Kandji Blog | Apple Device Management

Recent News

The Future of Scoping: Assignment Maps Explained

Kandji’s latest Demo Day focused on Assignment Maps, a different approach to Blueprints, which make it easier to assign apps, configurations, and settings to your Apple devices. In this article, we’ll review topics covered in …

Threat Intelligence

PasivRobber: Chinese Spyware or Security Tool?

On March 13, 2025, our team found a suspicious mach-O file on Virustotal named wsus. After our initial analysis of this file and the package which installed it, we discovered over 20 related binaries used …

Recent News

Survey Results: The Top Content and Communities for IT & Security Pros

Are you curious where your peers get updates on the latest IT and security news? Or maybe you have an inside scoop on a resource or conference that deserves more recognition? We were curious, too …

Threat Intelligence

Caught in the WebKit: Getting Tangled with CVE-2025-24201

Web browsers are the gateway to the internet, a ubiquitous fixture of every enterprise device—making them a critical point of exposure. When managing your fleet you may ask: Are we aware of the vulnerabilities affecting …

Recent News

Demo Day Recap: Automating Device Management & Security with Kandji

Welcome to the recap of our first Kandji Demo Day, a new series designed to go deep into the features, workflows, and security capabilities of the Kandji platform. Whether you're already a customer or just …

Product Update

Universal Search & A New Paradigm for Enterprise IT Products

In the world of enterprise software, we've long equated complexity with capability. The more buttons, toggles, and configuration screens a product has, the more powerful it must be—or so conventional wisdom suggests. But as AI …

Recent News

Kandji Continues Global Expansion with New East Coast Headquarters in Miami

Today we are officially announcing the opening of our new East Coast headquarters to further our global scaling efforts, attract world-class talent, and support rapid customer growth. Our new East Coast headquarters in Miami is …

Product Update

Kandji Introduces Device Management for Apple Vision

As spatial computing with Apple’s Vision Pro transforms the enterprise landscape, IT teams face new challenges in managing and securing Apple Vision devices. Today, we're excited to announce Device Management for Vision, bringing Vision device …

Threat Intelligence

Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 3

Over the past two parts of this series, we’ve explored vulnerabilities in macOS’s diskarbitrationd daemon. In part 1, we explored how an attacker could use it to escape the sandbox or escalate privileges. In part …

Threat Intelligence

DPRK DriverEasy & ChromeUpdate Deep Dive

Over the last few months, several Swift applications have been attributed to the North Korea Contagious Interview effort. These applications are presented to victims as part of a fake job interview process. SentinelOne recently published …

Product Update

Vulnerability Management: First Unified Platform to Detect & Remediate on Mac

With attackers exploiting vulnerabilities three times more frequently than last year, managing vulnerabilities across a Mac fleet requires comprehensive visibility and timely action. Today, the Kandji team is excited to announce Kandji Vulnerability Management, which …

Threat Intelligence

Banshee Rust Rewrite?

Infostealers targeting macOS are evolving rapidly, making continuous monitoring essential, which our team is always on the lookout for. Many infostealers share similar behaviors aimed at exfiltrating data from compromised systems. In fact, these similarities …

Threat Intelligence

Potential Stealer: Purrglar in Progress

Unlike traditional viruses or ransomware, stealers are designed with a singular purpose: to quietly infiltrate systems and exfiltrate sensitive data—often without the victim even realizing it. These malicious programs are highly focused on gathering personal …

Recent News

How to Manage Activation Lock: A Guide for Apple Admins

Activation Lock is a theft-deterrent feature found in iOS and iPadOS devices and modern Mac computers (with the Apple T2 Security chip and Apple silicon). When such a device is attempted to be set up …

Product Update

Behavioral Detections: Kandji EDR's Latest Defense Update Against Threats

As attackers increasingly regard Mac computers as enterprise targets and evolve their attack methods, file-based malware detections can fall short in catching emerging and unknown threats. Sophisticated malware can evade these conventional security measures by …

Threat Intelligence

Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 2

Kandji's Threat Research team recently performed an audit on the macOS diskarbitrationd and storagekitd system daemons, uncovering several vulnerabilities. Our team reported all of them to Apple through their responsible disclosure program, and as these …

Recent News

Why You Need an MDM Solution that’s Built Specifically for Apple

Introduction The last decade has seen tremendous growth of Apple devices in the enterprise. It started with the popularity of the iPhone but then grew to include the much wider adoption of the Mac as …

Product Update

Manage Homebrew at Scale with New Workbrew Integration

Managing developer tools across a fleet of Mac devices presents unique challenges for IT teams. While tools like Homebrew are essential for developers, ensuring consistent deployment and maintaining visibility across an organization's devices has traditionally …

Product Update

Introducing In-House Apps and Web Clips: iPhone & iPad App Deployment

Whether you're managing devices for a retail operation, healthcare facility, or service organization, your teams need the right tools to get their work done. While the App Store is great for public apps, you often …

Threat Intelligence

Uncovering Apple Vulnerabilities: The diskarbitrationd and storagekitd Audit Story Part 1

The Kandji team is always looking out for how to help keep your devices secure. In line with that, our Threat Research team performed an audit on the macOS diskarbitrationd and storagekitd system daemons, uncovering …

Recent News

Apple in the Enterprise: 2024's Latest Trends

While cyberattacks continue to rise, the majority of IT professionals (72%) believe that Apple products are more secure than other end-user devices, according to new survey data. Despite growing threats, the security benefits of Apple …

Threat Intelligence

It’s About The Journey: Fake Cloudflare Authenticator

In order to provide the best possible coverage for Kandji EDR, the threat intelligence team conducts threat hunts across various different data feeds. On October 15th, 2024 we came across a suspicious-looking file on VirusTotal …

Threat Intelligence

Another PDF Viewer - Is It Malicious?

