macOS Check-In

Learn how and when macOS devices Check-in with Kandji and Apple services

How instant is MDM communication?

MDM servers send a special type of notification to the Apple Push Notification service to request managed devices to "Check-in" with their MDM server. As part of APNs, Apple devices are constantly polling APNs for Notifications. This results in near-instant management of online devices; as such, there is no defined "Check-in" time for MDM commands.

Check-in type and frequency for macOS devices

Learn about the different types of check-in operations macOS devices perform with Kandji. 

Recurring Check-In

• Frequency: This Check-in event automatically happens every 15 Minutes
• Mechanism: Kandji Agent
• Description:
  • Checks for and installs any available updates for the Kandji Agent. 
  • Executes and enforces Blueprint parameters
  • Installs any pending library items, in this order of operations:
    • Custom Scripts
      • Timeout: 1 hour per item
    • Custom Printers
      • Timeout: 3 Hours per item
    • Custom Apps
      • Timeout: 12 Hours (global limit)
    • Auto Apps
      • Timeout: 6 Hours per item
    • Managed OS
      • Timeout: 12 Hours (global limit)

Note that the library items above are run in this specific order of operations. Items within each library item type are run alphanumerically, with those in uppercase coming before those in lowercase .
The above timeout values are the maximum amount of time each library item is allowed to install/run before the process is terminated.

Additionally, there is a global timeout value of 12 hours for a single run. Custom Apps and Apps and Books (VPP) install's initiated from Self Service respect this global limit. 

How can I force Recurring Check-in?

• To force Recurring Check-in, run the following command in Terminal:

  sudo kandji run

Daily Check-In

• Frequency: This Check-in event automatically happens every 24 Hours
• Mechanism: Kandji Agent
• Description:
  • All recurring Check-in items
  • Daily Items, such as:
    • Custom Scripts
    • Custom Compliance Scripts
    • Blueprint Parameters
      • Secure home folders
      • Check Applications folder for appropriate permissions
      • Check System folder for world writable files
      • Ensure time is within appropriate limits
  • Collects and submits daily computer information to your Kandji instance, such as:
    • Application inventory

How can I force Daily Check-in?

• To force Daily Check-in, run the following command in Terminal:

  sudo kandji run --reset-daily

MDM Daily Check-In 

Frequency: This Check-in event automatically happens once every 24 hours

Mechanism: APNs / MDM Framework

Description: This Check-in is a combination of the following MDM Commands, which are automatically initiated by Kandji to update device information:

• ProfileList
• InstalledApplicationsList
• SecurityInfo
• CertificateList
• AvaliableOSUpdates
• DeviceInformation

How can I force MDM Daily Check-in?

• To force the daily MDM commands, run the following command in Terminal:

  sudo kandji update-mdm

MDM Commands & Profiles

• Frequency: Instant Mechanism: APNs / MDM Framework Description:
  • Any MDM command such as:
    • Wipe Device
    • Blank Push
    • Delete User 
    • Set Device Name 
    • Unlock User Account
    • Lock Device
    • InstallApplication (VPP/Apps and Books)
  • Any MDM delivered profile such as:
    • Any Profile deployed via a Library Item.
• How can I force MDM Commands & Profiles Check-in
  • Not applicable for this type of Check-in.