Complete Apple MDM Solution for macOS, iOS, and iPadOS
Utilize powerful, purpose-built tools for seamless Apple device management at scale.
Comprehensive Apple Device Control
Zero-touch deployment
Set up and configure Apple devices for new employees instantly and remotely, without IT having to physically touch the device.
The best employee experience
New employees can use their pre-configured devices right out of the box without a visit to IT.
Liftoff
With Liftoff, you can make a freshly unboxed Mac transform itself into an enterprise-ready computer, with all the right apps, settings, and security controls in place. Liftoff lets you show users what’s happening on that first startup and how soon they can get to work, while automating as much as possible for the admin.
Learn MoreAssignment Maps
Build profiles from a canvas of conditional blocks in an intuitive visual interface. Mix and match apps and settings to create the right configuration for every device. Automatically assign the right apps, controls and automations for granular scoping with zero conflicts and full clarity.
Learn MoreFlexible device Blueprints
Organize devices based on team, department, or location. Drop a new device into a Blueprint to automatically assign the right apps, controls, and automations to that device.
User-initiated enrollment
Our enrollment portal makes it easy to import your users from G Suite or Microsoft 365 and invite them to enroll their own devices quickly and painlessly.
Lost Mode for iPhone and iPad
Kandji automatically puts devices back into Lost Mode if they are reset and alerts admins if they move over 50 meters.
Conditional logic for assignments
Apply an app or security control to only a subset of users within a Blueprint. Build conditional logic with user and group attributes from your identity provider, fine tuning which items are deployed to each device.
Automated migration
We’ve created an automated migration tool that seamlessly migrates large organizations off of legacy MDM providers, making it easier than ever before to transition to a modern platform.
Learn MoreMaximum visibility
Experience unprecedented visibility into the state of your Apple device fleet. Access up-to-date information about the state of your devices, see detailed logs of remediations, and the path each machine took to reach its current state.
Prism
Save time on compliance, incident investigation, and troubleshooting with instant reporting on the state of your Apple fleet.
Self Service
Empower users with a select library of apps, custom scripts to run, and links to resources. They can get what they need from a single source, without asking IT. Customize branding, labels, and categories to make it your own.
Apple MDM+
MDM alone simply isn’t enough. With Kandji, you get the best of both worlds — a reliable Apple MDM plus a proprietary macOS agent that extends your capabilities beyond the expected.
Offline mode
Kandji is the only Apple MDM that works around the clock to enforce compliance and remediate issues whether your Mac devices are online or off.
Auto Apps
Automated macOS patch management is enabled by Kandji's Auto Apps, a library of applications that Kandji pre-packages, hosts, and automatically patches.
See Auto Apps in ActionAuto Apps end user experience
All Auto Apps are fully enforced automatically with user-friendly prompts powered by the Kandji Agent.
Auto Apps admin experience
Choose whether you want app updates enforced automatically or manually, and add to the dock so it is easy for users to find.
App Store apps
Sync your App Store apps from Apple Business Manager (formerly the Volume Purchase Program, or VPP).
Application blocking
Ready to retire an app or want to block unauthorized apps? Application blocking is built right into Kandji, allowing you to restrict usage across your entire fleet with just a few clicks.
Custom Apps
Easily upload and deploy custom apps by dragging and dropping a package (.pkg or .mpkg), Disk Image (copy .app from disk image to /Applications), or ZIP File (unzip contents into specified directory).
Controls
150+ pre-built automations
With the largest library of macOS security controls (over 150 and growing) you can toggle on with one click, Kandji empowers your IT team with the most control on the market.
Kandji's technology is covered by U.S. and international patent(s).
Profiles
Kandji’s advanced implementation of Profiles takes full advantage of Apple’s powerful MDM framework with Profiles such as Wi-Fi, Privacy, SSO, System Extensions, and much more.
Custom Profiles
In addition to our library of Profiles, you an also easily deploy any custom .mobileconfig file according to your needs.
Custom scripts
Although we’ve containerized the most common policies with our Parameter library, we also support custom scripts for any unique device control needs.
mostCommonUser=$(/usr/bin/last -t console | /usr/bin/awk '!/_mbsetupuser|root|wtmp/' | /usr/bin/cut -d" " -f1 | /usr/bin/uniq -c | /usr/bin/sort -nr | /usr/bin/head -n1 | /usr/bin/grep -o '[a-zA-Z].*')
# search for brew command on the current system
# The below will find the brew path in either
# the Intel or Apple Silicon location
/opt -maxdepth 3 -name brew)"
if [ -z "$brew_path" ]; then
# If brew_path returns empty
echo "Brew is not yet installed..."
Managed OS
Kandji’s managed OS tool is redefining how admins enforce operating system updates across your environment. It is built into our platform (no scripting required), fully enforced, and supports both major and minor OS updates.
Global Profile Variables
Automatically input unique device details such as Asset Tag, Serial Number, User Email, and more into any profile text field.
Identity & Compliance
One-click compliance templates
Kandji makes it simple to implement specific compliance mandates, such as CIS or FedRAMP, using pre-built, one-click templates.
Learn More About CIS ComplianceAuditor access
Always stay audit-ready and share detailed results with auditors. Prove compliance at a moment’s notice using read-only auditor access mode.
Offline remediation
Kandji is the only Apple MDM that works around the clock to enforce compliance and remediate issues whether your Macs are online or off.
Single sign-on (SSO)
SAML-based single sign-on (SSO) provides secure access for admins managing your devices with Kandji through an identity provider (IdP) of your choice.
Passport
Give your users a login experience that feels native to Mac and leverages their single sign-on credentials for a more secure login and just one password to remember.
Templates for security best practices
Get started quickly by leveraging Kandji’s pre-built blueprints to deploy security and compliance best practices without having to start from scratch.
Alerts and logging
See a live stream of action on every machine in your fleet. Set up real-time alerts within Kandji or to Slack based on events you want to be notified of.
Effortless security
Keep your devices and data safe and sound. Easily enforce device encryption and remotely lock or wipe devices that have been lost or stolen.
You are not a ticket
Our support team looks at every question as a puzzle to unlock rather than a ticket to triage. By helping you test and validate solutions, we find the best answer, not just the fastest one.
Teams around the world trust Kandji
Category-leading brands across dozens of industries use Kandji to strengthen their infrastructure and steepen their growth trajectory.
”We chose Kandji for their security solution to efficiently manage a fleet of Apple MacBooks. We were able to quickly and significantly increase our security posture with minimal resources.”
”This tool was clearly designed from a Mac admin's point of view.”
”We're saving time managing our Apple fleet with Kandji's built-in automations.”