Learn how and when macOS devices Check-in with Kandji and Apple services
- How instant is MDM communication?
- Check-in type and frequency for macOS devices
- Force Check-in Using Self Service
- Recurring Check-In
- Daily Check-In
- MDM Daily Check-In
- MDM Commands & Profiles
How instant is MDM communication?
MDM servers send a special type of notification to the Apple Push Notification service to request managed devices to "Check-in" with their MDM server. As part of APNs, Apple devices are constantly polling APNs for Notifications. This results in near-instant management of online devices; as such, there is no defined "Check-in" time for MDM commands.
Check-in type and frequency for macOS devices
Learn about the different types of check-in operations macOS devices perform with Kandji.
Force Check-in Using Self Service
Using the Sync button in Self Service is the same as performing a Daily Check-in.
- Open the Self Service app.
- Navigate to the Device Info section.
- Click on the Sync button.
Recurring Check-In
- Frequency: This Check-in event automatically happens every 15 Minutes
- Mechanism: Kandji Agent
- Description:
- Checks for and installs any available updates for the Kandji Agent.
- Executes and enforces Blueprint parameters
- Installs any pending library items, in this order of operations:
- Custom Scripts
- Timeout: 1 hour per item
- Custom Printers
- Timeout: 3 Hours per item
- Custom Apps
- Timeout: 12 Hours (global limit)
- Auto Apps
- Timeout: 6 Hours per item
- Managed OS
- Timeout: 12 Hours (global limit)
- Custom Scripts
- Additional Info:
- The Library Items above are run in this specific order of operations.
- Items within each Library Item type are run alphanumerically, with uppercase letters coming before lowercase letters
- The above timeout values are the maximum amount of time each Library Item is allowed to install/run before the process is terminated
- There is a global timeout value of 12 hours for a single run. Custom Apps and Apps and Books installations initiated via Self Service respect this global limit.
How can I force Recurring Check-in?
- To force a Recurring Check-in, run the following command in Terminal:
sudo kandji run
Daily Check-In
- Frequency: This Check-in event automatically happens every 24 Hours
- Mechanism: Kandji Agent
- Description:
- All recurring Check-in items
- Daily Items, such as:
- Custom Scripts
- Custom Compliance Scripts
- Blueprint Parameters
- Secure home folders
- Check Applications folder for appropriate permissions
- Check System folder for world writable files
- Ensure time is within appropriate limits
- Collects and submits daily computer information to your Kandji tenant, such as:
- Application inventory
How can I force Daily Check-in?
- To force Daily Check-in, run the following command in Terminal:
sudo kandji run --reset-daily
MDM Daily Check-In
Frequency: This Check-in event automatically happens once every 24 hours
Mechanism: APNs / MDM Framework
Description: This Check-in is a combination of the following MDM Commands, which are automatically initiated by Kandji to update device information:
- ProfileList
- InstalledApplicationsList
- SecurityInfo
- CertificateList
- AvaliableOSUpdates
- DeviceInformation
How can I force MDM Daily Check-in?
- To force the daily MDM commands, run the following command in Terminal:
sudo kandji update-mdm
MDM Commands & Profiles
Frequency: Instant
Mechanism: APNs / MDM Framework
Description:
- Any MDM command such as:
- Wipe Device
- Blank Push
- Delete User
- Set Device Name
- Unlock User Account
- Lock Device
- InstallApplication (VPP/Apps and Books)
- Any MDM delivered profile such as:
- Any Profile deployed via a Library Item.
How can I force MDM Commands & Profiles Check-in
- Not applicable for this type of Check-in.