Learn how to interact with the Kandji Agent using its Command Line Interface (CLI)
While Kandji is primarily hands-off after it is installed on a Mac, a few Terminal commands are available.
Run
sudo kandji run
The agent will run and check-in immediately. Normally, the agent checks in every 15 minutes. Without an internet connection, the agent will run in offline mode.
sudo kandji run --reset-dailyAdding "--reset-daily" to the run command will run all parameters, including parameters that are only run once per day. For instance, if a parameter has already run earlier in the day, and only is enforced once a day
The -F option is deprecated and will be removed in a future release. Use the --reset-daily option to reset the daily execution schedule and immediately run slower blueprint parameter tasks (if any) that are normally scheduled to run every 24 hrs.
Run Daily MDM inventory update
sudo kandji update-mdm
The agent will request the MDM server to initiate its daily MDM commands such as validating Apps and Books from Apple Business Manager, as well as querying certain device information.
Collect Apps
sudo kandji collect-apps
Collects full application inventory from the Mac.
Run Library Items
sudo kandji library
Checks for Library items to execute.
Scriptable Option: Reboot
sudo kandji reboot --delaySeconds NumberOfSeconds
This option can be used in scripted workflows to easily force a reboot leveraging the Kandji Agent and Menu bar application, it is visually similar to the reboot forced during FileVault enablement or a Managed OS upgrade.
Initiates a restart by prompting the logged-in user with a countdown timer. If no delay is specified, the default 1800 (30 minutes) will be used. If no user is logged in, the delay will be ignored and the Mac will restart immediately.
Scriptable Option: Alert
sudo kandji display-alert [--title text] [--message text] [--icon path_to_image] [--suppression-key string] [--help-url url]
This option can be used in scripted workflows to easily present an alert to end users. This command has a multitude of options outlined below. All of the options below are optional.
| Option | Description | Default if not provided |
| --title | Allows for specifying a custom title for the alert window | "Alert" |
|
--message |
Allows for specifying a custom message for the alert window | No default value |
|
--icon |
Allows for specifying a custom icon for the alert window | KandjiAgent Icon |
|
--suppression-key |
If provided, will show an option to the end user "Do not show this message again" If this suppression key is provided in a future alert, and the user opted to not see it again, the alert will not be shown. |
No default value If no Supression Key is specified the "Do not show this message again" option is not displayed. |
| --help-url |
Allows for specifying a custom URL for the alert "help" button. Must be an https URL |
No default value If no URL is specified the help button is not displayed. |
Below is an example of the alert on macOS Big Sur
Version
sudo kandji version
Displays the installed Kandji Agent version.
Help
sudo kandji help
Displays help text.
Automated Device Enrollment NAG
sudo profiles -N
or (these commands perform the same function)
sudo profiles renew -type enrollment
Forces the Mac to check-in with Apple to determine if the device can be enrolled into MDM via Automated Device Enrollment. If it can, the Mac will prompt the end-user to enroll into your Kandji instance via a Notification Center alert like the one below.
-1.png)
In order for this command to work the device must be assigned to Kandji inside of Apple Business Manager and you must have a default blueprint configured.