Skip to content

Apple MDM tools supported by Kandji

Apple Business Manager

Apple Business Manager is a foundational tool for businesses that want to utilize mobile device management (MDM) on their fleet. With Apple Business Manager, you can automate MDM enrollment and simplify initial device setup without touching or preparing the devices before users get them physically. It lets you automatically enroll devices into your MDM solution of choice as long as the device has been added to your organization at the time of purchase—either by buying from Apple or a participating Apple Authorized Reseller or carrier or through Apple Configurator. Apple Business Manager integrates with MDM solutions such as Kandji to automate device enrollment, enforce settings via configuration profiles, and distribute apps and content.

Automated Device Enrollment

Automated Device Enrollment enables zero-touch deployment of corporate-owned Apple devices, allowing organizations to send devices directly to users without pre-configuring them. Automated Device Enrollment enrolls devices into MDM, so they can receive apps and settings defined by your organization, resulting in a streamlined user setup experience. As a result, Automated Device Enrollment is an essential solution for organizations that want to deploy iOS and iPadOS devices with minimal effort.

Apps and Books

The Apps and Books feature of Apple Business Manager streamlines purchasing and distributing apps and content in an organization. Companies can use Apps and Books to purchase iOS and iPadOS apps from the App Store in bulk, then assign them to iPhone and iPad devices using an MDM solution. With Kandji, tracking which apps are installed on which devices is easy.

Configuration Profiles

Configuration profiles enforce settings, accounts, restrictions, and credentials on Apple devices. Kandji can create and manage configuration profiles pushed to your fleet, making it easier to quickly configure large numbers of iOS and iPadOS devices without connecting to each one individually. For example, you can create profiles that automatically configure iPhone or iPad restrictions and settings for things like passcode policy, Wi-Fi, and VPN. You can also prevent data from being transferred between personal apps and work apps.

Why Use Kandji to Manage iOS and iPadOS Devices?

Kandji manages all your devices throughout their lifecycle. Tight integrations with Apple and elegant design provide a user experience that matches what you expect when working on iPhone and iPad.

Zero-touch deployment

Kandji's zero-touch deployment feature streamlines the enrollment process for businesses using Apple devices. When companies purchase a new mobile device from Apple or an Apple Authorized Reseller, it automatically enrolls in Kandji. In addition, Kandji can validate user information with your identity provider (IdP), to ensure that only authorized users can enroll. Kandji has integrations with IdP solutions including Azure AD, Okta, OneLogin, and Google Workspace. Zero-touch deployment is vital for admins and IT teams managing employees in remote work or hybrid settings.

Read more

iOS and iPadOS Update and Upgrade Management

Managed OS by Kandji manages OS updates for you. It enforces both major upgrades and minor updates through native prompts. As a result, you don’t have to worry about whether or not teams are running the correct OS version on their devices. You choose between enforcing minimum versions or the latest version with an automatic enforcement deadline. With Kandji, you can be confident that your iPhone and iPad fleet is always up-to-date.

Read more

Find Lost Devices

Mobile devices are at risk of being lost or stolen. Lost Mode allows them to be tracked down and returned to use while securing corporate data on the device. Lost Mode provides admins with information on device location while respecting user privacy.

Read more

Secure Off-boarding

Kandji makes it easy to off-board users who are no longer with your organization or who need to move to a new device. With Kandji’s MDM capabilities, you can remotely lock and wipe an iPhone or iPad, erase all its contents and settings, and have it ready for its new owner with a fresh install of the OS.

Read more

The Most Loved Device Management for Fast Growing Companies

Kandji is award-winning software for innovative leaders who run on Apple.

Apple es

Supporting BYOD and Company-Owned Devices

A modern hybrid workforce means devices might be at home, in the office, or somewhere in between. Businesses have to think about managing devices regardless of their geographic location. Furthermore, users increasingly want to use devices they are already familiar with—including the ones they own. Kandji helps protect company data on company-owned devices and those owned by users.


Employees use their personal iPhone or iPad devices for work. These devices can be enrolled into MDM by the user.


Companies provide their new hires with an iPhone or iPad device for work use. These devices can automatically enroll into MDM at setup.

