What Is a Monitoring Policy?

BEST PRACTICESGUIDEMONITORINGOPENFRAME

Phase 4 — Monitoring & Policies · Step 1

Section

June 19, 2026

Published

Vladislav Marchenko

Vladislav Marchenko

Head Of Marketing

Monitoring is how you catch problems before your clients call you. In OpenFrame it lives under Monitoring in the left nav, and it has two tools that look similar but do different jobs: Policies and Queries. This guide explains the concepts so the next four guides make sense.

Both are built on osquery — the open-source agent that lets you ask a device questions in plain SQL. If a device is enrolled in Fleet (the OpenFrame agent installs this), you can query it.


Policies vs. Queries — the key distinction

  • A Policy is a compliance check. It's an osquery query written so that each device either passes or fails it. "Is the OS at least Windows 10?" "Is disk encryption on?" Each assigned device gets a PASSING or FAILING result, and the policy rolls up to COMPLIANT or not.
  • A Query is data collection. It runs on a schedule and pulls back information for visibility — hostname, CPU, memory, uptime — without any pass/fail judgment. Think reporting, not enforcement.

Rule of thumb: if you want a yes/no answer about whether a device meets a standard, that's a Policy. If you just want to gather data on a cadence, that's a Query.


What's in a policy

Open Monitoring → Policies and click any policy to see its anatomy:

  • Name and Description — what it checks, in plain language (e.g. "Validate that version is at least 10").
  • Query — the osquery SQL that defines pass/fail, e.g. SELECT major FROM os_version WHERE major >= 10. A device that returns a row passes; no row means it fails.
  • Severity — shown on the list (e.g. Low), with a Critical flag on the detail page. This is how you gauge how much a failure matters.
  • Status — the aggregate result: COMPLIANT when all assigned devices pass.
  • Devices — the machines the policy runs against, each showing PASSING or FAILING.
  • Author — who created it.

Reading the Policies dashboard

The top of the Policies tab gives you the health summary at a glance:

  • Total Policies — how many checks you've defined.
  • Compliance Rate — e.g. 4/4 (100%) — how many are fully compliant.
  • Failed Policies — the count that has at least one failing device. This is the number to watch.
  • Updated — when the data last refreshed.

The list below shows each policy with its Severity, Platform, and Status so you can scan for trouble fast.


How it fits together

  1. You write a policy (a check) or a query (a data pull) as osquery SQL.
  2. You assign it to devices (individually, or filtered by tag — see Assign Devices to a Monitoring Policy).
  3. The osquery agent on each device runs it and reports back.
  4. Policies show PASSING/FAILING per device; queries return collected data.
  5. Failures surface as non-compliant policies you can triage (see Understanding Alerts).

Prerequisite: monitoring needs the Fleet/osquery agent on the device. If a device shows "Fleet agent is not installed," it can't be checked or queried until the agent is healthy — see the Phase 2 install guides and the device's Agents tab.


What's next

Now that the concepts are clear, build one: Create Your First Monitoring Check walks through making a policy end to end. Then Create a Monitoring Query covers the data-collection side.


Based on OpenFrame v0.9.19. Screens and defaults may shift between releases — when in doubt, what's in your console wins.

Vladislav Marchenko

Head Of Marketing

Hi all! My name is Vlad and I’ve been brought on to head the marketing team at Flamingo. Thankfully, this isn’t the first time I will be building a marketing department from scratch, so the experience should come in handy. Now it’s time to dive into the world of MSPs and find myself in this new world.

More in Phase 4 — Monitoring & Policies

Related Content

Product Releases

Webinars

Case Studies

Blog Posts

Frequently Asked Questions

MSP AI Agents

Yes. In production MSP shops today, 10% to 25% of tickets close before a human opens them. Thread alone has processed 173 million tickets across 750-plus MSP partners at 96% triage accuracy, handing back 490,000-plus technician hours. Agents own the low-risk, high-volume work (password resets, MFA enrollment, known installs, onboarding and offboarding) and flag anything that touches production data or needs judgment for a human to take.
On a five-person desk, reported deployments show $78,000 to $130,000 in annual direct labor savings, roughly 30% fewer escalations, and 15% to 20% better SLA compliance. Broader MSP adoption data adds ticket handling time cut by 45% and five to 12 points of margin, all from reclaimed capacity rather than headcount cuts.

AI MSP

Start with a readiness assessment, not a tool purchase. Confirm your ticket history is clean and your RMM, PSA, and monitoring systems connect. Then pick one high-volume, low-risk workflow, usually ticket triage, and pilot it on internal tickets before any client sees it.
Automate high-volume, low-risk tasks first. Ticket triage and alert noise reduction top the list because they run constantly and a human still resolves the underlying issue. Save security approvals, billing changes, and client-facing actions for later, always with a human in the loop.

AI Safety

It can be, with governance. Keep a human in the loop on high-risk actions, log every automated step for audit, and choose platforms that keep your data yours with no vendor lock-in. Pilot on internal data first so you catch issues before client systems are involved.

AI for MSPs

Set a baseline before rollout, then track tickets closed per technician, mean time to resolution, percentage of tickets resolved with no human touch, technician hours reclaimed, and cost per ticket. AI-driven automation commonly cuts operational cost per ticket by 25 to 40%.

About OpenFrame

OpenFrame isn't built to plug into your stack. It replaces it. Instead of duct-taping a dozen tools together (RMM, MDM, SIEM, patching, remote access, each its own login and bill), we bundle it into one unified platform: RMM, MDM, monitoring, automation, remote access, patch management, security monitoring, and ticketing, plus built-in AI copilots. So "does it integrate with X?" usually means: you won't need X anymore.

Zabbix for MSPs

Yes. Zabbix is open source under GPLv2 with no license fee, no per-device pricing, and no paywalled features. You can monitor unlimited hosts at zero software cost. The real expense is the infrastructure to host it and the engineering time to configure and maintain it.

Log Aggregation

Yes. Self-hosted Loki is free and open source under the AGPLv3 license, so you pay only for the infrastructure you run it on. Grafana Cloud is the paid, managed option, starting at $0.45 per GB of logs ingested with 50 GB free each month.

MSP Password Manager

There is no single best. For most MSPs, Bitwarden balances low cost and no lock-in, 1Password offers the most polished multi-tenant console, and Keeper adds built-in privileged access. The right pick depends on your budget, client base, and need for PAM.