If you are looking for an Apple-centric MDM system with great features and easy to use interface, Kandji MDM has a lot to offer. Although, if you are not sure about it, here is a review of Kandji device management or you to decide for yourself.
What you will see?
Mobile Device Management (MDM) software enables remote management of mobile devices such as smartphones, tablets, and laptops. It provides security privileges, software, and operating system patching, as well as the ability to locate and wipe lost or stolen devices. The majority of MDM solutions enable the management of different mobile platforms. MDM is increasingly being absorbed by UEM (Unified Endpoint Management). Thus, reducing it to a single component of digital hardware management. Naturally, the goal is to enable remote management of all types of devices, regardless of manufacturer or operating system. Kandji is a unique character. Rather than providing a UEM-like MDM, it provides a focused experience that allows just Apple device control and administration.
- Wide selection of enrolment options
- Support for iOS, iPadOS and macOS
- Smart user interface
Plans and Pricing
Kandji has a sliding scale licensing scheme, with functionality being added as the number of devices grows. Customer assistance, onboarding, solutions engineering, a migration agent, self-service, Liftoff, and an optional API for $150 are all included in the base $399 per month bundle for under 100 devices. The pricing increases by $400 for every hundred devices. You will have to pay $1999 for 500 devices, with the API included for free. This increases to $2699 per month for 750 devices, $3499 per month for 1000 devices, and $4899 per month for 1500. Moreover, the service charges $6499 per month for 2000 devices and $8999 per month for 3000 devices. Although, if your organization has higher demands you can directly contact Kandji’s sales department.
To break it down further, Kandji costs $3.99 a month for 100 devices and $2.99 for 3000 devices on the cheapest plan. That’s hardly a significant saving. Kandji offers a 14-day trial for testing reasons. You can even request a free demo to test the waters.
Kandji device management offers a simple way to manage and control mobile devices on your network. Enrolling a new device with zero-touch enrollment is simple and you can do it without any physical engagement from technicians. This eliminates the need for a meeting with the company’s IT department. You can use G Suite or Microsoft 365 for enrollment. Kandji admins can utilize the Blueprints functionality to quickly attach apps, controls, and automation to a specific device. You can create Blueprints for certain teams, places, and goals, among other things. Moreover, Kandji can display everything from a device’s state to the apps loaded and current activity, as well as audit information for devices. Kandji keeps a thorough journal for each system he manages.
A library of approved apps and utilities can be selected for tightly regulated settings. Thus, allowing end-users to install the apps they need without IT participation.
Kandji compliance features endure even if devices are off, assuring device integrity. Compliance templates and a library of over 150 security controls ensure that devices behave in particular ways. This includes connecting to the “proper” wireless network and custom profiles and scripts to ensure that security and best practice come with ease. Liftoff automates an enterprise-ready configuration for macOS devices like MacBook. Moreover, if you are switching from another MDM to Kandji, it includes a utility for transferring devices. Kandji gives businesses complete management over their gadget inventory’s entire life cycle.
- Zero-touch deployment makes things easy and quick, including the installation of necessary programs and security settings.
- Keep users informed about Kandji’s Liftoff’s progress.
- Integration with existing identity providers to ensure that devices and applications are only accessible to authorized users.
- Maintain each operating system (OS) by applying major and minor updates without the use of scripting.
- Notify users about configuration updates, along with any actions that are a must. It comes with the option to postpone installation until a predetermined enforcement deadline.
- Automatic patch management for software programs.
- Lastly, app Store and bespoke apps can be installed, updated, and deployed.
You can integrate Kandji with other software programs, identity providers, software monitors, and automation tools. This way you can use Kandji to do more device management heavy lifting.
- With Kandji Passport, you can enable single sign-on (SSO).
- Apple Business Manager, Slack, Microsoft 365, Drata, Vanta, and Cloudflare are among the approximately 150 apps that Kandji’s REST-compliant API interfaces with.
Secure a complete Apple device fleet by deploying, monitoring, and managing security.
- Using the NIST, CIS, and STIG frameworks, prebuilt templates assist firms in adhering to compliance processes.
- All settings are recorded, allowing unauthorized modifications to be reversed.
- Moreover, if you uninstall critical software or change security settings, Kandji Agent immediately fixes the systems.
Device configuration includes management, configuration, and troubleshooting.
- Kandji helps you to remote wipe and lock your smartphone if you somehow lose it. Thus, assuring that your data is safe.
- Kandji provides Filevault recovery keys, activation lock bypass codes, and recovery lock passwords to assist users to regain access to their Mac.
