single best. For most MSPs, Bitwarden balances low cost and no lock-in, 1Password offers the most polished multi-tenant console, and Keeper adds built-in privileged access. The right pick depends on your budget, client base, and need for PAM.