Learn about the Kandji Agent Settings Profile that is automatically installed on enrolled Mac computers
The Kandji Agent Settings profile is an MDM configuration profile that is automatically installed on all Mac computers in your organization that are enrolled in Kandji. This profile helps ensure proper functionality of the Kandji agent, Self Service, Liftoff, Passport, and the new Kandji Extension Manager.
What it Allows
The Kandji Agent Settings Profile includes the following payloads:
Login and Background Items Management (Service Management)
For macOS Ventura and later, this payload ensures users can't prevent Kandji from loading at startup using System Settings.
This payload ensures the various Kandji apps can send notifications to the user.
Privacy Preferences Policy Control
This payload ensures Kandji has "Full Disk Access" to the Mac so that it can run custom scripts and install and update both custom and Auto Apps.
This payload ensures the Kandji ESF Extension installed with the Kandji Extension Manager (located in /Applications/Utilities/) can activate and deactivate itself without user approval. The Kandji ESF Extension is used for the App Blocking Parameter and replaces the older mechanism used for App Blocking. The Kandji ESF Extension is more efficient and prevents a blocked application from launching before the process is even able to execute any code as it is denied by the macOS kernel.
The custom payload in the Kandji Agent Settings profile of type io.kandji.extensions is used by the Kandji agent simply to know that it has received the newest version of the profile that supports allowing the Kandji ESF Extension.