Syndio logo

Syndio Frees up 600 Hours a Year on Device Management

Read how Syndio optimized app patching and compliance to free up time for other projects, like converting to a zero-touch deployment model.

Read the story
Background Blue waves

Manage and secure your Apple devices at scale.


Yes, Kandji integrates with Apple Business Manager to enable streamlined management of iPhone and iPad.

For information on the latest iOS versions Kandji supports, visit our support page.

Kandji uses Apple’s MDM framework to upgrade or update end-user operating systems. Whether you’re upgrading to a major OS or updating to a minor OS version, users will receive the same great experience.

Unified endpoint management (UEM) is a management solution designed to work with a wide range of platforms, including Windows, Android, and Apple. UEM is challenging because these various platforms have different release cycles, provisioning systems, and deployment and management methods. UEM systems are architected in a way that serves all platforms but doesn't necessarily use the complete feature set that each provides. Conversely, MDM solutions focus on specific platforms. Kandji utilizes Apple’s MDM framework to configure and update Apple devices. Read more about MDM, EMM, and UEM solutions here.

Kandji can ensure that data stored on the device is encrypted for all Apple devices. If the device is lost or stolen, an attacker won't be able to access the data without a passcode. The data is automatically obliterated after a number of failed login attempts. You can disallow iCloud backups, so users can't restore backups that contain corporate data to personal devices. And for iOS and iPadOS devices, you can restrict corporate data to being used only by apps installed by Kandji.

With Kandji, you can completely block the App Store and still install apps, including those licensed using Apps and Books in Apple Business Manager, or your own in-house apps. Many companies choose to allow the use of the App Store but restrict the ability to share corporate data with apps that were not deployed by MDM.

Yes, VPN clients and configurations can be deployed to Apple devices.

Kandji has a robust set of pre-built Library Items for managing devices that automatically create the necessary configuration profiles, so you don't need to create them manually. You can also upload custom configuration profiles to deploy to your devices.

Kandji supports the management of all Apple operating systems, including macOS, iOS, iPadOS, and tvOS.

Yes, Kandji can manage tvOS.

Apple designed iOS, iPadOS, and tvOS so they can be managed exclusively using the MDM framework. This provides powerful and robust management for these platforms. macOS also supports the MDM framework, but may require additional management outside that framework’s scope. For that reason, Kandji provides admins not only with capabilities supported by the MDM framework, but also with additional management for macOS using the Kandji Agent. Apple continues to evolve the MDM framework to support additional capabilities. As it does so, Kandji will continue to migrate features from the Kandji Agent to the MDM framework as they become available from Apple.

Yes. In Apple Business Manager or Apple School Manager, configure the device to be required to enroll in Kandji. (You can even configure Apple Business Manager or Apple School Manager to automatically require all new devices your organization purchases to be enrolled in Kandji.) When a user turns on the new device and connects it to the internet, the Setup Assistant on the device will display the Remote Management screen. The user can't use the device until they continue with Setup Assistant and allow the device to enroll in Kandji automatically. You can optionally configure Kandji to require user authentication using credentials from your organization's identity provider (IdP) before the device is allowed to enroll.

Apple or an Apple Authorized Reseller can automatically add those devices to your Apple Business Manager instance when you purchase your devices. You can then automatically assign those devices to your MDM or manually assign them in the Apple Business Manager interface. When a user turns on the new device and connects it to the internet, a Remote Management screen prompts them to enroll in Kandji. The user must continue enrolling into Kandji before the device becomes usable.

Yes, Kandji supports users enrolling devices through a secure web portal. Apple Business Manager can streamline enrollment into Kandji, but it is not required. To add Mac computers to Apple Business Manager after purchase, use Apple Configurator for iPhone. Add iPhone, iPad, and Apple TV devices to Apple Business Manager using Apple Configurator 2. Apple requires that Mac systems and Apple devices added to Apple Business Manager after the time of purchase are erased and that they have not been provisioned.

Kandji uses the MDM framework to collect information from iOS, iPadOS, and tvOS devices. This includes the installed configuration profiles, apps, and certificates. Kandji will also show admins available OS updates, security information such as passcode compliance, and information about the device itself like serial number or battery health. All of this information provides admins with powerful insights while protecting user privacy.