Learn how and when macOS devices Check-in with Kandji and Apple services
- How instant is MDM communication?
- Check-in type and frequency for macOS devices
- Force Check-in Using Self Service
- Recurring Check-In
- Daily Check-In
- MDM Daily Check-In
- MDM Commands & Profiles
How instant is MDM communication?
MDM servers send a special type of notification to the Apple Push Notification service to request managed devices to "Check-in" with their MDM server. As part of APNs, Apple devices are constantly polling APNs for Notifications. This results in near-instant management of online devices; as such, there is no defined "Check-in" time for MDM commands.
Check-in type and frequency for macOS devices
Learn about the different types of check-in operations macOS devices perform with Kandji.
Force Check-in Using Self Service
Using the Sync button in Self Service is the same as performing a Daily Check-in.
- Open the Self Service app.
- Navigate to the Device Info section.
- Click on the Sync button.
Recurring Check-In
- Frequency: This Check-in event automatically happens every 15 Minutes
- Mechanism: Kandji Agent
- Description:
- Checks for and installs any available updates for the Kandji Agent.
- Executes and enforces Blueprint parameters
- Installs any pending library items, in this order of operations:
- Custom Scripts
- Timeout: 1 hour per item
- Custom Printers
- Timeout: 3 Hours per item
- Custom Apps
- Timeout: 12 Hours (global limit)
- Auto Apps
- Timeout: 6 Hours per item
- Managed OS
- Timeout: 12 Hours (global limit)
- Custom Scripts
Note that the library items above are run in this specific order of operations. Items within each library item type are run alphanumerically, with those in uppercase coming before those in lowercase .The above timeout values are the maximum amount of time each library item is allowed to install/run before the process is terminated.
Additionally, there is a global timeout value of 12 hours for a single run. Custom Apps and Apps and Books (VPP) install's initiated from Self Service respect this global limit.
How can I force Recurring Check-in?
- To force a Recurring Check-in, run the following command in Terminal:
sudo kandji run
Daily Check-In
- Frequency: This Check-in event automatically happens every 24 Hours
- Mechanism: Kandji Agent
- Description:
- All recurring Check-in items
- Daily Items, such as:
- Custom Scripts
- Custom Compliance Scripts
- Blueprint Parameters
- Secure home folders
- Check Applications folder for appropriate permissions
- Check System folder for world writable files
- Ensure time is within appropriate limits
- Collects and submits daily computer information to your Kandji instance, such as:
- Application inventory
How can I force Daily Check-in?
- To force Daily Check-in, run the following command in Terminal:
sudo kandji run --reset-daily
MDM Daily Check-In
Frequency: This Check-in event automatically happens once every 24 hours
Mechanism: APNs / MDM Framework
Description: This Check-in is a combination of the following MDM Commands, which are automatically initiated by Kandji to update device information:
- ProfileList
- InstalledApplicationsList
- SecurityInfo
- CertificateList
- AvaliableOSUpdates
- DeviceInformation
How can I force MDM Daily Check-in?
- To force the daily MDM commands, run the following command in Terminal:
sudo kandji update-mdm
MDM Commands & Profiles
Frequency: Instant
Mechanism: APNs / MDM Framework
Description:
- Any MDM command such as:
- Wipe Device
- Blank Push
- Delete User
- Set Device Name
- Unlock User Account
- Lock Device
- InstallApplication (VPP/Apps and Books)
- Any MDM delivered profile such as:
- Any Profile deployed via a Library Item.
- How can I force MDM Commands & Profiles Check-in
- Not applicable for this type of Check-in.