Enrolling Devices

When it comes to enrolling devices into Kandji, you have options.

Enrollment Methods

Kandji supports many different Apple device types. There are also several different methods that can be used to enroll those devices. Below are the supported enrollment options per-device type: 

All Device Types

  • Enrolling via the “Kandji Enrollment Portal” which is great for devices that are already set up and/or not available to you in Apple Business Manager. 
  • Automated Device Enrollment is great for brand new or restored devices that have been assigned to Kandji inside Apple Business Manager.

macOS Devices 

  • Automated Enrollment after device setup, sometimes referred to as “DEP NAG”. This allows you to run a one-line command in terminal to initiate a notification that allows the end-user to enroll in Kandji using Automated Device Enrollment. 
    • This option can be especially useful if your devices are in an existing MDM, as devices can be unenrolled via your previous MDM and install a LaunchDaemon to run a "DEP NAG" to prompt your users to enroll in Kandji.

iOS, tvOS, and iPadOS Devices

  • If you have iPhone, iPad, Apple TV, or iPod touch devices that were purchased outside of Apple Business Manager, you can manually add these devices to Apple Business Manager using the Apple Configurator 2 app.  
For more information about Configurator, review this Apple Support article.
  • What if my mobile device is already set up and enrolled in an MDM via Automated Device Enrollment?

    Two options are able to address this situation:
    • Erase and re-enroll your mobile devices (after re-assigning the device to Kandji via Apple Business Manager) if you wish to maintain supervision in Kandji.
    • Un-manage the mobile device in your existing MDM and leverage the Kandji web enrollment portal.
      • Note: This will not result in your devices being in a "Supervised" state.

How to Enroll

Automated Device Enrollment (All Device Types)

Enrolling devices via Automated Device Enrollment also ensures that Kandji can not be removed from the device unless permitted.

An Apple Business Manager account is required for Automated Device Enrollment.

To use Automated Device Enrollment on new or restored devices, follow these steps:

  1. Assign Mac or iOS Devices to the Kandji MDM server inside of Apple Business Manager.
  2. Confirm desired devices are listed inside Kandji. Navigate to Devices > Auto-Enroll Devices.
  3. Turn on the device, connect to the internet and begin the Setup Assistant. A screen labeled “Remote Management” during the setup process will confirm enrollment has been successful.

Automated Enrollment after Device Setup (macOS Only)

If a Mac has already past Setup Assistant, there is a method to force another check and re-enroll itself into Kandji. Ensure the following steps are performed after assigning the device to the Kandji MDM server in Apple Business Manager.

If you are moving from an existing MDM you can install a Launch Agent prior to removal from your current MDM to run this command daily to prompt your end users to enroll in Kandji. 

  1. Open Terminal and run the following command:
    sudo profiles renew -type enrollment
  2. The Mac will display a banner notification in the right-hand corner prompting to enroll the device into Kandj. Click on details from the banner notification.

    banner 1
  3. System Preferences will open to confirm the enrollment, select Allow. The Mac will then enroll into Kandji. 

    sysprefs

How do I assign a device inside of Apple Business Manager?

  1. Log in to Apple Business Manager and select Device Assignments from the left-hand navigation bar.
  2. Chose the specific identifier and fill in the relevant information in the text field.

  3. Select Assign to Server under the Perform Action dropdown.

  4. Select Choose MDM Server under the MDM Server drop-down and chose the Kandji server you created when enabling MDM with Kandji.




    To ensure all new devices purchased will automatically be assigned to Kandji, continue to step 5.
  5. Select Settings from the left-hand navigation bar.
  6. Select Device Management Settings.
  7. Inside of Device Management Settings, under Default Device Assignment you can have each device type automatically assign a default Blueprint that you have configured in the Kandji Web App.

Note that the default Blueprint can be changed at any time inside the Kandji Web App.

How can I make my organization's devices available to for assignment inside Apple Business Manager?

  • If you do not see your devices for assignment in your Apple Business Manager account this can be due to these possibilities:
    • If you purchased your devices directly from Apple:
      • Then you may not have not added your Apple Customer Number inside of Apple Business Manager > Settings > Device Management Settings > Customer Numbers.
        • To find your Apple Customer Number check with your Apple Account Executive or your purchasing Department. Otherwise, reach out to Apple Sales Support. When using an Apple Customer Number all devices purchased from apple since March 1 2011, will be added to your Apple Business Manager Account. 
    • If you purchased your devices from an Apple Authorized Reseller such as CDW, SHI, B&H, or a Carrier:
      • Then you may have not established a link between your Apple Business Manager account and the reseller.
        • Ask your reseller for their Reseller ID and add this to Apple Business Manager > Settings > Device Management Settings > Customer Numbers.
        • Then Provide your reseller with your Apple Business Manager Organization ID, located in Apple Business Manager > Settings > Enrollment Information.
          Along with a list of serial numbers or orders, you want your reseller to add to your Apple Business Manager account.
          The "Look-Back" period for devices to be added is at the discretion of your reseller.
    • Your devices may not have been purchased through a Device Enrollment enabled Reseller, or we're not purchased as a business from Apple.

    See this Apple Support article with questions regarding customer numbers, and adding devices into Apple Business Manager 

    See this Apple Support article for a list of Device Enrollment enabled resellers, note that even if your reseller is not listed that they may still be able to add your devices

    If your devices are already set up, and not available to you in Apple Business Manager, then adding them through the Kandji enrollment portal is a breeze.

    1. Navigate to Add Devices in the left-hand navigation bar.
    2. When the Enrollment Portal is set to active you will have a custom Enrollment Portal Link you can provide to your user so they can enroll their devices.
    3. Provide the user the custom Enrollment Portal Link and the Enrollment Code for the blueprint you wish to enroll their device in.