Sold by: Iru
Deployed on AWS
Free Trial
AWS Free Tier
Kandji is device management (MDM) and security built specifically to meet the unique needs of the Apple platform, with advanced endpoint detection and response optionally delivered through a single unified agent. Kandji is a modern, cloud-based solution to centrally manage and secure your Mac, iPhone, iPad, and Apple TV devices, saving IT teams countless hours of manual, repetitive work with features like one-click compliance templates and 150+ pre-built automations, apps, and workflows.
4.7
Overview
Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we are bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.
Features include:
True zero touch deployment Kandji takes the heavy lifting out of user setup with an interface built to give you more control without the technical challenges or unnecessary scripting. Our platform is clean, elegant, and customizable, allowing you to manage and elevate those crucial first-touch experiences. Start teams with the right apps, settings, and security controls, reduce support volume, and increase your onboarding efficiency.
Deep IdP and SSO Integration Make life simpler for your users with a single sign-on that does not sacrifice security. Automatically assign blueprints and controls based on user data from your identity provider. Create a login experience that is distinctly yours but matches the ease and style Apple users expect.
Self-healing device controls More than 150 toggle-on security settings allow you to customize nearly every aspect of your devices without additional scripting or configuration. All are monitored and enforced by the Kandji Agent, so they are automatically remediated if they slip out of spec.
Automated app patching Ensure users are always running the right software versions without the manual work of packaging, testing, or deployment. Kandji does the heavy lifting for you without interrupting users work.
Managed OS updates Managed OS is built-in to the Kandji platform and puts you in control of macOS across your fleet. Kandji supports all macOS updates from major overhauls to minor patches, and all updates are fully-enforced, so you never have to worry about teams running the correct version.
One-Click compliance templates Our pre-built templates, mapped to NIST, CIS, and STIG frameworks, deploy advanced security across your Mac fleet in minutes with the ability to customize individual settings.
Integrated endpoint security & response Kandji can deliver advanced endpoint security and response functionality through the same agent as management, radically simplifying Mac security. Kandji EDR gathers all metadata on files, analyzes them, detects the potential for malicious activity, and quarantines problems, all in the span between a user clicking download and the download completing.
Accelerated MDM migration The Kandji MDM migration tool and expert support take the stress out of switching from your old MDM solution. Our Migration Agent is custom-designed to fit your needs, deploys from your current MDM, and reduces user interaction to just a few clicks.
Unmatched Support Every Kandji support engineer has Mac admin experience, so we are like an extension of your company, available 24 hours a day, 5 days a week, and available to you free of charge. We know where you are coming from and provide peer-to-peer guidance on reaching your goals with device management and security.
For custom pricing, EULA, or a private contract, please contact aws-marketplace@kandji.io , for a private offer.
Highlights
- Zero-touch deployment Apple devices purchased through authorized resellers and managed with Kandji automatically transform themselves into enterprise-ready endpoints the first time they power on with all the right apps, settings, and security controls in place.
- Effortless management and compliance With automated updates for the OS and a library of 100+ business apps, admins can trust their device fleet will always stay up-to-date with the latest patches and features. And with blueprints that automatically enforce the things companies need to harden their fleet and meet benchmarks with the push of a button, it has never been easier to attain and maintain device compliance.
- Powerful detection and response Kandji runs MDM and EDR via a single agent, making advanced security simple to deploy and unremovable from devices. Kandji allows companies to see and respond to security threats instantly, with a detection powered by one of most comprehensive threat intelligence engines in the Apple ecosystem.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Kandji MDM | Apple-specific Device Management | $25,000.00 |
Kandji EDR | Apple-specific Endpoint Detection and Response (requires Kandji MDM) | $25,000.00 |
Kandji Vulnerability Management | Apple-specific Vulnerability Management (requires Kandji MDM) | $25,000.00 |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Chat: Live chat is available 24 / 5 via the Chat Bubble at the bottom right of the Kandji Web App. Support hours begin Sundays at 22:00 (UTC) and end Saturdays at 01:00 (UTC) (excluding company holidays). Email: Reach out to us via email at support@kandji.io Knowledge Base: Available 24 / 7 at support.kandji.io, you'll find overviews of all areas of Kandji and frequently asked questions. You can also submit a ticket from anywhere in our Knowledge Base at the top or bottom of the page. Please email us at support@kandji.io
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Top
10
In Device Security, Device Management
Top
10
In Device Management, IT Business Management
Top
50
In Device Management, Device Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Zero-Touch Device Deployment
Automatic transformation of Apple devices into enterprise-ready endpoints upon first power-on with pre-configured apps, settings, and security controls without user intervention.