For security researchers, sometimes spending time reversing a potential suspicious file does not result in it being malicious. There is always something to learn from these efforts, and sometimes they can result in an interesting …

Recent News

How to Level Up Your Security Education Program

Educating end-users is a core responsibility for security teams. Not only are such education programs required by compliance regimes, but they’re also one of the most effective ways to actually maintain security: Users are now …

Product Update

Kandji Announces Kai: Artificial Intelligence for Device Management

Kandji has just released Kai, our new AI-powered assistant for Apple device management. Kai allows admins to quickly gain insights into the state of their Apple device fleets using simple, natural-language queries. Kai does so …

Product Update

New Integration Uses Kandji Data for Microsoft Device Compliance

We’ve developed a new integration that allows Kandji customers to use their Kandji device data in Microsoft conditional access policies. That means admins can now control access to organization resources based on whether or not …

Product Update

Kandji Announces Day 1 Support for Apple’s New OSes

Apple has released its latest generation of operating systems—macOS Sequoia, iOS and iPadOS 18 and tvOS 18—and Kandji is ready for all of them. Right now, on Day 1 of their release, you can deploy …

Recent News

Migrating MDM on iOS and iPadOS Using Return to Service

When you’re migrating from one MDM solution to another, you have to move the devices you’re managing with you. They need to be enrolled in that new solution so you can manage them. On Mac, …

Threat Intelligence

TodoSwift Disguises Malware Download Behind Bitcoin PDF

A signed file named TodoTasks was uploaded to VirusTotal on 2024-07-24. This application shares several behaviors with malware we’ve seen that originated in North Korea (DPRK)—specifically the threat actor known as BlueNoroff—such as KandyKorn and …

Threat Intelligence

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

On July 29, @4n6Bexaminer tweeted about a new macOS stealer. Moments later, Hunt.io tweeted about the same new malware and then released a blog post about it on July 30. That post focused primarily on …

Product Update

Update Only Mode for Auto Apps: A New Way to Patch Mac Software

Kandji’s Auto Apps let IT teams distribute Mac software titles—nearly 200 and counting—either by deploying them automatically to endpoints or by letting users install them as they wish via Kandji’s Self Service. We’re now adding …

Recent News

Apple Intelligence: What Mac Admins Need to Know

One of Apple’s biggest announcements at this year’s WWDC was about the upcoming release of what the company calls Apple Intelligence. But, this being Apple, it wasn’t just a jumping-on-the-bandwagon announcement about AI. Rather, it’s …

Recent News

Apple's Next Operating Systems: How and Why to Test Them Now

We say it every year at this time: Now that Apple’s Apple’s beta software programs for its next operating systems are open (this year, that includes macOS Sequoia, iOS and iPadOS 18, watchOS 11, and …

Recent News

How to Make Device Management Work for End Users

There’s no question that modern device management is a boon to IT teams. It simplifies and centralizes the way you deploy operating systems, apps, and settings on the devices your organization relies on to get …

Threat Intelligence

Dock Tile Plugins Could Be Used to Escalate Privileges

I recently came across a persistence feature in macOS that's tied to Dock tile plugins. Dock tiles are the small icons that appear on your Dock when an application runs. Plugins for these Dock tiles …

Recent News

Kandji Raises $100 Million in Funding to Advance Apple in the Enterprise

Kandji has raised $100 million in capital from General Catalyst, with $50 million allocated to equity financing for its Series D and $50 million for go-to-market investment. This latest round brings Kandji’s valuation to $850 …

Recent News

By the Numbers: Enforcing Password Policies on Apple Devices

IT admins naturally care about the passcodes their users choose to unlock their Apple devices. That’s partly because the passcode is one of the first and best lines of defense for those devices. But it's …

Product Update

Kandji Releases Tags for Creating Device Groups on the Fly

We’ve added a new way to group devices in Kandji: tags. You can now define device groups in Kandji based on the tags that you apply to them. Among other applications, you can use tags …

Recent News

WWDC 2024: What Apple Admins Need to Know

WWDC 2024 has concluded, so we now have the road map to new features coming to Apple's software platforms for the rest of 2024. While much of the show coverage focused on Apple’s efforts to …

Threat Intelligence

How Twitch Helper Can Be Used for Privilege Escalation

Privileged helpers are bits of software that assist applications by running elevated privileged actions separate from the app itself. XPC is Apple’s interprocess communication mechanism that makes this possible. To date, however, Apple has not …

Product Update

Assignment Maps: The Revolutionary New Way to Manage Apple Devices

Today, Kandji is excited to introduce Assignment Maps—an entirely new way to manage and secure fleets of Apple devices. They're highly visual, highly flexible, and will give admins incredible control over how the Apple devices …

Threat Intelligence

Update: Cuckoo Malware Evolves

Since our initial report about the Cuckoo malware, there have been some updates to its functionality and infection vector that we wanted to let the Apple security community know about. In a recent blog post, …

Threat Intelligence

How Malware Can Bypass Transparency Consent and Control (CVE-2023-40424)

CVE-2023-40424 is a vulnerability that allows a root-level user to create a new user with a custom Transparency Consent and Control (TCC) database in macOS, which can then be used to access other users’ private …

Recent News

How MDM Can Help You Achieve ISO 27001 Compliance

ISO 27001 is a compliance standard that defines in general terms what a good information security management system (ISMS) should do. Such systems protect the security, availability, and confidentiality of an organization’s information assets through …

Product Update

Kandji Joins Amazon Web Services ISV Program

We’re excited to announce that Kandji has joined the Amazon Web Services (AWS) ISV Accelerate Program. That means Kandji has met that program’s stringent requirements for best practices in SaaS and opens up new opportunities …

Product Update

Kandji Packages: Create and Update Custom Apps via API

In Kandji, you can deploy custom apps—software you want your users to have but isn’t available as one of Kandji’s Auto Apps or from the Mac App Store—using our Custom App Library Item. In concrete …

Threat Intelligence

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its …

Recent News

To Improve IT Efficiency, Consider New KPIs

How efficient is your IT team? Historically, that’s been a straightforward question, with an equally straightforward answer: You look at the number of help-desk tickets they receive in a given time period, count the number …

