Kandji Overview

  • EF
  • CW

by Gwynn Clark

Kandji is the Apple endpoint security platform. With Kandji, devices transform themselves into enterprise-ready endpoints, equipped with proactive threat protection and the right apps and settings.

Through advanced automation and thoughtful experiences, Kandji delivers much-needed harmony to the way IT and InfoSec teams keep their organizations secure and productive.

Kandji’s products include:

For more information, see our Device Requirements and Access to Kandji Support articles.

Kandji has two primary components: the Kandji web app and its proprietary macOS Agent. The web app configures, reviews, and reports settings on enrolled devices. The Kandji Agent enforces settings, remediates discrepancies, and reports data back to the web app.

  • Specify and configure Library Items, Assignment Maps, and Classic Blueprints

  • Review automatically generated alerts when action is required

  • View details about enrolled devices

  • Switch devices from one Blueprint to another

  • Regularly checks in with Kandji servers

  • Verifies Parameters

  • Remediates any Parameters that do not match the Blueprint configuration

  • Reports enrollments, check-ins, and remediations to the Kandji web app

  • Runs the last Blueprint configuration received if the Mac is offline

The Library inside your Kandji account is where you can curate, create, and select items that can be added to Assignment Maps and Classic Blueprints. The Library interface allows you to filter items by section or device type, search for specific items, and add new items.

  • Auto Apps - Pre-packaged, hosted, and automatically patched apps according to your chosen enforcement policy

  • Enrollment Configurations - Configure the behavior of Automated Device Enrollment, Liftoff, and Passport

  • Managed OS - Manage your fleet's operating system versions

  • Apps & Books Apps - Apps from the macOS and iOS App Store can be added to Kandji and managed through the Library

  • Custom Apps - Upload custom apps through installer packages, disk images, or ZIP files

  • Custom Scripts - Run any script supported by macOS, with options for continuous or one-time execution

  • Accessory & Storage Access - Define access privileges and controls for external storage volumes, server volumes, and DMG file types on Mac computers

  • Endpoint Detection and Reponse (EDR) - Configure and deploy settings for malware and PUP detection and quarantine

Kandji's Assignment Maps are a powerful new feature designed to streamline the configuration and management of Apple devices. This feature allows IT administrators to visually define and manage the deployment of apps and configurations to devices, ensuring clarity and minimizing conflicts.

  • Visual Definition - Assignment Maps clearly represent the deployment logic and assignment rules, making them easy to understand and manage

  • No-Code Interface - Kandji's intuitive, no-code interface allows for creating complex setups using an infinite canvas of conditional blocks and assignment nodes

  • Conflict Management - Assignment Maps are designed to handle conflicts gracefully, ensuring consistent and predictable results

  • Exclusive Device Assignments - Each device can belong to only one Assignment Map at a time, reducing the risk of conflicts or errors

  • Reusable Library Items - Library items can be used multiple times within an Assignment Map, with different rules applied as needed.

  • Nested Logic - Nested if/else logic allows for the intuitive modeling of complex configuration scenarios

  • Troubleshooting - Assignment Maps include tools for previewing and testing configurations against specific devices, providing complete visibility into each device's path to reach its end state

  • Blueprints are flexible and open to use however they best suit your company

  • You can use Blueprints to specify different Parameters for your organization's specific departments (Design, Finance, and so on)

  • You can also create Blueprints that adhere to specific compliance standards (such as CIS or HIPAA)

  • Parameters are settings built into all Blueprints that allow admins to set additional configurations for Mac computers beyond Apple's MDM framework

  • Every time the agent checks in, Parameters are re-evaluated and remediated where necessary.  If a remediation can't occur, an alert is triggered within the Kandji Web App

  • Items in Kandji can be configured to generate alerts for various events, such as available macOS updates or user accounts signed into iCloud. These alerts help administrators stay informed about the status and needs of their devices

  • View the entire history of actions taken on your fleet or a single device using the Activity page. Kandji keeps detailed records every time devices enroll, check-in, or are remediated

Ready to get started? Click here to request a demo.