- Device restarts must be forced.
- Furthermore, maintain host naming conventions.
Installation and setup
Kandji MDM accepts a variety of enrollment methods. Kandji Enrolment Portal and Automated Device Enrolment can be used to enroll all devices. Moreover, Kandji Enrolment Portal is for devices already set up and unsuitable for reset or restores. At the same time, Automated Device Enrolment is for new or restored devices allocated to Kandji in Apple Business Manager. The Enrolment Portal can also be used to enroll devices that aren’t supported by Apple Business Manager. Meanwhile, if you buy it outside of Apple Business Manager, iPhones, iPads (and Apple TVs) can enroll with Apple Configurator 2. Additionally, BYOD users would get great help from this. Furthermore, in the terminal, an automated enrollment mechanism called DEP NAG is used to register macOS devices.
Apple Device Restrictions
Apple’s Restrictions profile limits users’ ability to do things like access a specific app, service, or function on their devices. The idea is to unify device settings across your environment, notwithstanding the wide range of constraints available. For instance, the IT team might delay an OS version update or prohibit the use of Siri. This helps the IT team to secure your devices and keep your data safe. Here are a few examples to give you a feel of the scope of this profile:
- Restrict changing account settings
- Authentication is required before using AutoFill passwords.
- Modifying diagnostic parameters is not permitted.
- Postpone software updates
- Untrusted HTTPS certificates are automatically rejected.
- Backups must be encrypted.
Kandji MDM categories
Moreover, the Restrictions profile organises a wide range of Kandji MDM acts under the following categories:
- App Blocking & Allowing
- Autonomous Single App Mode
- Passcode & Authentication
- Lock Screen
- Accounts & Passwords
- Data Segregation
- Apple Watch
- Find My
- Game Center
- OS Updates
- OS & General
Enable the Restrictions Profile
You can build various Limits profiles based on your requirements. You can for instance, perhaps your sales team requires additional Media restrictions, or perhaps your executive team requires customized Cellular settings. Simply build a new Limits profile, enable the restrictions you want, and then use a Blueprint to assign them to a set of devices. Although, consider the following factors while deciding which restrictions to enable:
- OS Requirements: iOS 4.0+, iPadOS 13.0+, and macOS 10.7+ are the minimum system requirements.
- Device Types: Filter by device type to see which restrictions are available for Mac, iPhone, or iPad.
- Supervision Required vs. Not Required: Some limits, particularly the iPhone and iPad options, require Device Supervision. However, you can filter between supervision options based on your needs.
Kandji’s device compatibility is limited as an MDM focused on Apple mobile hardware. iPhone, iPad, MacBook, and iMac, as well as tvOS, are all supported. Also, Kandji is compatible with iOS 12 and iOS 13 phones and iPads and uses Apple’s MDM mechanism. Additionally, Kandji’s desktop (workstation) administration comes with a mix of Apple MDM and Kandji’s proprietary macOS Agent. Moreover, Kandji does not require that your organization’s devices connect to Apple Business Manager.
Kandji device management has a versatile and easy user interface (UI). It is split into the core operations required for MDM, as you might expect from software designed to administrate Apple products. Devices, apps, controls, deployment, and compliance are all represented in the user interface. Moreover, the UI presents everything plainly. It has simple drop-down menus and clickable boxes for switching features and settings. So you don’t need any prior familiarity with MDM.
Kandji device management is amazing in every way, even beyond its apparent limits. The user interface is sleek and quick, the feature set is unrivaled, and also enrollment is simple. The features are outstanding, and it stays squarely in the area of mobile device management rather than the UEM sprint that so many other MDM suites take. Although, the lack of a proper licensing framework is a major flaw. Kandji is a cutting-edge Apple Device Management tool that allows you to keep track of your Apple TV, iPad, Mac, and iPhone. This saves the IT staff many manual hours while also eliminating repeated work. Furthermore, the solution comes with its own advanced pre-built library of 150+ controls.
Moreover, the in-house macOS agents can remediate devices even while they are offline. Kandji device management has an accurate connection with external systems such as Watchman Monitoring, Apple Business Manager, Slack, Kandji API, and others. Thus, allowing users to complete their tasks quickly. Additionally, features such as one-click compliance templates, single sign-on, a library of compliance controls, and auditor access improve the monitored device’s overall security. Furthermore, businesses can use the platform to restrict questionable apps across the entire staff.
If you have any questions, you can ask us in the comments section below!