Recent News

How to Add Devices to Apple Business Manager Using Apple Configurator

Before mobile device management solutions for Apple devices—such as Kandji—were common, there was Apple Configurator. Organizations used the Mac app to manage iPad and iPhone devices. It required a multitude of cables—and often a customized …

Threat Intelligence

CloudChat Infostealer: How It Works, What It Does

On April 3, 2024, we came across an undetected file that had been uploaded to the online virus-checker VirusTotal that day named Clip. Right off the bat, we noticed that the file had some red …

Recent News

Home Screen Layout: When and How to Use It

Just over eight years ago, at its 2016 spring media event, Apple made a batch of product announcements, including the brand new iPhone SE and iPad Pro. The company also announced the upcoming release of …

Threat Intelligence

How Apple Mitigates Vulnerabilities in Installer Scripts

Vulnerabilities are hot topics inside the world of security research and—because of their potentially dramatic impacts—outside as well. Unfortunately, the strategies and tactics that companies like Apple take to prevent specific vulnerabilities—or even entire families …

Product Update

Kandji's Integration with ServiceNow Streamlines Asset Management

ServiceNow is a giant in the field of enterprise resource management. While its primary focus was initially on streamlining IT ticketing, the company has evolved to automate all kinds of business processes—HR, security, customer support, …

Recent News

Deploying Adobe Creative Cloud: Choosing the Right Path

For Apple IT teams with MDM tools, deploying applications to users is a familiar and relatively straightforward process. Depending on the app and the MDM solution, it could mean deploying titles from the macOS App …

Threat Intelligence

How AMOS macOS Stealer Avoids Detection

Atomic macOS Stealer (AMOS) was first spotted in early 2023. It's a powerful piece of malware that targets Apple users and tricks them into installing the software on their computers. The malware is sold via …

Recent News

Managing iCloud Access: What You Can (and Can't) Do

Apple IDs have long been integral to the Mac, iPhone, and iPad experience. People are accustomed to using them to sign in to services on their Apple devices—whether those devices are personal or professional. However, …

Product Update

Kandji Prism Gives Admins Quick Visibility into Apple Device Fleets

As someone who manages Apple devices in the enterprise, you need to know that the end-state you want for those devices is indeed being enforced. And you probably need to produce reports about the state …

Recent News

Cyber Liability Insurance, EDR, and MDM

Ask business leaders what they’re most worried about this year (as commercial insurer Allianz does annually), and their most common reply is now ransomware, data breaches, and other cyber threats. Those concerns aren’t unwarranted. According …

Recent News

How and Why You Should Audit Your Organization's Tech Stack

At some point in your career as a Mac admin, you’ll have to audit your organization’s tech stack. Your org might perform such audits on a regular schedule or whenever major software contracts are up …

Recent News

Configuring Mac Settings: MDM, Configuration Profiles, or Scripting?

When it comes to managing Mac computers, there are several ways IT teams can configure their settings remotely. The first and best way is to use an MDM solution (such as Kandji). If your MDM …

Recent News

Guide for Apple IT: Introduction to Mac Shell Scripts

With computers, there are usually multiple ways to perform a given task. On Mac, the most obvious and most common way is through the graphical user interface (GUI) using a keyboard, mouse, or trackpad. But …

Recent News

Mac Evaluation Utility: What It's Good For, How to Use It

The Mac Evaluation Utility (MEU) started out as an informal collection of scripts that Apple engineers and consultants would use to evaluate client environments, to see if they were ready for the deployment of Apple …

Recent News

2024: Top Tech Trends for Mac Admins

IT teams can sometimes get so focused on what needs to be done right now that they forget to keep an eye on what's headed their way. We don’t have any special crystal balls, of …

Product Update

Kandji Earns ISO 27001 Certification

To earn the internationally recognized ISO 27001 certification, a company must demonstrate a commitment to implementing an information security management system (ISMS) followed by a rigorous two-stage audit. That’s why we’re so proud to announce …

Recent News

Key to Successful MDM Migration: Enlisting Users

Migrating from one MDM solution to another can be a huge win not only for an Apple IT team but for its organization as a whole. That move can unlock efficiencies, reduce costs, and improve …

Product Update

Kandji Boosts iOS, iPadOS Support with Home Screen Layout

As an Apple admin, there are times you need to manage the Home Screen on your organization’s iOS and iPadOS devices. Perhaps you deploy iPad as a kiosk in retail stores or as a dedicated …

Recent News

Apple IT Training and Certification: What You Need to Know

Back in May 2022, Apple announced a new series of online IT training and certification programs. These programs follow three tracks: Apple Device Support, Apple Deployment and Management, and Apple Business Essentials. The first is …

Product Update

Kandji Adopts Declarative Device Management for OS Updates

Just two weeks ago, we announced the second generation of Kandji’s Managed OS, which rebuilt the core architecture of Managed OS to optimize performance and reliability. We were—and are—justifiably proud of that announcement. Today, we’re …

Recent News

What Mac Security Researchers Actually Do

The biggest challenge faced by Mac security researchers today: Too many people still subscribe to the idea that Mac systems are impervious to security threats. That was the top takeaway from a conversation I recently …

Recent News

Apple IT Essentials: PKGs and Software Deployment

Packages are structured files, denoted by a .pkg or .mpkg file extension, used to carry installable software. They can contain app and software components, scripts, receipts, and other metadata necessary to install, update, or remove …

Product Update

Kandji Announces the Next Generation of Managed OS

Maintaining control over which operating systems are installed on which devices, and then keeping those OSes up to date, is a core responsibility for any Apple admin. Keeping operating systems updated protects against security threats, …

Product Update

Kandji Is Now Available in AWS Marketplace

Kandji is now available for purchase in the AWS Marketplace, the digital catalog for customers of Amazon Web Services (AWS). With thousands of listings from independent vendors, AWS Marketplace makes it easy for those customers …