Identity Provider and Single Sign-On Integration
Deep integration with identity providers enabling automatic blueprint and control assignment based on user data, with support for customized login experiences.
Self-Healing Security Controls
Over 150 configurable security settings monitored and automatically enforced by the Kandji Agent with automatic remediation if settings drift from specified configuration.
Unified Endpoint Detection and Response
Single agent delivering both MDM and EDR functionality with file metadata analysis, malicious activity detection, and quarantine capabilities during file download operations.
Compliance Framework Templates
Pre-built security templates mapped to NIST, CIS, and STIG frameworks enabling rapid deployment of advanced security configurations across device fleets with customizable individual settings.
Zero-Touch Device Deployment
Deploy devices to any employee anywhere by integrating with Apple deployment programs to deliver fully customized devices without manual intervention.
Dynamic Device Grouping and Automation
Utilize patented Smart Groups technology to automatically trigger real-time alerts and actions based on inventory data for dynamic device management.
Configuration and Policy Management
Apply configuration profiles, policies, and scripts to standardize Apple device settings and automate management across the fleet.
Application Distribution and Management
Integrate with Apple Business Manager to automate app assignment to users or devices and manage the app environment securely.
Native Security Implementation
Leverage native Apple security features to manage device settings, restrict malicious software, and deploy patches across Apple devices without user interaction.
Unified Endpoint Management
Manage multiple device types and operating systems including Android, iOS, iPadOS, Chrome OS, AR/VR devices, wearables, and rugged devices from a single console
Mobile Threat Defense
Enable mobile threat defense with continuous on-device protection and near real-time dashboards to identify and remediate security risks
Device Enrollment and Onboarding
Support Over-the-Air (OTA) device enrollment, Apple Business Manager integration, and Android Enterprise zero-touch enrollment for streamlined device setup
Enterprise Mobility Management
Provide MDM and EMM capabilities with containerization and device security features for inventory visibility of devices, apps, content, and corporate data across corporate-owned and BYOD programs
AI-Powered Security Automation
Deliver AI-powered real-time alerts and automated security policy enforcement through the Compliance Engine and Action Orchestrator for routine and complex endpoint tasks
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
-
-
No security profile
Standard contract
No
No
No
Customer reviews
Ange Louis
Centralized device policies have saved our team time and control app access effectively
Reviewed on Apr 20, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Kandji is that it is an MDM platform, so I mainly use it for MDM , controlling all of our company organization's devices, ensuring that the proper device gets the proper policy.
A really quick example of how I use Kandji for device management or policy enforcement in my daily work would be that I don't want certain people to have the ability to download Chrome extensions, so I just create a policy that blocks them from having to do so.
Another example is that we look through all the apps that people are supposed to have, and then the ones that we want them to have, we just deploy it on Kandji.
What is most valuable?
Probably the best feature of Kandji is their customer support; that's their best feature.
My experience with Kandji's customer support has been that it's really easy to get to a human, and they're really knowledgeable, usually just giving you the answer straight up. If I'm looking to do something that they can't do, then they just say it, and if they can, they'll find a way to get it to work for us.
Kandji has impacted my organization positively.
What needs improvement?
I think Kandji could be improved with a better UI.
For how long have I used the solution?
I have been using Kandji for about seven months.
What do I think about the stability of the solution?
Kandji is stable.
What do I think about the scalability of the solution?
Kandji's scalability is really good.
How are customer service and support?
Kandji's customer support is really good. I would rate the customer support a 10.
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
What was our ROI?
I have seen a return on investment with Kandji, as I save time. Kandji has saved our team about 10 hours a week.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been normal.
Which other solutions did I evaluate?
Before choosing Kandji, I did not evaluate other options.
What other advice do I have?
