Kandji Overview

Overview

Kandji is the Apple endpoint security platform. With Kandji, devices transform themselves into enterprise-ready endpoints, equipped with proactive threat protection and the right apps and settings.

Through advanced automation and thoughtful experiences, Kandji delivers much-needed harmony to the way IT and InfoSec teams keep their organizations secure and productive.

Kandji’s products include:

• Device Management (MDM) for Mac, iPhone, iPad, Apple TV, and Vision devices.

• Endpoint Detection and Reponse (EDR) for Mac

• Vulnerability Management for Mac

For more information, see our Device Requirements and Access to Kandji Support articles.

How it Works

Kandji has two primary components: the Kandji web app and its proprietary macOS Agent. The web app configures, reviews, and reports settings on enrolled devices. The Kandji Agent enforces settings, remediates discrepancies, and reports data back to the web app.

Web App

• Run reports to check device status, view remediation history, or troubleshoot issues

• Configure Library Items to be deployed to devices

• Use conditional logic in Assignment Maps to assign Library Items to devices

• Check security events in the threats view to review detected issues and take further action if needed

• Review Vulnerabilities view for vulnerabilities detected in apps installed on Mac computers

• Perform remote actions such as lock, wipe, enable Lost Mode, or reinstall agents

Agent

• Performs actions, such as remediating configuration drift, initiating software updates, and responding to threats

• Reports enrollments, check-ins, remediations, vulnerabilities, and threats to the Kandji web app

• Continuously enforces the latest Blueprint configuration received, even when the Mac is offline

Key Kandji Components

Library Items

The Library inside your Kandji account is where you can curate, create, and select items that can be added to Assignment Maps and Classic Blueprints. The Library interface allows you to filter items by section or device type, search for specific items, and add new items.

• Auto Apps - Pre-packaged, hosted, and automatically patched apps according to your chosen enforcement policy

• Enrollment Configurations - Configure the behavior of Automated Device Enrollment, Liftoff, and Passport

• Managed OS - Manage your fleet's operating system versions

• Apps & Books Apps - Apps from the macOS and iOS App Store can be added to Kandji and managed through the Library

• Custom Apps - Upload custom apps through installer packages, disk images, or ZIP files

• Custom Scripts - Run any script supported by macOS, with options for continuous or one-time execution

• Accessory & Storage Access - Define access privileges and controls for external storage volumes, server volumes, and DMG file types on Mac computers

• Endpoint Detection and Reponse (EDR) - Configure and deploy settings for malware and PUP detection and quarantine

Assignment Maps

Kandji's Assignment Maps are a powerful new feature designed to streamline the configuration and management of Apple devices. This feature allows IT administrators to visually define and manage the deployment of apps and configurations to devices, ensuring clarity and minimizing conflicts.

• Visual Definition - Assignment Maps clearly represent the deployment logic and assignment rules, making them easy to understand and manage

• No-Code Interface - Kandji's intuitive, no-code interface allows for creating complex setups using an infinite canvas of conditional blocks and assignment nodes

• Conflict Management - Assignment Maps are designed to handle conflicts gracefully, ensuring consistent and predictable results

• Exclusive Device Assignments - Each device can belong to only one Assignment Map at a time, reducing the risk of conflicts or errors

• Reusable Library Items - Library items can be used multiple times within an Assignment Map, with different rules applied as needed.

• Nested Logic - Nested if/else logic allows for the intuitive modeling of complex configuration scenarios

• Troubleshooting - Assignment Maps include tools for previewing and testing configurations against specific devices, providing complete visibility into each device's path to reach its end state

Parameters

• Parameters are settings built into all Blueprints that allow admins to set additional configurations for Mac computers beyond Apple's MDM framework

• Every time the agent checks in, Parameters are re-evaluated and remediated where necessary.  If a remediation can't occur, an alert is triggered within the Kandji Web App

Alerts

• Items in Kandji can be configured to generate alerts for various events, such as available macOS updates or user accounts signed into iCloud. These alerts help administrators stay informed about the status and needs of their devices

Activity

• View the entire history of actions taken on your fleet or a single device using the Activity page. Kandji keeps detailed records every time devices enroll, check-in, or are remediated

Ready to get started? Click here to request a demo.