Recent News

Managing Mac Printing: What Admins Need to Know

Despite the rise of paperless and remote offices, managing printers is still a thing, something Mac admins must deal with every day. If your organization has just one printer that everybody prints to, managing that …

Recent News

Calculating the True Cost of Apple Device Management

How much does it cost your organization to manage its Apple devices? Put another way, how much value does your device management system deliver? The answer to those questions depends on more than just the …

Recent News

Why Return to Service Could Be a Game-Changer for Apple IT

Apple's new Return to Service feature—which Kandji now supports—is a boon to you as an admin because it solves several specific problems that had previously demanded onerous manual interventions. It'll save you time on resetting …

Product Update

Kandji Introduces Enhanced Controls for External Storage Volumes

When your organization audits security, does it include removable storage in that assessment? If not, it should: According to one survey, while 87 percent of companies still use USB drives, less than half of them …

Recent News

Four Signs It's Time to Switch MDM Solutions

It isn’t that difficult to know when you need to change your current MDM solution. The most prominent sign? You dread making any changes—small or large—to the macOS, iOS, iPadOS, or tvOS devices you’re managing …

Product Update

Kandji Introduces Support for Platform SSO

We’ve added a new section to our Single Sign-On Extension Library Item: Platform SSO. But this is one Kandji feature that’s built as much for the future as it is for the present. Let us …

Recent News

How Apple Admins Name the Devices They Manage

For some Apple admins, device names are crucial to their workflows. It’s the fundamental way they identify specific devices for remote management and in-person service. Admins also build workflows—often involving APIs—using the name as a …

Recent News

How to Become a Mac Security Researcher

Though macOS has often been touted as being more secure than other operating systems, it's not immune to threats. That, and the Mac’s growing market share in the enterprise, are two reasons why there’s a …

Product Update

Kandji Supports macOS Sonoma

Kandji is pleased to announce its support for macOS Sonoma. One major result of that support: You can now require that FileVault be enabled during Automated Device Enrollment. FileVault and Automated Device Enrollment For a …

Product Update

Kandji Supports iOS, iPadOS, and tvOS 17

Kandji is pleased to announce its support for iOS, iPadOS, and tvOS 17. The highlight: a new Return to Service workflow. Return to Service Kandji’s new Return to Service workflow is going to make life …

Product Update

Manage iPad and iPhone Wallpaper with New Kandji Library Item

Since their launches in 2007 and 2010 (respectively), iPhone and iPad have been adopted for an ever-expanding variety of business uses. While they’ve both been used for general-purpose communications and productivity, they’ve also proven useful …

Recent News

How to Execute a Successful MDM Migration on Mac

Switching from one MDM solution to another on a Mac fleet is no trivial undertaking. There are many moving parts to coordinate, and failure to think it all through could render your fleet unprotected at …

Recent News

The Evolution of Managed Apple IDs

Anyone who manages Apple devices has had at least some contact with Managed Apple IDs. Like personal Apple IDs, the managed kind can be used to access Apple devices and services. But unlike personal IDs, …

Recent News

AI and Cybersecurity: What You Need to Know

While artificial intelligence (AI) could be a world-changing technology, we’ve also seen some dire warnings about the dangers it might pose. Regardless of what you think about those warnings, as an Apple admin you do …

Recent News

Survey: Why Apple Is Booming in the Enterprise

Apple’s remarkable rise in the enterprise continues: In a survey of IT leaders in organizations with 1,000 or more employees, 76 percent said that the use of Apple devices in their companies increased over the …

Recent News

How to Offboard Apple Devices: From Recycling to Resale

There’s a lot of information available to Apple admins about the best ways to onboard devices and deploy them to users. We’ve got Automated Device Enrollment, zero-touch deployment, and other workflows that help at the …

Recent News

How Integrating EDR with MDM Boosts Mac Endpoint Security

We’ve talked before about why endpoint detection and response matters and about how important it is for you, as an Apple admin, to have a security solution in place for the devices you manage. You …

Recent News

Why Endpoint Detection and Response (EDR) Matters

As director of security and compliance at Neural Payments, David Patrick knows he can’t be complacent about the Apple endpoints in his care. “Previously, we could just say, ‘It's an Apple device, there is no …

Recent News

Secure Token, Bootstrap Token, and Mac Security: How They Fit Together

It’s been more than five years since Apple introduced the concept of secure token in macOS. But for many Mac admins, that technology can still be a source of some confusion. It doesn’t help that, …

Recent News

Guide for Apple IT: Zero-Touch Deployment for Mac

As an Apple admin, setting up new devices for end users became trickier in the last couple of years. With so many employees suddenly working outside the office, the workflows for equipping them with Apple …

Recent News

Guide for Apple IT: Identity and Single Sign-On (SSO)

The goal is straightforward. You want a system that will let your users present their credentials once and then have access to everything they need: their user accounts on computers, phones, or tablets; native applications …

Recent News

Mac Endpoint Security: What Apple Admins Need to Know

Mac administration is always evolving. One example of that evolution: Many Mac admins these days are being asked to at least help manage the security of their Mac fleets. That, in turn, means they need …

Recent News

Declarative Device Management Coming to Software Updates, Security

When Apple first introduced declarative device management (DDM) in 2021, the company dubbed the new framework “the future of device management.” DDM improves on traditional MDM by pushing much of the responsibility for device management …

Product Update

Kandji Integration Streamlines Implementation of Okta Device Trust

Now that working from anywhere on any device is the new norm, it has become increasingly imperative to prove that endpoint devices accessing corporate apps and resources are secure. This is where Kandji's new integration …

Recent News

WWDC 2023: Changes Coming to Apple Device Enrollment

Device enrollment—how you actually get a new (or not-so-new) device under management—is one of the standout features of Apple’s device management ecosystem. For new devices purchased through Apple itself or an authorized retailer, the process …

