Strengthen your Mac security while boosting productivity

Kandji’s device management, malware protection, and vulnerability management cover the full scope of endpoint security which compliance programs require. Kandji makes it easy to apply the right security configurations to devices via templates, and consistently enforces those configurations to ensure that devices stay compliant.

Kandji uses Apple's Declarative Device Management framework to efficiently enforce macOS software updates. We prioritize the end-user experience by maintaining native update prompts that notify users well in advance, allowing them to install updates proactively before enforcement deadlines.

For Auto Apps—our collection of over 200 popular applications—admins can configure deployment preferences and establish automated update enforcement. Kandji will intelligently handle the entire update process—from delivering user-friendly prompts and performing silent background updates when applications aren't in use, to installing critical updates by the enforcement deadlines. This automation ensures your Mac fleet maintains consistent software versions without burdening your IT team with manual patch management.

Admins can lock down external storage access on Mac with encryption and access permission controls for USB drives, DMGs, SD cards, and server volumes.

Kandji enhances IT teams' remote support capabilities by providing detailed device data and a Device Lookup tool. This tool allows tracking of a device's assignment path, revealing deployed configurations and the rationale behind specific app or setting applications. Additionally, Kandji supports deployment of remote access tools like TeamViewer, AnyDesk, and Splashtop Business, enabling secure, unattended remote device management.

Mac computers can be enrolled in Kandji through several methods. Each method applies pre-configured settings and policies immediately upon enrollment to ensure devices are secure and compliant from the start.

• Automated Device Enrollment (ADE):
  The most secure and seamless option, ADE (formerly DEP) allows devices purchased through Apple or an authorized reseller to automatically enroll in Kandji during setup, without admin intervention. This is full zero touch deployment.
• Enrollment via URL:
  For devices not eligible for ADE, Kandji provides a secure enrollment link that can be used to manually enroll Macs. Admins can distribute this link to users as needed.
• Kandji Migration Agent:
  If you're moving from another MDM, the Kandji Migration Agent can be deployed using your existing MDM to automate the transition. It minimizes user interaction and streamlines the re-enrollment process.

IT teams can deploy dozens of security controls like FileVault for disk encryption and external storage restrictions and encryption requirements. Endpoint Detection & Response (EDR) detects and mitigates malware and malicious behavior that could otherwise lead to data loss. Customers can also use identity provider integrations to restrict sensitive data access to only fully managed and secured devices.

Purchasing Kandji MDM includes access to the Kandji Migration Agent, our proprietary tool designed specifically to streamline MDM transitions on Mac. This agent deploys through your current MDM platform, requiring minimal end-user interaction to move to Kandji—just a few clicks to complete. Our team tailors the migration process to your organization's specific variables and provides dedicated support via chat and email throughout the transition. Depending on your environment and objectives, Kandji can be fully deployed across your entire fleet in as little as two weeks.