2024: A Year of Transformation

In 2024, Kandji continued to revolutionize Apple device management with groundbreaking innovations, powerful new integrations, and significant improvements to our core platform. From introducing AI-powered device management to reimagining how configurations are deployed at scale, we've enhanced every aspect of the Kandji experience. Let's explore the highlights of this transformative year.

New ways to manage devices at any scale

Assignment Maps

We introduced Assignment Maps, an entirely new approach to managing devices. This highly visual, flexible system allows teams to configure every device in their organization using a single map. With conditional blocks providing a clear flow of logic, IT teams can now deploy configurations and troubleshoot with unprecedented precision and clarity.

Tags

We introduced tags as a flexible new way to group devices in Kandji. Tags can be used to define device groups and can be used in Assignment Rules, allowing for more precise control over the configurations and apps you deploy.

Near-instant user attribute updates

We enhanced our identity provider integrations to ensure updates to user attributes like email, department, job title, and group information, as well as many device attributes, result in near-real time re-evaluation of scoping logic, eliminating the wait for daily check-ins.

Deeper visibility into your fleet

Prism

Early in the year, we launched Prism, our powerful new reporting tool that gives administrators quick visibility into their Apple device fleets. Prism provides instant reporting across 14 key categories of device data, from application inventory to security settings, making it easier than ever to understand and manage your entire fleet.

Kai

We introduced Kai in Alpha, our AI-powered assistant for Apple device management. Kai allows administrators to gain insights into their Apple device fleets using natural-language queries, making complex fleet management tasks more accessible while maintaining complete data privacy and security. Kandji also achieved ISO 42001, a new compliance program for AI, which signifies the highest standards in data privacy and security in our use of AI with Kai.

New devices view

We revamped the Devices tab with enhanced views, providing a more comprehensive and customizable view of your devices. The update includes access to over 30 device attributes, custom date filtering options, and improved search functionality to help administrators locate and manage devices across their fleet more efficiently.

New capabilities for iPhone and iPad devices

In-House Apps

We launched In-House Apps to give organizations complete control over their proprietary iOS and iPadOS applications. This feature allows teams to deploy apps directly to devices without going through the App Store, maintain privacy of intellectual property, and push updates instantly when needed.

Web Clips

The new Web Clips feature enables teams to create home screen shortcuts to essential web apps and resources on iOS and iPadOS devices. Administrators can customize icons and labels, manage browser UI controls, and deploy these Web Clips as Library Items using Assignment Maps.

Return to Service in Self Service

We introduced Return to Service in the Self Service app for iOS and iPadOS, allowing users of shared devices to quickly and securely erase those devices when finished. This feature streamlines device management in shared-device environments while maintaining security standards.

Self Service Improvements

We enhanced the Self Service app with new capabilities, including support for device registration for Microsoft Device Compliance integration and the ability to deep-link into items and categories via the share menu, making it easier for users to access resources.

Intelligent software updates

Update Only Mode

We introduced Update Only mode for Auto Apps, enabling automated patch management for software that users install independently. This mode keeps apps up to date on endpoints where they're already installed, without deploying them to new computers or making them available in the Self Service app.

Pre/Post Install Scripts

We added support for pre- and post-install scripts in Auto Apps, allowing administrators to configure settings and licensing details during the installation process. This feature streamlines deployment of enterprise apps that require custom configurations or licensing setup.

Local Time Zone Enforcement

We implemented intelligent update scheduling that respects users' local time zones, allowing administrators to set target times for Auto App updates that automatically adjust to each user's location, minimizing workplace disruption while maintaining software currency.

49 new Auto Apps

Throughout 2024 we added 49 new applications to Auto Apps in the catalog. We built, tested, and released a total of 2,539 updates across all 195 Auto Apps, and automatically remediated 453 high severity and critical severity vulnerabilities. The average time to release an update after it became available from the developer was 3 hours and 49 minutes.

Kandji Packages and KAPPA

We released two open-source frameworks—Kandji Packages and KAPPA—providing seamless ways to create and update Custom Apps via API. These tools enable programmatic deployment of custom installers and integrate with existing AutoPkg infrastructures for automated package management.

New integrations

ServiceNow

Our ServiceNow integration enables automatic syncing of device data to ServiceNow's Configuration Management Database (CMDB). When devices enroll or update in Kandji, changes are pushed to ServiceNow, creating a unified view of your Apple fleet.

Microsoft Device Compliance

Our new Microsoft integration allows organizations to use Kandji device data in conditional access policies, ensuring access to resources is granted only to devices that meet specific security standards and management requirements.

Diamond Assets

Diamond Assets customers have access to a visual dashboard displaying vital information related to current device type, age, operating system, and compatibility. This allows for a real-time view of the buyback value of their devices, simplifying and accelerating upgrade planning.

Workbrew

Workbrew's integration with Kandji enables automated device setup and configuration management. It also surfaces device data from Kandji inside the Workbrew console.

BlueTally

BlueTally's integration with Kandji adds all your devices to BlueTally as assets, and even checks them out automatically to their assigned users.

Beyond Identity

Use Kandji and Beyond Identity to create stronger authentication. Build a policy in Beyond Identity that requires a device to be managed by Kandji in order to authenticate.

Enhanced security

Kandji's Threat Research

We discovered 22 novel vulnerabilities and threats, like Cuckoo, with several disclosed to Apple and addressed in official security updates. Kandji EDR caught thousands of distinct malware files and analyzed millions more in the cloud. We implemented machine learning models, using millions of samples to build robust detection methods to recognize emerging threats.

User authentication for manual enrollment

We added the ability to require SSO authentication during manual enrollment, with support for Blueprint-specific configurations. After successful authentication, users can be automatically assigned to device records, enhancing security and streamlining the enrollment process.

New restrictions and security controls

We implemented various new restrictions, including controls for marketplace apps, media sharing, privacy features, and Apple Intelligence. We added support for preventing the installation of alternative marketplace apps in the EU, controlling RCS messaging, and managing call recording capabilities. These new restrictions are critical for customers to maintain a strong security posture as Apple continues to innovate.

Threat-centric view for EDR

We introduced a new threat-centric view for EDR that groups events by hash, making it easier to assess the overall impact of threats across your Mac fleet. The enhancement includes a detailed side panel for each grouped event, offering deeper insights into individual threats.

Passport enhancements

We expanded Passport's capabilities with two key updates: new controls to restrict logins to the identity provider user that is assigned to the device and the ability to stop connections to unsecured networks at the login window. These improvements, along with a beautiful new UI, provide greater security and control over device access.

Day one support for WWDC updates

Day 1 support for new Apple OSes

We delivered comprehensive support for Apple's new operating systems on day one of their release. We updated existing Library Items and released two new Library Items to support the configurations: A new Setup Assistant Library Item, a new Disk Management Library Item. New options for configuring PlatformSSO or Kerberos, upgrading software update settings to Declarative Device Management (DDM), and additional Skip Screens for Wallpaper, App Store, and Safety were also added.

Implementation of new keys with zero manual intervention

We pioneered a way to deploy important new keys to devices—such as new restrictions or changes to System Extensions—with zero manual intervention from admins. We detect when a device upgrades to a new major OS and immediately deploy keys it was not eligible for before that moment. This significantly reduces the IT workload that typically comes with supporting WWDC releases from Apple.

About Kandji

Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.