Kandji

Overview

Kandji is a mobile device management (MDM) solution that enables businesses to monitor and manage their MacOS, iOS, iPadOS, and tvOS devices, without compromising end user experience. All of the platform’s device, OS, and application management capabilities can all be managed via a single, unified admin console. This enables simplified, seamless management that breaks down siloes and reduces visibility gaps.

Headquartered in San Diego, California, Kandji offers their Device Management solution standalone or as part of a wider unified endpoint management and security platform, Device Harmony.

Key Features

Device Management

From Kandji’s Devices dashboard, admins can access a high-level overview of all the Apple devices connected to their network, including their model and operating system type, serial number, the name of the device’s user, and when the device was last scanned. Admins can drill down into more specific details on each device by simply clicking on them, which takes them to the device’s Status page. From here, admins can view the device’s general and activity status in greater depth, with options to manage which applications are installed on the device, manage operating system updates, and configure peripheral settings and security policies for the device (e.g., to show the device’s Bluetooth status in the menu bar, disable internet sharing, or require an admin password to access system-wide preferences).

All of this functionality is delivered via a single page; it’s clean, navigable, and very intuitive.

Policy Controls

Kandji enables admins to create “Blueprints”, i.e., a folder of device policies that outline how certain device groups should be enrolled, configured, and managed. Once an admin assigns a Blueprint to a device, those policies are automatically assigned to the device. Policies include: creating a page to guide end users through their device configuration on initial enrollment; using the “Passport” feature to implement single sign-on via an OpenID-compatible identity provider; customizing the user login window; and defining which apps must be installed on the machine.

Admins can create custom Blueprints from scratch, or choose from one of Kandji’s six templates that streamline the creation process by pre-configuring certain settings. Within these templates are included two for CIS compliance, which can also be used as an initial baseline to achieve compliance with other data protection and security standards.

Creating Blueprints for device policies and application management is very straightforward. The policy builder is intuitive and the out-of-the-box templates make it easy for even non-technical admins to create device. Additionally, Kandji prevents admins from creating conflicting policies using logic built in to the platform’s template library.

Application Management

Kandji offers three levels of application management. Firstly, admins can access a full list of the applications installed on each device via the same Device dashboard used for general device management, by opening the individual device page and selecting the “Applications” tab.

Secondly, admins can use Blueprints to define which applications should be installed across certain device groups. This is helpful for ensuring that specific user groups have all the applications they need installed on their devices and ensuring that each user in a department has access to the same apps (e.g., by requiring all graphic designers to have the full Adobe Creative Cloud suite installed).

Finally, the platform’s “Auto Apps” feature enables admins to choose from 122 applications (at the time of writing) that may not be in Apple’s App Store, deploy those apps through Kandji’s own App Store, and automate the maintenance of those apps in terms of updates and patches. Users can delay updates for one hour a maximum of 24 times before Kandji enforces the update, ensuring that all updates are made within 24 hours of the admin scheduling them.

Using Auto Apps, admins can also assign applications to a device via custom rules or by assigning a Blueprint—automatically installing them on specified device groups. Admins can continually enforce the installation of apps, which means that the app is re-installed should a user delete it, or they can enable on-demand, self-service installment, which enables users to download the apps via Kandji via an App Store experience. This saves a huge amount of time from being spent on manually installing and updating apps across each device.

Onboarding And Device Enrollment

Admins can configure automatic device enrolment via the Kandji tenant. Whilst doing so, they can define a default Blueprint for new devices, which assigns them a Blueprint automatically as soon as they’re enrolled with Kandji. This ensures that all devices are grouped, assigned the correct configurations, and have the correct applications installed as soon as they’re enrolled.

Effectiveness

Overall, Kandji is a highly effective mobile device management solution. It offers granular device and application management controls, which admins can configure via a modern, intuitive interface. Using the platform’s powerful feature set, IT and security admins can monitor and manage their Apple devices and the apps installed on those devices, in order to bring them in line with internal and external (e.g., compliance) requirements for security and data protection.

Ease of Management

All of Kandji’s device management features are delivered via a single cloud-based platform. The platform’s robust selection of out-of-the-box templates for policy configuration (in the form of Blueprints) and its powerful automation capabilities make it easy for less technical admins to manage their Apple devices, but the platform also offers deep levels of customization that enable it to support more complex device management requirements.

Kandji is very user-friendly. The interface is well-aligned with Apple’s MacOS interface, giving it a familiar, navigable feel for admins that are well-acquainted with Apple’s devices.

Finally, Kandji offers excellent customer support via two channels: the in-depth Knowledge Forum on their website, and their technical support team comprising 100% of former Mac admins.

Best Suited For

Kandji is currently compatible with all Apple devices, including MacOS, iOS, iPadOS, and tvOS. This makes it well-suited to organizations with a endpoint fleet solely comprising Apple devices, which are being managed by a Mac admin. However, the platform’s intuitive, navigable interface also makes it suitable for more diverse endpoint fleets being managed by a Windows admin, e.g., an organization that uses majority Windows devices but distributes Apple devices to their C-Suite.

Kandji’s clean interface and out-of-the-box templates make it well-suited to SMBs and mid-market enterprises that are looking for a user-friendly, easy-to-manage solution. However, its granular level of customization—both in terms of policy configuration and end user experience—and its powerful automation capabilities also make Kandji a strong option for larger enterprises that need to manage a large number of devices, or which must comply with complex data protection and privacy requirements.

Final Verdict

Kandji is a comprehensive mobile device management platform that enables admins to effectively and efficiently monitor and secure their Apple devices, without compromising the end user’s experience. Overall, we recommend that any organization looking to manage an Apple device fleet consider adding Kandji to their shortlist.