Device Management for Apple
Utilize powerful, purpose-built tools to create an intuitive, streamlined experience for admins and users alike.
Set up and configure devices for new employees instantly and remotely, without IT having to physically touch the device.
The best employee experience
New employees can use their pre-configured devices right out of the box without a visit to IT.
With Liftoff, you can make a freshly unboxed Mac transform itself into an enterprise-ready computer, with all the right apps, settings, and security controls in place. Liftoff lets you show users what’s happening on that first startup and how soon they can get to work, while automating as much as possible for the admin.Learn More
Flexible device Blueprints
Organize devices based on team, department, or location. Drop a new device into a Blueprint to automatically assign the right apps, controls, and automations to that device.
Our enrollment portal makes it easy to import your users from G Suite or Microsoft 365 and invite them to enroll their own devices quickly and painlessly.
Lost Mode for iPhone and iPad
Kandji automatically puts devices back into Lost Mode if they are reset and alerts admins if they move over 50 meters.
Conditional logic for assignments
Apply an app or security control to only a subset of users within a Blueprint. Build conditional logic with user and group attributes from your identity provider, fine tuning which items are deployed to each device.
We’ve created an automated migration tool that seamlessly migrates large organizations off of legacy MDM providers, making it easier than ever before to transition to a modern platform.Learn More
Experience an unprecedented level of visibility. Oversee your entire fleet and keep tabs on all activity with detailed records, key updates, and an extensive log of remediations performed on each machine.
Empower users with a select library of apps, custom scripts to run, and links to resources. They can get what they need from a single source, without asking IT. Customize branding, labels, and categories to make it your own.
MDM alone simply isn’t enough. With Kandji, you get the best of both worlds — a reliable MDM plus a proprietary macOS agent that extends your capabilities beyond the expected.
Kandji is the only MDM that works around the clock to enforce compliance and remediate issues whether your Mac devices are online or off.
Automated macOS patch management is enabled by Kandji's Auto Apps, a library of applications that Kandji pre-packages, hosts, and automatically patches.See Auto Apps in Action
Auto Apps end user experience
All Auto Apps are fully enforced automatically with user-friendly prompts powered by the Kandji Agent.
Auto Apps admin experience
Choose whether you want app updates enforced automatically or manually, and add to the dock so it is easy for users to find.
App Store apps
Sync your App Store apps from Apple Business Manager (formerly the Volume Purchase Program, or VPP).
Ready to retire an app or want to block unauthorized apps? Application blocking is built right into Kandji, allowing you to restrict usage across your entire fleet with just a few clicks.
Easily upload and deploy custom apps by dragging and dropping a package (.pkg or .mpkg), Disk Image (copy .app from disk image to /Applications), or ZIP File (unzip contents into specified directory).
150+ pre-built automations
With the largest library of macOS security controls (over 150 and growing) you can toggle on with one click, Kandji empowers your IT team with the most control on the market.
Kandji's automation technology is covered by U.S. Patent 11,102,251. Additional patent pending.
Kandji’s advanced implementation of Profiles takes full advantage of Apple’s powerful MDM framework with Profiles such as Wi-Fi, Privacy, SSO, System Extensions, and much more.
In addition to our library of Profiles, you an also easily deploy any custom .mobileconfig file according to your needs.
Although we’ve containerized the most common policies with our Parameter library, we also support custom scripts for any unique device control needs.
mostCommonUser=$(/usr/bin/last -t console | /usr/bin/awk '!/_mbsetupuser|root|wtmp/' | /usr/bin/cut -d" " -f1 | /usr/bin/uniq -c | /usr/bin/sort -nr | /usr/bin/head -n1 | /usr/bin/grep -o '[a-zA-Z].*')
# search for brew command on the current system
# The below will find the brew path in either
# the Intel or Apple Silicon location
/opt -maxdepth 3 -name brew)"
if [ -z "$brew_path" ]; then
# If brew_path returns empty
echo "Brew is not yet installed..."
Kandji’s managed OS tool is redefining how admins enforce operating system updates across your environment. It is built into our platform (no scripting required), fully enforced, and supports both major and minor OS updates.
Global Profile Variables
Automatically input unique device details such as Asset Tag, Serial Number, User Email, and more into any profile text field.
Identity & Compliance
One-click compliance templates
Kandji makes it simple to implement specific compliance mandates, such as CIS or FedRAMP, using pre-built, one-click templates.Learn More About CIS Compliance
Always stay audit-ready and share detailed results with auditors. Prove compliance at a moment’s notice using read-only auditor access mode.
Kandji is the only MDM that works around the clock to enforce compliance and remediate issues whether your Macs are online or off.
Single sign-on (SSO)
SAML-based single sign-on (SSO) provides secure access for admins managing your devices with Kandji through an identity provider (IdP) of your choice.
Give your users a login experience that feels native to Mac and leverages their single sign-on credentials for a more secure login and just one password to remember.
Compliance control library
With Kandji, compliance is never an afterthought. Kandji is the only MDM with a pre-built library of security controls (over 150 and growing) that are ready to deploy using pre-built, one-click templates.
Templates for security best practices
Get started quickly by leveraging Kandji’s pre-built blueprints to deploy security and compliance best practices without having to start from scratch.
Alerts and logging
See a live stream of action on every machine in your fleet. Set up real-time alerts within Kandji or to Slack based on events you want to be notified of.
Keep your devices and data safe and sound. Easily enforce device encryption and remotely lock or wipe devices that have been lost or stolen.
You are not a ticket
Our support team looks at every question as a puzzle to unlock rather than a ticket to triage. By helping you test and validate solutions, we find the best answer, not just the fastest one.
”We chose Kandji for their security solution to efficiently manage a fleet of Apple MacBooks. We were able to quickly and significantly increase our security posture with minimal resources.”
”This tool was clearly designed from a Mac admin's point of view.”
”We're saving time managing our Apple fleet with Kandji's built-in automations.”
Request access to Kandji
Kandji’s Device Harmony™ platform brings IT and InfoSec together to keep every Apple user secure and productive. Test out the full suite of capabilities.Request Access