Learn how and when Mac computers check in with Kandji and Apple services
Kandji provides several types of check-ins for macOS devices, each serving different purposes and occurring at various frequencies. These are the types of check-ins Kandji-enrolled Mac computers perform.
Recurring Check-In
- Frequency: Every 15 minutes
- Mechanism: Kandji Agent
- Description: This check-in ensures that the Kandji Agent is up-to-date, executes and enforces Blueprint parameters, and installs any pending library items such as custom scripts, printers, apps, and auto apps. Each item has a specific timeout period for installation.
Order of Operations and Timeouts
Library Items are processed in a specific sequence. Each type of Library Item is handled in an alphanumeric order, with uppercase letters taking precedence over lowercase ones. The timeout values mentioned earlier define the maximum time allowed for each Library Item to complete its installation or execution before it is stopped. Additionally, each run is governed by a global timeout limit of 12 hours, which also applies to installations of Custom Apps and Apps and Books initiated through Self-Service.
| Priority | Operation | Timeout |
| 1 | Custom Scripts | 1 hour per item |
| 2 | Custom Printers | 3 hours per item |
| 3 | Custom Apps | 12 hours (global limit) |
| 4 | Auto Apps | 6 hours per item |
| 5 | Managed OS | 12 hours (global limit) |
Forcing a Recurring Check-In
To force a recurring check-in, run the following command in Terminal:
sudo kandji run
Daily Check-In
- Frequency: Every 24 hours
- Mechanism: Kandji Agent
- Description: This check-in includes all recurring check-in items and additional daily items like custom scripts, compliance scripts, and Blueprint parameters. It also involves securing home folders, checking application and system folders for appropriate permissions, and collecting daily computer information for submission to the Kandji tenant. The daily check-in follows the same sequence as the recurring one, starting after executing Blueprint Parameters. Once all Library Items are completed, the application inventory is sent back to Kandji.
Forcing a Daily Check-In
To force daily check-in, run the following command in Terminal:
sudo kandji run --reset-daily
A daily check-in can also be forced using the sync button in Self Service.
- Open the Kandji Self Service app.
- Navigate to the Device Info section on the left.
- Click Sync.
MDM Daily Check-In
- Frequency: Every 24 hours
- Mechanism: Apple Push Notification Service (APNs) / MDM Framework
- Description: This check-in involves executing the following MDM commands to update device information:
- ProfileList
- InstalledApplicationsList
- SecurityInfo
- CertificateList
- AvaliableOSUpdates
- DeviceInformation
Forcing an MDM Daily Check-In
To force the daily MDM commands, run the following command in Terminal:
sudo kandji update-mdm
MDM Commands & Profiles
- Frequency: Instant
- Mechanism: APNs / MDM Framework
- Description: This check-in allows for instant execution of any MDM command, such as wiping a device, setting a device name, or installing applications. It also includes any profile deployed via a Library Item.
How Instant is MDM Communication?
MDM servers send a unique notification to the Apple Push Notification service, prompting managed devices to check in with their MDM server. Apple devices regularly poll APNs for these notifications, enabling almost immediate management of devices that are online. Consequently, there isn’t a set check-in time for MDM commands, nor is there a way to enforce a check-in.