Learn about turning on Remote Desktop on Mac computers using Kandji
Using the Turn on Remote Desktop action in the device actions menu for eligible Mac computers sends an MDM command that turns on the ability to both observe and control the Mac for all local users on the Mac. This is the default configuration applied by macOS when it receives this MDM command from Kandji.
To more granularly customize permissions, the kickstart command-line utility included in macOS can be used and be deployed as a Custom Script.
For example, you can use the Audit Script available on the Kandji support GitHub repository to ensure Remote Desktop is configured more granularly.
And if not, you can use the Remediation Script available on the Kandji support GitHub repository to allow only a user with the username of "ladmin" to have full privileges. See the comments in the script for additional customization options, along with:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -h