Enrolling Devices

When it comes to enrolling devices into Kandji, you have many options.

Enrollment Methods

Kandji supports several different types of Apple devices. There are also several different methods that can be used to enroll those devices. Below are the supported enrollment options for each device type: 

All Device Types

  • Automated Device Enrollment: ADE is great for brand new or restored devices that have been assigned to Kandji in Apple Business Manager.
  • Kandji Enrollment Portal: Enrolling via the Kandji Enrollment Portal is a great option for devices that are already set up and/or not available to you in Apple Business Manager. 

macOS Devices 

  • Automated Enrollment after device setup: Sometimes referred to as “DEP NAG,” this allows you to run a one-line command in Terminal to initiate a notification that allows the user to enroll in Kandji using Automated Device Enrollment. 
    • This option can be especially useful if your devices are already enrolled in another MDM solution, as you can use that old MDM to unenroll the devices and to install a LaunchDaemon to run a DEP NAG prompting your users to enroll in Kandji.

iOS, tvOS, and iPadOS Devices

  • Apple Configurator 2: If you have iPhone, iPad, Apple TV, or iPod touch devices that were purchased outside of Apple Business Manager, you can manually add these devices to ABM using the Apple Configurator 2 app.  
For more information about Configurator, review this Apple Support article.

What if your mobile device is already set up and enrolled in another MDM via Automated Device Enrollment? You have two options:

  • After re-assigning the device to Kandji via Apple Business Manager, erase and re-enroll your mobile devices if you wish to maintain supervision in Kandji.
  • Un-manage the mobile device in your existing MDM and leverage the Kandji web enrollment portal. Note: This will not result in your devices being in a supervised state.

How to Enroll

Automated Device Enrollment (All Device Types)

Enrolling devices via Automated Device Enrollment ensures that Kandji can not be removed from the device unless permitted.

An Apple Business Manager account is required for Automated Device Enrollment.

Automated Device Enrollment (new or restored devices)

  1. Assign Mac or iOS Devices to the Kandji MDM server inside of Apple Business Manager.
  2. Navigate to Devices > Automated Device Enrollment to confirm that the desired devices are listed in Kandji.
  3. Turn on the device, connect to the internet, and begin the Setup Assistant. A Remote Management screen during the setup process will confirm enrollment has been successful.

Automated Device Enrollment (after device setup) (macOS only)

If a Mac has already passed through Setup Assistant, it's possible to force another check and re-enroll the computer into Kandji. After assigning the device to the Kandji MDM server in Apple Business Manager, ensure the following steps are performed.

If you are moving from an existing MDM, you can install a LaunchAgent prior to removal from your current MDM to run this command daily. It will prompt your users to enroll in Kandji. 

  1. Open Terminal and run the following command:
    sudo profiles -N

    or (these commands perform the same function) 

    sudo profiles renew -type enrollment
  2. The Mac will display a banner notification in the right-hand corner prompting to enroll the device into Kandji. Click on Details from the banner notification.

    banner 1
  3. System Preferences will open to confirm the enrollment; select Allow. The Mac will then enroll into Kandji. 

    sysprefs

Assigning a device in Apple Business Manager

  1. Log in to Apple Business Manager and select Device Assignments from the left-hand navigation bar.
  2. Chose the specific identifier and fill in the relevant information in the text field.

  3. Select Assign to Server under the Perform Action dropdown.

  4. Select Choose MDM Server under the MDM Server drop-down and chose the Kandji server you created when enabling MDM with Kandji.



  5. To ensure all new devices purchased will automatically be assigned to Kandji, select Settings from the left-hand navigation bar.
  6. Select Device Management Settings.
  7. In the Device Management Settings section, under Default Device Assignment you can automatically assign each device type a default Blueprint that you have configured in the Kandji web app.

Note that the default Blueprint can be changed at any time inside the Kandji web app.

Make devices available for assignment in Apple Business Manager

  • If you do not see your devices available for assignment in your Apple Business Manager account, there can be several reasons, with different solutions for each.
    • You purchased your devices directly from Apple.
      • You may not have added your Apple Customer Number in Apple Business Manager (Settings > Device Management Settings > Customer Numbers).
      • To find your Apple Customer Number, check with your Apple account executive or your purchasing department or reach out to Apple sales support. When using an Apple Customer Number, all devices purchased from Apple since March 1, 2011, will be added to your Apple Business Manager account. 
    • You purchased your devices from an Apple Authorized Reseller or a carrier.
      • You may have not established a link between your Apple Business Manager account and the reseller.
        • Ask your reseller for its Reseller ID and add this in Apple Business Manager  (Settings > Device Management Settings > Customer Numbers).
        • Provide your reseller with your Apple Business Manager Organization ID, located in Apple Business Manager  (Settings > Enrollment Information), along with a list of the serial numbers or orders that you want your reseller to add to your Apple Business Manager account. The "Look-Back" period for devices to be added is at the discretion of your reseller.
      • Your devices may not have been purchased through a Device Enrollment–enabled reseller or were not purchased as a business from Apple.

    This Apple Support article addresses questions about customer numbers and adding devices into Apple Business Manager 

    This Apple Support article has a list of Device Enrollment enabled resellers; note that even if your reseller is not listed that it may still be able to add your devices

    Devices are already set up but not available in Apple Business Manager

    1. Navigate to Add Devices in the left-hand navigation bar of the Kandji web app.
    2. If the Enrollment Portal is set to active, you will have a custom Enrollment Portal Link you can provide to your user so they can enroll their devices.
    3. Provide the user the custom Enrollment Portal Link and the Enrollment Code for the Blueprint you wish to enroll their device in.