Recent News

WWDC 2023: The Future of Apple Device Management

In case you hadn’t heard, Apple is holding its annual Worldwide Developers Conference this week. While the Vision Pro headset and other consumer-oriented hardware got most of the attention, Apple also made some announcements of …

Product Update

Kandji Extends Declarative Device Management to All Eligible Devices

Kandji has started to gradually turn on Declarative Device Management (DDM) for all eligible Apple devices currently under management. We will also be enabling it on devices as they become eligible. We will keep doing …

Recent News

macOS Security Features: A Guide for Apple IT

Apple uses a layered approach system to protect Mac users against malware. The three layers are: Prevent the launch or execution of malware; Block malware from running on customer systems; and Remediate malware that has …

Recent News

App Distribution Guide: Deploying Apps on Apple Devices

Deploying apps to Apple devices is a fundamental job for any admin, but it isn’t a trivial one. That’s because there are several pathways to acquiring those apps, and you need to figure out which …

Recent News

How-To Guide: Changing and Resetting Mac Passwords

When was the last time you or someone in your organization needed their Mac password to be something different than what it previously was? There are two ways to do that: change or reset. But …

Recent News

Mac Shell Scripts: Tips for Apple Admins

Shell scripts are indispensable for managing Mac computers. That makes shell scripting a vital skill for Mac admins. If you're one of them, chances are you already know at least the rudiments of scripting. But …

Recent News

Git, Github, and Version Control: What Apple Admins Need to Know

Chances are your IT team has a library of shared files that you all use and, more importantly, that you all edit. That library might include shell scripts you deploy to new Mac computers that …

Recent News

Guide for Apple IT: Endpoint Detection and Response (EDR)

Mac malware has been around as long as the Mac itself. But historically, the problem received little attention from Apple and its customers. That neglect was largely benign because, while Mac malware did exist, it …

Product Update

Menu Bar App Now Makes Installing, Updating Software Easier

We’ve updated the Kandji menu bar app to make it more useful for users and admins alike. The new interface gives end-users easier access to the Kandji Self Service app and provides a clearer view …

Product Update

Kandji Announces Endpoint Detection & Response

Kandji today announced the general availability of Kandji Endpoint Detection & Response. With this launch, Kandji is continuing to empower enterprise IT and security teams to keep every Apple user secure and productive using connected …

Product Update

Kandji Expands Support for Declarative Device Management

Kandji now uses Declarative Device Management (DDM) status reports to track operating system versions and iOS app installations. In our initial launch of support for DDM for supervised devices, we updated our Passcode Library Item …

Recent News

Guide for Apple IT: Leveraging MDM to Enable Remote Work

When more companies began letting their employees work from home a few years ago, device security and productivity became more important than ever for IT. Beyond just figuring out how to make sure remote team …

Recent News

Device Management Solutions Explained: MDM vs EMM vs UEM

The IT world loves its three-letter acronyms. As part of that world, Apple device management is no different. If you deploy and manage fleets of Mac computers and iPhone or iPad devices for an organization, …

Recent News

Binding to Active Directory: Consider the Alternatives

Not too long ago, binding Mac computers to Active Directory (or other directory services) was standard practice in Apple device management. At the time, keeping domain and certificate services onsite was the only option, and …

Recent News

How to Troubleshoot APNs

Not long ago, a Kandji customer reached out because they’d received a notification that they needed to renew their certificate for the Apple Push Notification Service (APNs). But when they tried to do so, they …

Recent News

APIs and Apple Device Management: A Guide for Mac Admins (Part 2)

A while back, we offered up an introductory tutorial on APIs and how they’re used in the context of managing Apple devices. Apple admins use APIs all the time, whether they know it or not …

Product Update

Kandji Passport Now Supports Google Workspace as Identity Provider

Passport now supports Google Workspace. That means you can give your Mac users a login experience that feels native to their Mac yet leverages their Google credentials. They get more secure logins, with just one …

Recent News

Federated Authentication in Apple Business Manager

If your business is using Microsoft Azure Active Directory (Azure AD) or Google Workspace as your identity provider (IdP), then you can use federated authentication to connect your instance with Apple Business Manager. This is …

Recent News

Okta Report: Kandji Is the Fastest Growing Business App

Okta’s annual Businesses at Work report provides an in-depth look into the applications that workforces around the world are using to stay productive. More than 17,000 Okta customers were surveyed for this year's study. And …

Recent News

Guide for Apple IT: Apple Business Manager

Apple Business Manager is a critical tool for anyone who manages Apple devices. It provides a critical link between your Apple device management solution and your devices, enabling things like Automated Device Enrollment (ADE). Add …

Recent News

Guide for Apple IT: Managed Apple Accounts

Managed Apple Accounts are Apple Accounts (formerly Apple IDs) that your organization owns, controls, and assigns to users. Like any Apple Account, Managed Apple Accounts can be used to sign in to devices and services …

Product Update

Bookmarks Let Admins Share Links in Kandji Self Service

We’ve added a new Bookmarks Library Item that lets you give your users easy access to your organization’s resources. You do so by configuring that Library Item with links to your organization’s resources. Those links …

Recent News

Zero Trust Security: What Mac Admins Need to Know

Back in the day, organizational security was built around the idea of a firewall: The security system blocked access to resources within the organization from external bad actors. Originally, that paradigm was literal: You established …

Recent News

Guide for Apple IT: Managing FileVault

Securing sensitive company data is one of the top priorities for any IT department. For businesses that run on Apple, FileVault is an essential tool for Mac security. By encrypting all of the information on …

Recent News

Reasons to Use Apple Business Manager

Apple Business Manager is a free service provided by Apple that allows organizations to manage three things: devices, apps, and accounts. Simply put, if your organization owns Apple devices, you should be using Apple Business …

Recent News

Why Self-Service Is the Smart Way to Do IT

In the old days, IT was very top-down: Users had to call the IT department for help with everything from a busted keyboard to installing a new version of Word. In time, an admin would …

