December 27, 2018

Security Management for Macs



Just under a decade ago, we started an MSP that focused on helping companies use Macs. The percentage of Macs used in businesses around the world continually grew year over year, and still shows no sign of stopping. This growth helped us become experts on the tools needed to keep Macs in the workplace running successfully. We built an expert team of IT engineers and consultants, with specialities in a wide range of highly-technical areas, all focused on providing Apple-based businesses with the best-in-class IT stack.

Device Management

Setting up devices and deploying software was always a daunting process until MDM (Mobile Device Management) services came into the picture. Before MDMs, each setting and piece of software would need to be manually applied on each Mac before being handed to the user.

Today, MDM / EMM solutions (like Jamf or Fleetsmith) allow a company to define their standards for software and basic settings that can be automatically deployed to new and existing Macs. 

Threat Management

Once a Mac is set up and in use, keeping the user and their data safe presented a new problem. Threat Management services like Sophos monitor in-transit and stored data for security risks. Real-time scans ensure all information is encrypted and threats are blocked.

Missing Piece

While MDMs / EMMs offer the ability to streamline setup, the number of configurations available related to security are slim. Even products like Sophos that focus on security threats do not offer much related to configuring or hardening a device with security-related settings.

Almost every company we helped was subject to regulation. CIS, FedRAMP, NIST and even custom internal standards presented a new challenge for IT and Security teams, even those using MDMs and Threat Management solutions. Neither offered the ability to ensure Macs were configured securely and, just as important, continually stay in that state. Worse, should a company require an audit, it was impossible to prove that devices were adhering to the standards they were set to.

Compliance & Security Management

This missing piece is defined as Compliance & Security Management. It consists of three simple components:

  • Configuring a baseline 'state' for your endpoints
  • Keeping individual endpoints in that state
  • Proving organization-wide compliance at any time

No Compliance & Security Management solutions exist for macOS. To fill this gap, we sold our MSP and brought Kandji to market.



We built Kandji to solve Compliance & Security Management for all macOS devices in the workplace. Now a company can quickly and continuously enforce advanced security policies and prove compliance without building custom scripts, or writing a single line of code.

Kandji includes a growing library of over 130 parameters built based on standards like HIPAA, CIS, and NIST. Continuous remediation ensures that each parameter remains in compliance, allowing you to harden your fleet with just a few clicks. In-depth reporting allows companies to instantly generate an audit for each parameter on each Mac, proving that standards are upheld.

Try Kandji for free today. Built to work alongside MDMs and Threat Management systems, or as a standalone platform, Kandji lets you ensure compliance & security on your Mac fleet for the first time.

Subscribe to the Kandji Blog