Kandji

The Apple device management and security platform.

Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place.

Kandji Logo

Device Management

With Kandji Device Management, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security controls in place.

Kandji’s Device Management extends far beyond Apple’s MDM framework, encompassing zero-touch deployment, the Mac setup experience, device configuration and hardening, automated remediation for security controls, application deployment and patch management, OS updates, and single sign-on integration for Mac.

Kandji MDM Key Value Propositions

Operational Efficiency & Scalability
Kandji’s automations are a force multiplier. They free your technology team from repetitive tasks, letting you focus energy on more impactful projects. Security templates get a fleet hardened and compliance-ready in minutes, and automated software updates mean no more patching, testing, or manually notifying users.

Security
Kandji’s Device Management hardens your Apple devices to any standard with security configurations and automations designed to stay out of the user's way. Configurations are enforced via MDM profiles and the Kandji Agent, which automatically remediates when a device strays from its desired state—if users uninstall crucial apps or change security settings, the Kandji Agent fixes it.

End-User Experience
Kandji’s Device Management delivers elegant flows and prompts for Mac users that are ready to deploy right out of the box. Employees get what they need from IT and comply with device management requirements in a way that feels native to Apple, whether it’s the Mac setup, app installs, or OS upgrades.

    Kandji MDM Key Differentiating Features

    1. Liftoff and Automated Device Enrollment
      Automated Device Enrollment allows newly unboxed devices to automatically enroll in MDM and receive all the configurations and apps assigned to it. Liftoff shows users how IT is configuring their Mac computers during setup.
    2. Auto Apps
      A catalog of 100+ popular business apps with patching on autopilot. Admins set the deadlines. Kandji hosts, patches, QA tests, and enforces the updates. Kandji also prompts users to upgrade, and lets them delay it to a convenient time.
    3. Managed OS
      Automated patching and upgrade prompts for Apple operating systems. Managed OS delivers timely OS updates and upgrades which reduces exposure to vulnerabilities. Prompts for Mac users give plenty of time to upgrade before the deadline.
    4. Compliance templates and Blueprints
      Kandji’s built-in library of security settings and controls are organized into templates mapping to CIS Level 1 and CIS Level 2, allowing customers to reach compliance with benchmarks at the click of a button.
    5. Passport
      Passport provides a login experience that feels native to the Mac, yet leverages identity provider credentials for more secure logins and just one password for end-users to remember.

    Endpoint Detection & Response

    Kandji Endpoint Detection & Response (EDR) is purpose-built to detect and stop threats on Mac computers. Armed with hundreds of millions of malware definitions, data from the world’s leading threat feeds, and a team of threat researchers feeding the detection engine, our threat intelligence for Mac is among the world’s most comprehensive.

    Kandji EDR is deployed alongside MDM in a unified agent. It monitors all files and applications on the Mac. It can detect threats, kill processes, quarantine files, provide alerts and notifications, and enforce custom allow/block lists.

    Kandji EDR key value propositions

    A very low lift to implement and maintain
    Kandji EDR is deployed through a unified Kandji Agent and seamlessly integrated into the Kandji web app. The Kandji Agent is built exclusively for Mac systems and takes advantage of Apple technologies to ensure it is always running and uses system resources efficiently.

    Extensive threat protection for Mac
    Armed with hundreds of millions of malware definitions, data from the world’s leading threat feeds, and a team of threat researchers feeding the detection engine, our intelligence is among the Mac world’s most comprehensive.

    Stop threats before they happen
    Informed by Apple’s Endpoint Security framework events, Kandji can gather all metadata on a file, analyze it, detect the potential for malicious activity, and quarantine it — all in the span between a user clicking download and the download completing.

    Kandji EDR differentiating features

    Uses the power of an Apple MDM agent
    MDM agents get special privileges via Apple technologies and are unremovable by the end user. Since Kandji EDR runs on the MDM agent, it enjoys the same privileges which ensures it is installed and running at all times.

    Device Management + EDR in a single agent
    All of Kandji’s capabilities are deployed by a unified agent. This approach drives fast implementations that require no ongoing maintenance by IT or performance hit for users. This puts Mac endpoint protection within reach of every team.

    Kandji’s In-House, Dedicated Mac Threat Intelligence
    Armed with data from the world’s leading threat feeds, hundreds of millions of malware definitions, and a team of threat researchers feeding the detection engine, our threat intelligence for Mac is among the world’s most comprehensive.

    "So I Do That" with Kandji

    4-Minute Product Tour

    Migrating to Kandji

    Day One with Kandji

    What Kandji EDR helps customers do

    Stop threats before they happen
    Informed by Apple’s Endpoint Security framework events, Kandji gathers and analyzes all metadata on a file, detects the potential for malicious activity, and quarantines it — all in the span of a user clicking download and the download completing.

    Enforce custom allow/block lists
    Enforce allow/block lists by file hash and path. The Kandji Agent ignores allowed items when encountered on a device while treating block list items as malware in the system.

    Respond to threats
    In Protect Mode, security engineers can configure the posture to protect against malware and PUPs. The Kandji Agent automatically identifies malicious files, killing any malicious processes and quarantining malicious files.

    Investigate alerts and notifications
    In Detect Mode, the Kandji agent identifies but takes no action on the file or process exhibiting malicious behavior. Detections and file quarantine actions generate an alert to the admin, who can view them from the Kandji web app or integrate them with communication tools like Slack.

    Analyze threat events
    The threat events view provides information such as the threat name and classification, along with any relevant actions and their dates. Threat events are viewable at the device level or in the collated threat events view. In cases where the wrong file is apprehended, admins can release it from quarantine across all devices and add it to the allow list in one easy workflow.

    For more information on Kandji and what it can do for your business, please complete the form below.

    * This field is required