Today, Kandji is pleased to announce same-day support for Apple’s latest operating system releases: macOS Ventura and iPadOS 16. (iOS 16 and tvOS 16 were released on September 12; Kandji supported all applicable functionality in those releases on the same day, as well.)
All existing Kandji functionality will continue to work as expected in these releases. In addition, the following new functionality is being added today:
Managed OS Library Items for macOS Ventura and iPadOS 16
Kandji’s Managed OS feature supports managing and enforcing macOS Ventura, iOS 16, iPadOS 16, and tvOS 16. macOS Ventura and iPadOS 16 appear as available Library Items; the iOS, iPadOS, and tvOS Managed OS Library Items are available in Preview.
New Login & Background Items Library Item
macOS Ventura brings new transparency to users when apps add login or background items—application components that usually launch at startup or login—and gives users an easy way to turn them off in System Settings (Ventura’s updated version of System Preferences). The new Login & Background Items Library Item allows Mac admins to manage these items. Once managed, the specific background items are labeled in System Settings as being managed by the organization, and users can’t turn them off. Kandji uses this feature with no action required by admins to prevent users from turning off the Kandji Agent via the Kandji Agent Settings profile.
Kandji has a constantly growing library of Auto Apps. If an Auto App includes login or background items, Kandji automatically disallows users from being able to turn them off as well. This configuration is managed and deployed automatically by Kandji; no action by the admin is needed.
New Restrictions in the Restrictions Library Item
This release of Kandji also adds support for restrictions that Apple is introducing with macOS Ventura. Specifically, that item now enables admins to disallow universal control, profile installation via System Settings, USB-restricted mode, and modifying Bluetooth settings.
We’ve also added a number of additional restrictions across all platforms:
- Disallow automatic screen saver;
- Disallow enabling additional restrictions on-device;
- Disallow proximity setup to a new device;
- Enforce a fingerprint timeout for Touch ID on Mac;
- Disallow incoming AirPlay requests;
- Force limited ad tracking;
- Disallow Apple personalized advertising;
- Allow an unpaired external boot to recovery (defaults to false);
- Disallow the installation or removal of rapid security response updates.
Many of these are consistent with our continuing commitment to make it easy to configure Mac computers so they're compliant with the latest CIS benchmark.
Managing the System Policy App Bundle
macOS Ventura introduces a new Privacy Preferences Policy Control option—SystemPolicyAppBundles—that can allow an application to update or delete other apps. Admins can configure this new option in Kandji using the Privacy Library Item. Apps already configured for Full Disk Access or System Administrator Files will be automatically granted this capability by macOS with no additional configuration.
Controlling System Settings
As noted above, macOS Ventura replaces the long-standing System Preferences app with a new app called System Settings. At the same time, a number of settings have been moved to different locations within that renamed app. For example, Wi-Fi settings have moved from the Network pane of System Preferences to their own section of System Settings.
But not all previous System Preference panes map one-to-one to sections of System Settings. Kandji’s System Preferences and Settings Library Item has been updated to provide finer control over these new sections of System Settings. If existing Library Items are not updated to specifically manage the new sections, macOS Ventura will make a best effort to map existing configurations to the new sections.
Terms of Address Setup Assistant Screen
macOS Ventura, iPadOS 16, and iOS 16 introduce a new setup assistant screen that allows Canadian French, European French, Italian, and Brazilian Portuguese users to set their terms of address. macOS Ventura allows organizations to skip this screen during setup. Kandji’s Automated Device Enrollment Library Item has been updated to allow this screen to be skipped. Note that, because this screen is displayed before selecting a Wi-Fi network, it can only be skipped when using Automated Device Enrollment with Mac computers being configured using Ethernet.
About Kandji
Kandji is committed to supporting new Apple features as soon as possible after those features are released, so admins can deliver the latest Apple technologies to their users. The Kandji team is constantly working on solutions to streamline your workflow and secure all of your Apple devices. With powerful and time-saving features such as zero-touch deployment, one-click compliance templates, and plenty more, Kandji has everything you need to bring your Apple fleet into the modern workplace.