Product Update

Kandji Support Expands to 24 Hours a Day

Kandji is excited to announce an important update to our standard support hours, which will now provide Kandji customers across the globe even more access to the Kandji Support team. Kandji Support has officially been …

Recent News

Apple Device Supervision: What It Does, How to Implement It

If you manage Apple devices, "supervision" is one of the most important concepts you need to understand. It's often confused with management, but the two terms do not mean the same thing. In this article, …

Recent News

Mac Malware Persistence: What It Is, How It's Achieved

When it comes to Mac malware, IT and security staff are well aware of the most common infection vectors: malicious emails or attachments, Trojanized applications, or attackers leveraging both known and unknown exploits. Apple consistently …

Product Update

New Assignment Rules Make Kandji Blueprints Smarter

Back in September, Kandji introduced assignment rules. These rules took a core component of Kandji device management—Blueprints—and made them even smarter. We’ve now dramatically expanded the scope of what assignment rules can do and how …

Recent News

Provisioning and Deployment: What They Are, How They Differ

Provisioning and deployment: A lot of the time, people who work in or around IT use the two terms interchangeably. But they don’t mean the same thing. At a high level, provisioning is the act …

Product Update

Lost Mode: Track Missing Devices, Protect User Privacy

Organizations that manage iPhone and iPad fleets need a scalable, centrally-managed way to track lost devices, but they don’t want to compromise their users’ privacy. Kandji’s new Lost Mode gives them a way to accomplish …

Recent News

802.1X Enterprise Wi-Fi Authentication: What Mac Admins Need to Know

Most people—even some admins—don’t think twice about logging into the office Wi-Fi network. Typically, they just supply a username and password, their Apple devices log in, and they never think about what just happened. But …

Recent News

Kandji Product Engineers: The Apps We're Grateful For

Like the Mac admins they work with, Kandji’s product engineers have to deal with a lot of everyday computing chores—tracking projects, doing presentations, recording screens, processing text, and so on—in addition to their more specialized …

Product Update

Enable Faster Mac Software Updates with Auto Apps

Kandji admins can now set shorter enforcement timeframes for automatically updating apps from the Kandji Auto App catalog. Prior to this latest release, Kandji admins could choose patching deadlines from one week to three months …

Recent News

How to Plan a Large-Scale Deployment of Apple Devices

A few months ago, we told you about how you—as an IT admin in the enterprise—can think about the mass deployment of Apple devices. Our main point then: When it comes to deploying hundreds or …

Recent News

macOS Ventura: Bringing Transparency to Login and Background Items

For years now, many Mac apps have been installing components that launch automatically at login and/or that run in the background. It’s always been hard for users to keep track of these surreptitious bits of …

Product Update

Kandji Announces Support for Declarative Device Management

Today Kandji is announcing first-in-the-market support for active Declarative Device Management (DDM) for supervised devices. Not only has Kandji enabled DDM, but we also support actively managing configuration declarations—one of the core technologies that powers …

Product Update

Announcing Kandji’s Integration with Microsoft Teams

Today, Kandji is excited to announce our integration with Teams, Microsoft's video conferencing, messaging, and all-around collaboration platform. Using the new Teams integration, Kandji customers can connect to their Teams account, create notifications, and manage …

Recent News

macOS Ventura: How to Defer the OS Upgrade

With the release of macOS Ventura, many Apple admins may be wondering about how to defer upgrades to the new OS. As a Mac IT person, you may not want everyone in your organization to …

Product Update

Announcing Same-Day Support for macOS Ventura and iPadOS 16

Today, Kandji is pleased to announce same-day support for Apple’s latest operating system releases: macOS Ventura and iPadOS 16. (iOS 16 and tvOS 16 were released on September 12; Kandji supported all applicable functionality in …

Product Update

Kandji Announces New Device Harmony Platform, Tears Down the Wall Between IT and InfoSec to Keep Enterprise Apple Users Secure and Productive

Kandji, today announced its revolutionary new Device Harmony platform, which tears down the wall between enterprise IT and InfoSec teams, so they can truly work together to keep every Apple user secure and productive. “Historically, …

Recent News

Guide for Apple IT: Mercenary Spyware and Lockdown Mode

Although Apple designs security into its hardware, software, and services, Apple devices are not immune to malware and unwanted software installation. According to Malwarebytes’ 2022 Threat Review, the vast majority of malware detections on Apple …

Recent News

Mac Troubleshooting: Our Top Tips

At some point in your IT career, you’ve no doubt spent a good chunk of your time stationed on the help desk, fielding questions from users and helping them troubleshoot their Mac computers. During that …

Product Update

Introducing Assignment Rules

Blueprints are the cornerstone of Kandji’s device management platform. They streamline how you organize configurations and software and continually enforce parameters for managed devices. And now, we’ve made Blueprints smarter with assignment rules. These rules …

Recent News

Announcing Support for iOS 16 and tvOS 16

Today, Apple released iOS 16 and tvOS 16 to the public. We’ve thoroughly tested all Kandji services with iOS 16 and tvOS 16 including enrollment, payload and restrictions deployment, Self Service and more. We are …

Recent News

Mac Virtualization: Why Recent Changes Are Good for Apple IT

At a high level, virtualization allows you to run multiple operating systems on a single computer; those multiple instances are called virtual machines, or “VMs” for short. Apple silicon and macOS make virtualization possible on …

Product Update

Introducing Managed OS for iOS, iPadOS, and tvOS

Kandji has new Managed OS Library Items for iOS, iPadOS, and tvOS. This expanded operating system support is now available to all customers. Managed OS enables administrators to automate operating system updates, even major OS …

Recent News

How to Set Up and Manage an iPad Kiosk

The primary function of Apple devices in an organization is, of course, to provide computing and communications for individual users. But that’s not the only purpose they can serve. One of the most common alternatives: …

