The primary function of the Kandji software is to help companies maintain control over their devices. Companies utilise it in a hybrid work environment where employees may use their personal devices for work purposes.
As a device management platform, employees are always concerned about their privacy. Many believe Kandji monitors their privacy and tracks or directly spies on them via webcam, microphone, or internet history.
But what does Kandji track, and what does the employer have access to?
What is Kandji tracking?
Kandji is a device management platform that allows IT departments to manage software installs, updates, and security settings on Apple devices. Unlike popular opinion, Kandji software is not designed to spy on users directly.
Instead, Kandji offers various features to provide visibility and control over devices and their activities. The activities the software tracks include:
1. Library Item Activity
Kandji provides detailed records of when a Mac device enrols, checks in, or is updated.
2. Supervision Status Label
The feature allows admins greater control and visibility over Library Item activities and whether devices are supervised or unsupervised.
3. Lost Mode
Kandji’s Lost Mode allows IT admins to track missing Apple devices while protecting user privacy. It provides location details without compromising user privacy.
4. Activity Page
The feature allows admins to view the entire history of their fleet or a single Mac using the Activity page.
5. Transparency, Consent, and Control in macOS
Kandji supports macOS’s Transparency, Consent, and Control framework (TCC). Doing so improves security by requiring end users or administrators to approve or pre-approve an application’s access to certain protected resources, also known as Services.
These Service items require several permissions before the software can access them. In other words, if given permission, Kandji can access and track various resources on a device, including Contacts, Calendar, Photos, Desktop, and Documents folder.
However, the privacy protocols in the software dictate that IT admins or end users must pre-approve applications for certain Services before the software can access them. Therefore, Kandji cannot track screen recording, input monitoring, microphone, or camera unless approved by an employee or end user who is an admin.
Why do companies use Kandji software?
Companies use Kandji for several reasons, including:
1. Device Management and Security
Kandji empowers secure and productive global work. It transforms Apple devices into enterprise-ready endpoints with the right apps, settings, and security systems in place.
2. Advanced Automation
Kandji’s platform offers advanced automation and thoughtful experiences, bringing much-needed harmony to how IT, InfoSec, and Apple device users work.
3. Integration with Apple MDM
Kandji goes beyond Apple MDM solutions by integrating device security and management into one platform. Thus, it allows businesses to get a comprehensive approach to managing Apple devices.
4. Endpoint Detection and Response
Kandji’s MDM and EDR solutions help businesses secure their macOS fleets against threats and malware, providing an additional layer of security for Apple devices.
6. Ease of Use
Customers have praised Kandji for its easy-to-use and easy-to-implement platform, which allows IT teams to quickly improve their security posture.
7. Time-Saving
Kandji’s platform automates many tasks, saving IT teams countless hours of repetitive, manual work.
How does Kandji work?
Kandji uses two primary components: the Kandji web app and the Kandji macOS Agent. The web app configures, reviews, and reports settings on enrolled devices.
On the other hand, the Kandji Agent enforces settings, remediates discrepancies, and reports data back to the web app.
These two components offer advanced solutions for device management, vulnerability management, and endpoint detection and reaction. The software also has an extensive library of pre-built controls that enhance device management efficiency.
The controls that help the software work well are:
1. Blueprints
Blueprints define a set of behaviours, Parameters, and Library Items the software must deploy to a group of devices. The software uses blueprints for locations, job roles, or testing purposes.
2. Parameters
Parameters are settings that the IT team can turn on or off using the toggle next to the Library Item.
3. Enrolment
The enrolment process involves adding devices to the Kandji platform. Once enrolled, the IT team can manage devices using the defined Blueprints, Library Items, and Parameters.
4. Threat Detection and Response
Kandji offers advanced solutions for vulnerability management and endpoint detection and response. As a result, the software provides real-time scanning and monitoring, threat event analysis, and frictionless quarantine release.
5. Integration
Kandji integrates seamlessly with productivity tools like Slack, Teams, and Zapier, allowing users to receive notifications, automate workflows, and collaborate more efficiently with teams.
All these parameters and controls help Kandji streamline device management processes.
Have your say!
Has your employer installed the Kandji software, and what employee data do they have access to?