Kandji is pleased to announce its support for iOS, iPadOS, and tvOS 17. The highlight: a new Return to Service workflow.
Return to Service
Kandji’s new Return to Service workflow is going to make life way easier for Apple IT teams.
The problem it solves is this: There are times when you want to reset an iPhone or iPad, erasing its data, and then getting it to the Home Screen, ready for the next user. Think iPad devices configured as retail kiosks, dedicated Zoom stations, shared field-service terminals, or amenities in hospital or hotel rooms. There are also cases when IT might need to completely reset an employee’s company-provided iPhone. Whatever the context, you need an efficient way to get those devices back to the Home Screen—connected to Wi-Fi, enrolled in MDM, and ready for use.
Until now, resetting such a device has required the admin to touch the glass—if only to get it back online and enrolled in MDM. With this new Return to Service workflow, you can reset a device and get it ready to go without touching it at all, entirely remotely. This was not possible before on iOS or iPadOS devices. (The Mac and Apple TV have similar workflows of their own when connected to Ethernet.) Redeploying such devices was actually harder than deploying them initially, even if they were fully managed and supervised. Now it isn’t.
Now, in conjunction with the release of Apple’s new mobile OSes, we’ve updated Kandji so that when you send an Erase device command from Kandji you can select the Return to Service option.
You can configure this option so that Kandji will also send a Wi-Fi profile, which ensures the device can get online even after it’s been erased. For devices that are connected over Ethernet, cellular, or by USB to a Mac sharing its internet connection, the Wi-Fi profile is optional. As long as you’re using Automated Device Enrollment, the device will enroll into Kandji automatically. From there you can deliver all the settings and configurations that you normally send to a new device the first time it’s set up. (By default, the previously selected language and region are applied.)
One key thing is that you can also trigger this command via API. That extensibility means you could trigger the Return to Service workflow from other apps—your asset management system, for example, or, in more specialized settings, a hotel’s scheduling tool or hospital’s EMR software. If it can send an API request, it can now trigger a zero-touch reset of managed devices at scale.
Also note that this means you can remotely move iPhone or iPad devices from one MDM to another (from a testing instance to a production one for example), without touching the device.
Managed OS, New MDM Keys
We've also updated Managed OS to support iOS 17, iPadOS 17, and tvOS 17. For more details, see our changelog.
The new versions of iOS and iPadOS also come with support for new MDM keys—for which Kandji, in turn, will be adding support.
For example, you can now prevent iPhone widgets from syncing to a Mac via iCloud. (You’re telling your iPhone not to send widgets, instead of telling the Mac not to install them; if you have multiple iOS devices signed in to the same iCloud account, you’ll need to set the restriction on all of them.) And there's more to come.
About Kandji
Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.