Product Update

Passport Adds Multifactor Authentication for Tighter Login Security

Last year, Kandji introduced Passport, which makes the login process easier for end users by letting them sign in to their local device accounts with the same single sign-on credentials they use with their organizations' …

Recent News

Choosing the Right Way to Change Device Management on iOS and iPadOS

Switching your organization from one mobile device management solution to another is not a trivial undertaking. It can be a substantial project requiring careful planning and detailed execution. But if your current MDM solution isn’t …

Recent News

Why In-App Purchases Don't Work for the Enterprise

Dear Apple software developer, I’m writing today as just one of the thousands of Apple device administrators worldwide who work in institutions large and small, in education and enterprise. I wanted to talk to you …

Recent News

How to Build Your Own Universal Installer for Mac Apps

The job of installing apps on your organization’s Mac computers—one of the most fundamental responsibilities for any Apple admin—is complicated by the fact that there are still two different Mac processor types in use: Intel …

Recent News

Microsoft Conditional Access: How to Enforce It with Certificates

Organizations can use a variety of signals when making decisions about allowing access to enterprise resources. Relying solely on authentication via password isn’t enough: According to data from Webtribunal, 50 percent of people use the …

Product Update

AD CS Integration Empowers Apple Admins Who Rely on Active Directory

One common way to authenticate a user’s identity is with username and password credentials. Another, especially in enterprise environments, is with Public Key Infrastructure (PKI) certificates (also known simply as digital certificates). Active Directory Certificate …

Product Update

User-Facing Text Now Follows Local Language Settings

For Apple IT teams whose end-users speak languages other than English, Kandji now supports localized languages in the macOS menu bar item, in the Self Service app (for macOS, iOS, and iPadOS), and in the …

Recent News

Behind the Curtain: Managing Software Updates with MDM

Over the past several years, Apple has made a number of deep platform changes to both macOS and Mac hardware that have resulted in enormous shifts in how Mac computers are deployed and managed. Among …

Recent News

Managed Mac Computers: Local IT Admin Accounts, Yes or No?

For IT teams deploying Mac computers, the question is: To create local IT admin accounts on those computers or not? To be clear on what we’re talking about: A local IT admin account is a …

Product Update

New Kandji Connector with Okta Workflows Enables No-Code Automations

In Apple device management, automation is everything. The more of your work that you can automate via scripts, APIs, and other tools, the less you have to do manually and the more time you have …

Recent News

iPad as Primary Work Device: Why Apple Admins Should Support It

For many years, if employees were given a choice in the kind of digital device they’d use for work, it was usually a binary one: Mac or PC. But IT teams now frequently get requests …

Recent News

WWDC 2022: The Top 10 Announcements for Apple Admins

Last week’s WWDC included nearly 200 sessions. Most of them focused on topics of interest primarily to developers (rightly enough), but many had announcements of interest to Apple admins as well. If you weren’t able …

Recent News

WWDC 2022: Apple Advances Declarative Device Management

Last year, at WWDC 2021, Apple introduced a new concept for Apple admins: Dubbed declarative device management (a.k.a. declarative MDM), it was an evolutionary advance of the MDM protocol. The declarative model is designed to …

Product Update

Updated Wi-Fi Library Item Enhances Support for Enterprise Security

As workers return to the office, managing their access to company Wi-Fi is once again top-of-mind for many Mac admins. It’s been top of mind for Kandji, too: We’ve updated and expanded our Wi-Fi Library …

Recent News

WWDC 2022: How Apple Plans to Make True Single Sign-On a Reality

For Mac admins, single sign-on (SSO) sounds like a great idea. In that ideal world, a user would turn on their Mac computer, sign in with their credentials, and then—with that one sign-in—have access to …

Recent News

Deploying Apple Devices: What Enterprises Can Learn from Education

When you think of mass deployments of Apple devices, you might typically think of schools. IT admins who work in education know all about deploying hundreds, if not thousands, of devices at once and what …

Product Update

Create Multiple Instances of Auto Apps and Managed OSes

Kandji makes it simple to configure and deliver applications and operating systems to end-user devices. You just select the appropriate Auto App or Managed OS Library Item, set it up the way you want, then …

Recent News

Certificates and Device Management: A Guide for Mac Admins

On the Internet, nobody knows who you are–only who you say you are. Our digital interactions happen on servers and devices, with people we may never see in person. So how do we know that …

Recent News

What the Mac Has Learned About Security from iPhone and iPad

Mac users have long enjoyed the platform’s open approach to computing. There was an exposed file system, no limitations on how many apps you could run at once, and scripts that took action when triggered …

Recent News

APIs and Apple Device Management: A Guide for Mac Admins

Application programming interfaces—better known as APIs—make it possible for one service to talk to another without needing to know how the other one works. They create a common language that disparate services can use to …

Recent News

How to Troubleshoot Apple Business Manager

Maybe a batch of new iPhone devices you just bought aren’t showing up in Apple Business Manager. Or licenses you recently purchased from Apps and Books can’t be found in your device management solution. Or …

Product Update

New Recovery Password Library Item Thwarts Unauthorized Startups

Kandji's new Recovery Password Library Item allows you to configure and apply recovery passwords (to Mac computers with Apple silicon) and EFI firmware passwords (for Intel-based Mac computers), in order to protect against unauthorized startup …

Recent News

The Great Debate: Should You Set Up Users as Admin or Standard?

