Skip to content

Device Management for Apple

Utilize powerful, purpose-built tools to create an intuitive, streamlined experience for admins and users alike.

Automated app and OS updates
CIS compliance security templates
Zero-touch deployment
Request Access
remote management screenshot

Take a test run

Try our virtual demo, where our experts guide you through the top use cases and features.

Virtual Demo
Play Video


Zero-touch deployment

Set up and configure devices for new employees instantly and remotely, without IT having to physically touch the device.

zero-touch deployment screenshot

The best employee experience

New employees can use their pre-configured devices right out of the box without a visit to IT.

remote management screenshot
Icon for Liftoff


With Liftoff, you can make a freshly unboxed Mac transform itself into an enterprise-ready computer, with all the right apps, settings, and security controls in place. Liftoff lets you show users what’s happening on that first startup and how soon they can get to work, while automating as much as possible for the admin.

Learn More
Image of Setting up your Mac screen

Flexible device Blueprints

Organize devices based on team, department, or location. Drop a new device into a Blueprint to automatically assign the right apps, controls, and automations to that device.

Image of Blueprints screen
Image of user-initated enrollment

User-initiated enrollment

Our enrollment portal makes it easy to import your users from G Suite or Microsoft 365 and invite them to enroll their own devices quickly and painlessly.

Image of Lost Mode for iPhone and iPad Devices

Lost Mode for iPhone and iPad

Kandji automatically puts devices back into Lost Mode if they are reset and alerts admins if they move over 50 meters.

Conditional logic for assignments

Apply an app or security control to only a subset of users within a Blueprint. Build conditional logic with user and group attributes from your identity provider, fine tuning which items are deployed to each device.

Image of Conditional logic for assignments

Automated migration

We’ve created an automated migration tool that seamlessly migrates large organizations off of legacy MDM providers, making it easier than ever before to transition to a modern platform.

Learn More
Image of no action required prompt

Maximum visibility

Experience an unprecedented level of visibility. Oversee your entire fleet and keep tabs on all activity with detailed records, key updates, and an extensive log of remediations performed on each machine.

Assortment of application UI screenshots

Self Service

Empower users with a select library of apps, custom scripts to run, and links to resources. They can get what they need from a single source, without asking IT. Customize branding, labels, and categories to make it your own.

Image of Self Service


MDM alone simply isn’t enough. With Kandji, you get the best of both worlds — a reliable MDM plus a proprietary macOS agent that extends your capabilities beyond the expected.

No action required prompt

Offline mode

Kandji is the only MDM that works around the clock to enforce compliance and remediate issues whether your Mac devices are online or off.

MDM in offline mode

Get started

Get free demo
Optional 14-day trial


Auto Apps

Automated macOS patch management is enabled by Kandji's Auto Apps, a library of applications that Kandji pre-packages, hosts, and automatically patches.

See Auto Apps in Action
Automated patching

Auto Apps end user experience

All Auto Apps are fully enforced automatically with user-friendly prompts powered by the Kandji Agent.

Product shot

Auto Apps admin experience

Choose whether you want app updates enforced automatically or manually, and add to the dock so it is easy for users to find.

Product shot

App Store apps

Sync your App Store apps from Apple Business Manager (formerly the Volume Purchase Program, or VPP).

Product shot
Application blocking screenshot

Application blocking

Ready to retire an app or want to block unauthorized apps? Application blocking is built right into Kandji, allowing you to restrict usage across your entire fleet with just a few clicks.

Custom Apps

Easily upload and deploy custom apps by dragging and dropping a package (.pkg or .mpkg), Disk Image (copy .app from disk image to /Applications), or ZIP File (unzip contents into specified directory).

Pre-install and post-install scripts
Screenshot of various app screens


150+ pre-built automations

With the largest library of macOS security controls (over 150 and growing) you can toggle on with one click, Kandji empowers your IT team with the most control on the market.

Kandji's automation technology is covered by U.S. Patent 11,102,251. Additional patent pending.

