The Kandji team is excited to announce fully built-in OS management capabilities for Mac. We are also releasing fully enforced Auto Apps versioning, support for Shared iPad, and more.
In case you missed it, we also recently released Auto Apps and several new Profiles and Parameters.
With Managed OS updates for macOS, a much-anticipated release by our customers, Mac admins can now enforce operating system updates across their environment. Consistent and recent OS updates are crucial for following security best practices and meeting compliance standards.
Kandji has taken a unique approach to OS management in order to give our customers the best of both worlds: maintain a great user experience while ensuring admins can easily meet compliance standards and follow security best practices.
That’s why we’ve created an OS management tool that is built into our platform (no scripting required) and fully enforced.
Admins can set up OS management by simply adding the Managed OS item from the Library, as shown below. Managed OS capabilities support both major and minor OS updates (for example, upgrading to macOS Catalina 10.15.4 from macOS Mojave 10.14.0) and can be enforced with an automatic or manual enforcement deadline.
For your end users, we’ve built some really powerful functionality (powered by Kandji’s macOS Agent) to ensure a seamless user experience:
- The user will begin receiving polite notifications and an option to begin the install 5 days prior to the deadline set by the admin.
- Each notification specifies the time remaining before the update will be automatically installed.
- 30 minutes before the deadline, a countdown will be displayed in the upper right corner of the screen. After the countdown completes, the device will automatically update.
This makes it possible for standard users to complete OS upgrade requests. The Kandji Agent does all the work for them, so even users without admin privileges can complete the required updates.
For more information on how to set up Managed OS, read our support article.
Fully Enforced Auto Apps
We’ve received a lot of positive feedback from customers about our Auto Apps release in February and how it is simplifying Mac patch management. Our next phase was doubling down on the enforcement experience for app updates to ensure all Auto Apps are fully enforced automatically.
Similar to Managed OS, users will receive a series of prompts from the Kandji agent reminding them to update any relevant Auto Apps. Once the deadline is 30 minutes away, the countdown will display.
We have also added improved error handling; for example, if a user attempts to open an app while it is reinstalling, they will receive a warning.
To learn more about how to configure Auto Apps enforcement, read our support article.
Last month, Apple enabled Shared iPad in Apple Business Manager, allowing a true multi-user experience for iPad.
Previously only available to Education customers as part of Apple School Manager, Shared iPad for Business will allow employees to easily share and continue their work on multiple devices (such as in a healthcare setting where a device may be shared from one shift to the next). The Shared iPad becomes their own while they are using it.
The Shared iPad experience works best when Apple Business Manager is Federated to Azure Active Directory (Azure AD) as Managed Apple IDs are automatically created from Azure AD. To learn more about how this works, read our guide to Managed Apple IDs.
Kandji admins can simply enable a new Auto Enroll configuration from the Library and choose the maximum number of users allowed on that iPad. Note: This functionality is only available for devices enrolled through Apple Business Manager (formerly the Device Enrollment Program, or DEP).
To learn more about how to take advantage of Shared iPad within Kandji, read our support article.
Manage FileVault Recovery Key
Kandji admins can now hide FileVault Recovery Keys from their users during FileVault Key regeneration. This is powered by the Kandji Agent, and it automatically occurs when Kandji is configured to escrow FileVault keys and FileVault is already enabled on a Mac.
This is an additional security measure because, without the Recovery Key, end users are unable to decrypt the drive in the event that their account is removed or their password is forgotten.
You can force the Mac to generate a new FileVault recovery key, and Kandji will capture the newly generated key.
If you have chosen to display the FileVault Recovery Key as part of the regeneration process, the end user can click on the Recovery Key to have it shown in a large accessible format.
Read our FileVault support article to learn more.
Enhanced macOS Application Reporting
Admins now have enhanced reporting on the apps deployed on each device. The Kandji Agent obtains validation of the app source and App Store receipt, so it’s easy for admins to see if apps were obtained through Apple Business Manager (formerly the Volume Purchase Program, or VPP).
From any Device record, click on the Applications tab and you’ll see the Identified Developer column with the results.
New Auto App: TextExpander
Based on customer feedback, we have also added a new Auto App, TextExpander. View our support article for the complete list of Auto Apps, and stay tuned for more Auto Apps coming soon.
With innovation and iteration at the core of everything we do, we’re constantly building solutions to give you more of what you need and improve upon features you already love. With Kandji, you can be confident that your Apple fleet is in safe and secure hands from deployment to retirement.