My advice for others looking into using Kandji is to read through their documentation. I would rate this review a 10.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Cyrus Davis
Strong security structure has supported fast Mac and iOS administration with minimal IT effort
Reviewed on Apr 19, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Kandji is administering our iOS devices and Mac OS devices.
How has it helped my organization?
Kandji has positively impacted our organization by making it so we feel confident in our security structure, and we feel confident that we can pass SOC 2 every year because we know that Kandji is doing what it says it's doing. Kandji is so user-friendly that nobody at our company has had complaints about it. In contrast, when we used Intune , there were complaints all the time that certain apps weren't updating or it was locking people out of apps because they hadn't been updated, and since we were using Intune , they weren't allowed to update their own apps due to us implementing some other security configurations.
What is most valuable?
Kandji offers really easy-to-use features, including a user interface that stands out. I have used Intune in the past for Macs and iOS, and it is so difficult that I would never recommend using it again. The deployment of different applications to devices is really easy, and they actually came out with some updates over the past year and a half that made it even easier.
What makes the user interface of Kandji stand out compared to other solutions I have used is that the graphics are much easier to understand. I appreciate how when I'm creating a blueprint, the way I used to do it in the past had just a whole list of things that I could configure one way or another. However, the way they made it now is based on a graph that goes from left to right, indicating what devices will all get this, and then I can give it an and, if, or statement, and then add more parameters. Additionally, I really appreciate how it has features to help me configure things where it walks me through the process, and it is really easy to get help. If I am ever stuck, I can hit the contact support button, and somebody can see my entire Kandji platform as long as I give them the approval on our system, and they would walk me through everything, making me feel supported even in those times when I don't fully understand how to do something.
What needs improvement?
One area for improvement for Kandji would be having a bigger suite of applications. I noticed that some of the niche apps our data software firm needs were not in the regular library. We were able to use the custom app feature to create those apps ourselves, but I would love it if Kandji could expand the library. I also wish Kandji could lock down different ports on MacBooks based on which ones we wanted to shut down, and I hope there is an easier way to sandbox people's bring your own device devices because when we're doing SOC 2, it really wants us to sandbox things so that if someone were to take a device that is not ours, we could delete just our data off there and not theirs.
An improvement needed for Kandji would be the ability to remote into devices. I would appreciate something that is really reliable for that without having to buy third-party software.
For how long have I used the solution?
I have been using Kandji for the last three years, two of those years actively.
What do I think about the stability of the solution?
Kandji is stable.
What do I think about the scalability of the solution?
I'm not certain about Kandji's scalability since we have remained at about the same headcount the whole time I was at that company.
How are customer service and support?
Kandji's customer support is really good. They got back to us really fast and were always able to help us with our issues.
Which solution did I use previously and why did I switch?
Previously, we used Intune, and we switched because they do not want you to use Macs, making it user-unfriendly. Intune does not deliver on many features for Macs. For instance, if I import a Mac and push out a configuration file stating a pin needs to have certain characteristics, it would fail to execute that. There were always different errors when I tried pushing out an app library, and the scripting requirement complicated things for me, which led us to switch to Kandji.
How was the initial setup?
My experience with Kandji's pricing, setup cost, and licensing was really good. Since we're a small startup, they offered us some really good pricing, likely because they think that when we become a big company, we will still be using them. The whole process was really easy, and the people were down to earth, which I enjoyed.
What was our ROI?
I have seen a return on investment with Kandji since we only need one person for IT support, whereas other companies need a whole fleet. For me, onboarding and offboarding people with their Macs, since we use mainly Macs across our organization and maybe a couple PCs, would require another person if I had to use Intune for all of these tasks. I handle laptop deployments within 20 minutes, and once a month I might spend an hour changing some configurations within Kandji. This definitely helps us to ensure that we only need one IT professional to manage all system administration and IT support, including using Kandji and managing it.
Which other solutions did I evaluate?
Before choosing Kandji, I evaluated other options, including Jamf.
What other advice do I have?