What kind of accounts should you create when you provision Mac computers for your users: admin or standard? It’s an age-old question in Apple IT. It’s an argument that pulls on many threads, including user …

Recent News

Mac Logging and the log Command: A Guide for Apple Admins

As an IT admin, you’ve almost certainly had to check some form of log when investigating a problem. Logs tell the story of what’s happening on a system, so they can be enormously helpful in …

Product Update

PacketFence Integration with Kandji Bolsters Network Security

Kandji now integrates with PacketFence, the free, open-source network access control (NAC) solution that allows admins to effectively secure networks of all sizes. The integration ensures that the Kandji Agent is installed properly on devices …

Recent News

How Mac Admins Are Managing the Hybrid Workplace

Two years ago, IT departments all over the world got a crash course in managing remote workforces. Mac admins had to quickly figure out how to keep employees equipped, connected, and secure, regardless of where …

Product Update

New Option Gives Admins Finer Control Over Auto App Notifications

We’ve updated Auto Apps to give admins greater control over the notifications those apps generate for users. In the configuration module for a given Auto App, you’ll see a new Notifications section. When the toggle …

Recent News

Guide for Apple IT: Mac Patch Management

It’s one thing for a Mac admin to distribute apps to users. It’s another thing to make sure those apps stay up to date. Patch management isn’t just about making sure your users have the …

Recent News

Guide for Apple IT: App Deployment for macOS

Distributing and managing apps is one of a Mac admin’s core responsibilities. Apple makes this relatively easy for some apps, thanks to Apple Business Manager's Apps and Books feature. Unfortunately, not every business app an …

Product Update

Foqal's Kandji Integration Feeds Device Details to Support Tickets, Slack

Kandji now integrates with Foqal Agent, the service-desk and automation tool that lets IT admins use Slack to create support tickets—either in Foqal’s ticketing system or another. Foqal uses its Kandji integration to display device …

Product Update

New Integrations Interface Streamlines Connecting to Third-Party Services

Kandji has completely revamped the Integrations section of our web app. That section, where you configure the integration of third-party apps and services with Kandji, has been moved out of Settings to a section of …

Recent News

Apple Removing Python 2.7: What Admins Need to Know and Do

It shouldn’t surprise anyone that Apple is removing Python 2.7 from the upcoming macOS 12.3 release: As far back as 2019, the company said it was deprecating the scripting and programming language and that Python …

Recent News

How to Be an IT Hero: Creating the Best User Experience

At the end of the day, what is a Mac admin’s primary responsibility? To deliver hardware? To maintain security? To just keep the trains running? Some would argue that the real goal is to keep …

Recent News

Hybrid Workplace Boosts Demand for Apple Devices Among UK Businesses

Last year, Kandji commissioned a survey to find out how IT admins and leaders in the United States were dealing with the new hybrid workplace—in which some employees work remotely, some are in the office, …

Product Update

Drata Integration with Kandji Automates Mac Security Monitoring

Drata is a fast-growing SaaS company that provides seamless compliance with SOC 2, ISO 27001, PCI DSS, and HIPAA, by automating the process of collecting evidence across an organization’s tech stack. That evidence allows companies …

Recent News

How to Achieve Your Desired End-State Through Auto-Remediation

How do you want the devices you manage to be configured? What settings do you want to be enforced, which apps do you want to be installed, how often should the OS be updated—in other …

Product Update

Introducing Compliance Integration with Secureframe

Kandji is excited to announce our integration with Secureframe. Information about devices in your Kandji instance can be pulled into Secureframe to inform SOC 2, ISO 27001, and HIPAA security controls and to simplify audit …

Product Update

Trusona Partners with Kandji to Bring Multifactor Authentication to Mac

Kandji is pleased to announce our partnership with Trusona. You can now use Kandji to deploy Trusona’s multifactor authentication (MFA) solution for Mac computers at scale. Trusona’s MFA solution for macOS (which requires macOS 1014 …

Recent News

Guide for Apple IT: macOS System and Kernel Extensions

Back in 2019, at its Worldwide Developers Conference (WWDC), Apple announced some major changes to the way software developers would be able to interact with macOS. Specifically, the company said that kernel extensions (kexts) would …

Product Update

Introducing Improved Control over Software Updates

Kandji is pleased to announce an update to our Software Update Library Item, as well as two new Auto Apps. Software Update Library Item The Software Update Library Item has been updated to provide more …

Recent News

Why IT Should Be Transparent with Users

Let’s be honest: Sometimes there’s a trust gap between IT and end-users. Admins may promulgate a policy without explaining the “why” behind it. Users may then try to circumvent or disregard that policy. And back …

Product Update

Introducing Self Service for iOS and iPadOS

We are pleased to announce a new version of our Self Service app for Apple's mobile platforms. The Kandji Self Service app for macOS has long provided an easy way for users to download software …

Product Update

Introducing Expanded Customer Support Hours and New Auto Apps

Kandji is pleased to announce newly expanded hours for customer support, as well as a slew of recently added Auto Apps. New Support Hours Kandji’s support hours have expanded: You can now reach a live …

Recent News

Protect Your Data: Control What Users Can Copy/Paste

Back at WWDC 2021 in June, Apple announced a slew of exciting changes that are coming to device management, from declarative MDM to erase all content and settings for Mac. With the arrival of iOS …

Product Update

Introducing Improvements to Managed Open In and Restrictions Profiles

Kandji is excited to announce the release of a new Library Item that will give Apple admins finer control over data flows on iOS and iPadOS devices, as well as updates to Restrictions profiles. Both …

Recent News

Lessons from 1,000 Migrations: How to Switch Device-Management Solutions

If you manage Apple devices, sooner or later you’ll consider the question: Should we switch from our current device-management solution to another? That question immediately leads to a host of others, and pretty soon the …

Recent News

Single Sign-on with SAML: How and Why to Set It Up

Weak and forgotten passwords have always been a sore spot for IT. Single sign-on (SSO) with SAML can ease that pain, by simplifying the login experience and enforcing secure authentication. In this article, we’ll provide …

Recent News

Kandji Raises $100 Million Series C to Advance Apple in the Enterprise

Kandji has announced that it has raised $100 million in Series C funding, at a nearly 10x increase in valuation since the company’s Series A funding round one year ago. This latest round was led …

Product Update

Kandji Passport Coordinates Local, Cloud Identities for Authentication

Today, Kandji announced the release of Passport, an authentication product that creates a seamless, one-password sign-in experience for users. Kandji Passport validates the credentials a user provides during Mac login against an organization’s cloud-based identity …

Recent News

All Posts