Screenshot of various automations


Kandji’s advanced implementation of Profiles takes full advantage of Apple’s powerful MDM framework with Profiles such as Wi-Fi, Privacy, SSO, System Extensions, and much more.

Screenshot of various profiles

Custom Profiles

In addition to our library of Profiles, you an also easily deploy any custom .mobileconfig file according to your needs.

Screenshot of custom profile screen

Custom scripts

Although we’ve containerized the most common policies with our Parameter library, we also support custom scripts for any unique device control needs.

mostCommonUser=$(/usr/bin/last -t console | /usr/bin/awk '!/_mbsetupuser|root|wtmp/' | /usr/bin/cut -d" " -f1 | /usr/bin/uniq -c | /usr/bin/sort -nr | /usr/bin/head -n1 | /usr/bin/grep -o '[a-zA-Z].*')

# search for brew command on the current system
# The below will find the brew path in either
# the Intel or Apple Silicon location

Managed OS

Kandji’s managed OS tool is redefining how admins enforce operating system updates across your environment. It is built into our platform (no scripting required), fully enforced, and supports both major and minor OS updates.

Fully enforced
Major & minor updates
Option to delay
Learn More
Screenshot of macOS upgrade prompt

Global Profile Variables

Automatically input unique device details such as Asset Tag, Serial Number, User Email, and more into any profile text field.

Screenshot of global profile variables

Get started

Get free demo
Optional 14-day trial

Identity & Compliance

One-click compliance templates

Kandji makes it simple to implement specific compliance mandates, such as CIS or FedRAMP, using pre-built, one-click templates.

Learn More About CIS Compliance
Screenshot of CIS score

Auditor access

Always stay audit-ready and share detailed results with auditors. Prove compliance at a moment’s notice using read-only auditor access mode.

Screenshot of auditor access screen

Offline remediation

Kandji is the only MDM that works around the clock to enforce compliance and remediate issues whether your Macs are online or off.

Screenshot of offline remediation screen
Screenshot of SSO screen

Single sign-on (SSO)

SAML-based single sign-on (SSO) provides secure access for admins managing your devices with Kandji through an identity provider (IdP) of your choice.

Laptop showing sign on screen


Give your users a login experience that feels native to Mac and leverages their single sign-on credentials for a more secure login and just one password to remember.

Deploy in minutes
A native experience
Use with existing Mac accounts
Learn More

Compliance control library

With Kandji, compliance is never an afterthought. Kandji is the only MDM with a pre-built library of security controls (over 150 and growing) that are ready to deploy using pre-built, one-click templates.

Screenshot of compliance control library

Templates for security best practices

Get started quickly by leveraging Kandji’s pre-built blueprints to deploy security and compliance best practices without having to start from scratch.

Screenshot of templates for specific levels

Alerts and logging

See a live stream of action on every machine in your fleet. Set up real-time alerts within Kandji or to Slack based on events you want to be notified of.

Screenshot of templates for specific levels

Effortless security

Keep your devices and data safe and sound. Easily enforce device encryption and remotely lock or wipe devices that have been lost or stolen.

Screenshot of templates for specific levels

You are not a ticket

Our support team looks at every question as a puzzle to unlock rather than a ticket to triage. By helping you test and validate solutions, we find the best answer, not just the fastest one.

Teams around the world trust Kandji

Category-leading brands across dozens of industries use Kandji to strengthen their infrastructure and steepen their growth trajectory.

”We chose Kandji for their security solution to efficiently manage a fleet of Apple MacBooks. We were able to quickly and significantly increase our security posture with minimal resources.”

Headshot of Martin G.
Martin G.
Staff Dev-ops Engineer, Wisely

”This tool was clearly designed from a Mac admin's point of view.”

Headshot of Nicholas Mercurio
Nicholas Mercurio
Manager, IT & Security Operations, Fluent

”We're saving time managing our Apple fleet with Kandji's built-in automations.”

Headshot of Wilson Ho
Wilson Ho
Director of IT, Turo

Request access to Kandji

Kandji’s Device Harmony platform brings IT and InfoSec together to keep every Apple user secure and productive. Test out the full suite of capabilities.

Request Access