- DATE:
- AUTHOR:
- The Kandji Team
Agent Update
ㅤ Kandji Agent Version - 3.5.1 (2270) : The Kandji Agent, specifically the parameter-agent has multiple improvements with this release: Performance improvements:
Running the agent with sudo kandji run will be noticeably quicker, especially in offline mode. This is achieved by various performance improvements throughout the parameter-agent.
This agent release adds support for running Parameters on macOS 12.3
Parameter Audit Improvements: Multiple parameters have been updated to provide more detailed audit logging on their current enforcement status:
Disable Remote Management reports access options checked per user in System Preferences. Disable Bluetooth Sharing reports what is being shared, what other devices can browse and modes of sharing.
Hot corner Parameters report what each corner is set with, per user.
Disable Media Auto Actions now reports what actions were enabled, including paths to custom scripts or applications set to launch on media insertion.
Time Machine Parameters include more information about backups destinations and the state of backups in progress.
Some Parameters also no longer require relaunching apps or processes in order to take effect. These include Parameters such as:
Enable Secure Keyboard Entry in Terminal takes immediate effect, even if Terminal is open and being used.
Dozens of Parameters refactored with performance and reliability improvements. Significant logging improvements for the Parameter Agent; full blueprint Parameter results are now logged with a [Parameter] tag.
Additionally, multiple parameters have been updated to leverage better system tooling for audit logic, which will result in better auditing and enforcement of parameters. You may notice additional remediations due to this improved auditing logic. Deprecations:
macOS 10.13 High Sierra is no longer supported in this version. Update devices to macOS 10.14 Mojave or higher.
The Following Parameters will no longer be enforced by the Kandji Agent, and will be removed from the web app on April 6, 2022. Please ensure you have migrated to the appropriate Library Items, so please review our support article.
Enable FileVault 2
Escrow FileVault Recovery Keys to Kandji
Manage Screen Saver
Restrict App Store app installs and software updates to admin users
Disable Beta Updates
Automatically check for updates
Automatically download and install security updates
Download macOS and App Store app updates in the background
Automatically install macOS updates
Automatically install App Store updates
Delay software update availability
Disable software update notifications
Restrict App Store to software updates only
Manage media access
Disconnect all media at logout
Manage disc burning
Display login window as name and password
Disable and remove password hints
Disable fast user switching menu
Enforce a custom message for the lock screen
Log out inactive users
Manage Gatekeeper
Disallow users from overriding Gatekeeper settings
Ensure Firewall is configured to log
Enable Firewall
Enable stealth mode
Block all incoming connections
Block built-in apps from receiving incoming connections
Block downloaded apps from receiving incoming connections
Enable detailed firewall logging
Disable waking for network access
Disable sleeping when connected to power
Disallow unlock with Apple Watch
Disallow unlock with Touch ID
Disallow sending diagnostic and usage data to Apple
Disable Content Caching
Disallow AirDrop
Disallow password sharing via AirDrop Passwords
Disable Camera
Disable Safari AutoFill
Disallow Safari Password AutoFill
Disallow Game Center
Disallow iCloud Desktop & Documents Sync
Disallow iCloud Drive
Disallow iCloud Photos
Disallow iCloud Mail
Disallow iCloud Contacts
Disallow iCloud Calendar
Disallow iCloud Reminders
Disallow iCloud Bookmarks
Disallow iCloud Notes
Disallow iCloud Keychain Sync
Disallow password proximity requests
Lock screen after Screen Saver or sleep begins
Disallow simple passwords
Maximum failed login attempts
Account lockout duration
Minimum number of complex characters
Minimum password length
Require alphanumeric password
Maximum allowed password age
Password history
Force user to reset password at next authentication
Custom Compliance Scripts
Disable Java 6 from being the default Java runtime
Manage Adobe Flash Player
Disable Handoff
Disable Siri
Disallow Find My Mac
Force Install macOS updates after specified time period
Disable the Infrared Receiver if no paired devices exist
Disable FTP Server
Set retention for authd.log
Set retention for appfirewall.log
Set retention for system.log
Advanced Password Management BETA
Restrict NTP server to loopback interface
Disable console login
Set a Firmware Password BETA
Watchman Monitoring Client
Enable OCSP and CRL certificate checking
Disable Bluetooth Discoverable Mode when not pairing devices
Ensure display sleep interval is greater than Screen Saver interval
Manage number of allowed firewall rules
Disable Internet Plug-Ins for global use in Safari