Learn how to configure options for Device Enrollment with Kandji
Kandji supports several different types of Apple devices. Please visit the Device Requirements article for all of the details.
Automated Device Enrollment
Automated Device Enrollment (ADE) is great for brand-new or restored devices assigned to Kandji in Apple Business Manager. Enrolling devices via Automated Device Enrollment ensures that Kandji can not be removed from the device unless permitted.
An Apple Business Manager account is required for Automated Device Enrollment. If you have devices that were purchased outside of Apple Business Manager, you can Add Devices to Apple Business Manager.
Assigning a device in Apple Business Manager
If you still need to configure an MDM Server for Kandji, visit the Automated Device Enrollment section of the Getting Started with Kandji - Setup article for configuration instructions.
- Log in to Apple Business Manager and select Devices from the left-hand navigation bar.
- Search for a device in the search field.
- Select the device from the list.
- Click Edit MDM Server.
- Select Assign to the following MDM and choose the Kandji server you created when enabling MDM with Kandji.
- Select Continue.
- Confirm that you want to change the MDM server the device is assigned to.
Ensure all new devices purchased will be assigned to Kandji
- Select your name from the left-hand navigation bar.
- Select Preferences.
- Select MDM Server Assignment.
Under Default MDM Server Assignment, select Edit.
- Choose the Kandji server you created when enabling MDM with Kandji for each device type.
Ensure Devices Do Not Skip ADE Enrollment
macOS Ventura and Later Mac computers registered to an organization must connect to a network during Setup Assistant after being erased or reset. By first enrolling a device into Kandji, admins can ensure that newly provisioned devices can no longer skip ADE enrollment.
Migrating from Previous MDM
What if your mobile device is already set up and enrolled in another MDM via Automated Device Enrollment? You have two options:
- After re-assigning the device to Kandji via Apple Business Manager, erase and re-enroll your mobile devices if you wish to maintain supervision in Kandji.
- Un-manage the mobile device in your existing MDM and leverage the Kandji Enrollment Portal. Only macOS devices will be Supervised using this method.
If you experience any issues with the process or have any other questions, please contact support.
Check Device ADE Status
Before attempting to enroll a device through ADE, it's important to check the status in the Automated Device Enrollment section in your Kandji Web App.
Please look at the Device Enrollment Profile Status article for more information.
Automated Device Enrollment After Setup
If a Mac has already passed through Setup Assistant, forcing another check and re-enrolling the computer into Kandji is possible. After assigning the device to the Kandji MDM server in Apple Business Manager, have your users follow the User Experience with Automated Device Enrollment After Setup article for the full process.
Change Default ADE Blueprint
The default Blueprint can be changed at any time inside the Kandji Web App.
- Click Settings.
- Click Apple Integrations.
- Click Edit in the Automated Device Enrollment section.
- Click the Blueprint dropdown menu.
- Select the desired Blueprint from the list.
- Click Save.
Enrollment Portal for Manual Enrollment
Enrollment Portal Setup
Enrolling via the Kandji Enrollment Portal is a great option for devices unavailable in Apple Business Manager.
The Add Devices page will not be accessible until Apple Push Notification service (APNs) is configured.
- Login to Kandji and click Add Devices in the navigation bar.
- Click the toggle in the Status Row to enable the Enrollment Portal.
- Click the toggle next to any Blueprint you wish to allow users to enroll their devices into.
Once enabled, you can direct users to the URL specified and provide them with the code they should use to enroll their devices. If you have multiple Blueprints, ensure that specific users are provided only their specific Blueprint code.
Enrollment Portal URL and Code
- Navigate to Add Devices in the left-hand navigation bar of the Kandji web app.
- If the Enrollment Portal is set to active, you will have a custom Enrollment Portal Link you can provide to your user so they can enroll their devices.
- Provide the user the custom Enrollment Portal Link and the Enrollment Code for the Blueprint you wish to enroll their device in.
- You can also provide the portal link with the Enrollment Code embedded in the URL for easier deployment. The format for the shareable link is listed below. The EnrollmentCodeHere portion should be the Enrollment Code without the dash between the two sets of numbers.
- https://subdomain.kandji.io/enroll/access-code/EnrollmentCodeHere
Please take a look at our User Experience with the Enrollment Portal article for more information.
Moving Devices Between Blueprints
Devices can be moved to a different Blueprint without re-enrolling.
Generating a new Blueprint Code
Kandji allows you to generate a new random code for each Blueprint. Generating a new code is helpful should the code be distributed to unauthorized users. A new code prevents unwanted devices from being enrolled into that Blueprint.
- Login to Kandji and click Add Devices in the navigation bar.
- Click on Change Code next to the Blueprint you wish to generate a new enrollment code.
- Distribute the new code to your desired users.
Once changed, the previous code will no longer be valid for new device enrollments.
When Stolen Device Protection is activated, MDM enrollment will be restricted, aligning with Apple's intentional design. It's crucial to emphasize that this specifically affects certain manual enrollment methods on iPhones with iOS 17.3 and newer versions.
Enrollment Troubleshooting
Devices Not Visible in Apple Business Manager
- If you do not see your devices available for assignment in your Apple Business Manager account, there can be several reasons, with different solutions for each.
- You purchased your devices directly from Apple.
- You may not have added your Apple Customer Number in Apple Business Manager (Settings > Device Management Settings > Customer Numbers).
- To find your Apple Customer Number, check with your Apple account executive or your purchasing department or reach out to Apple sales support. When using an Apple Customer Number, all devices purchased from Apple since March 1, 2011, will be added to your Apple Business Manager account.
- You purchased your devices from an Apple Authorized Reseller or a carrier.
- You may have not established a link between your Apple Business Manager account and the reseller.
- Ask your reseller for its Reseller ID and add this in Apple Business Manager (Settings > Device Management Settings > Customer Numbers).
- Provide your reseller with your Apple Business Manager Organization ID, located in Apple Business Manager (Settings > Enrollment Information), along with a list of the serial numbers or orders that you want your reseller to add to your Apple Business Manager account. The "Look-Back" period for devices to be added is at the discretion of your reseller.
- Your devices may not have been purchased through a Device Enrollment–enabled reseller or were not purchased as a business from Apple.
- You may have not established a link between your Apple Business Manager account and the reseller.
- You purchased your devices directly from Apple.
Prefered Device Enrollment Resellers
- A list of Preferred Device Enrollment Resellers is available here.
Customer Numbers and Apple Business Manager
- For information about customer numbers and adding devices to Apple Business Manager, see Apple's Using Automated Device Enrollment Support Article.