Since switching to Kandji, I save at least three hours a week just for app updates compared to Intune. On Kandji, I can decide whether to automatically push updates for any particular app to all devices and select the date I want that to happen, and it does its thing. In Intune, I would have to go and update the applications, the version numbers, and sometimes delete the application and push a whole new application because I honestly think it's because Intune doesn't want you using Macs and prefers that you use PCs. They have no incentive to make Intune work well with Macs.
My advice to others looking into using Kandji is to definitely give it a try. See if you can get a free demo and maybe a free trial and experience it for yourself, and you won't have any regrets, especially if you're moving from Intune or anything else to Kandji. If you're considering Jamf, it is a lot more expensive, so unless you have very niche reasons needing Jamf over Kandji, I highly recommend saving a bit of money and opting for Kandji. I would rate my overall experience with Kandji a nine.
Management Consulting
Clean, High-Performance Platform with Fair Pricing and Strong Support
Reviewed on Apr 17, 2026
Review provided by G2
What do you like best about the product?
The solution itself is very clean and clear. The functions are easy to understand and change ourselves. The support is generally really good and even the sales teams are clear and don't try to trick you into anything.
You can integrate your SSO solution so saving stress with user names and passwords, and the performance of the system is really good. We've never had an issue with platform performance.
The pricing is fair and for us, the increased compliance for our security standards is excellent. They have implemented an AI system for support and some other bits. It's good so far.
You can integrate your SSO solution so saving stress with user names and passwords, and the performance of the system is really good. We've never had an issue with platform performance.
The pricing is fair and for us, the increased compliance for our security standards is excellent. They have implemented an AI system for support and some other bits. It's good so far.
What do you dislike about the product?
The only downside I’ve found so far is the support around specific integration issues. For example, with Sophos Intercept X, there aren’t clear instructions for implementing Sophos in Iru. I understand the reasoning behind that, but it still doesn’t necessarily help us as a company.
What problems is the product solving and how is that benefiting you?
Iru has transformed how we manage our Apple devices, giving us a clear understanding of our devices, updates, and the users across our systems. The assignment maps have been a great update, making it easier to manage things in a more granular way.
Boudewijn v.
Intuitive Blueprinting and Smooth Apple Device Onboarding with Iru
Reviewed on Apr 15, 2026
Review provided by G2
What do you like best about the product?
What I like most about Iru is the combination of its blueprinting functionality and overall ease of use. The platform is very intuitive, which makes managing Apple devices accessible even without a dedicated IT team.
The blueprinting feature allows us to standardize configurations, security settings, and applications across all devices with minimal effort. This not only improves consistency, but also saves us a significant amount of time in day-to-day management.
Onboarding new users is also very smooth. The enrollment process is straightforward, and users can simply log in with their Microsoft 365 credentials. Within an hour, devices are fully configured and ready to use, creating a seamless experience for both IT and end users.
Overall, Iru strikes a strong balance between usability, automation, and efficient onboarding for our Mac-only environment.
Coming from no prior solution, the investment initially feels significant. However, we strongly believe that a well-implemented MDM solution is essential nowadays, both from a security and operational perspective.
The blueprinting feature allows us to standardize configurations, security settings, and applications across all devices with minimal effort. This not only improves consistency, but also saves us a significant amount of time in day-to-day management.
Onboarding new users is also very smooth. The enrollment process is straightforward, and users can simply log in with their Microsoft 365 credentials. Within an hour, devices are fully configured and ready to use, creating a seamless experience for both IT and end users.
Overall, Iru strikes a strong balance between usability, automation, and efficient onboarding for our Mac-only environment.
Coming from no prior solution, the investment initially feels significant. However, we strongly believe that a well-implemented MDM solution is essential nowadays, both from a security and operational perspective.
What do you dislike about the product?
The initial implementation requires some time and effort, especially if you have general IT affinity but not a deep technical background. Setting up integrations (such as with Microsoft Entra ID) and properly configuring blueprints can involve a fair amount of trial and error.
That said, it is definitely manageable. Iru provides solid documentation and tutorials, and their live chat support is very responsive and helpful when you run into issues.
One area for improvement would be offering more structured implementation support. For example, an optional paid onboarding or guided setup service could help organizations get up and running faster and with more confidence, especially those without a dedicated IT team.
That said, it is definitely manageable. Iru provides solid documentation and tutorials, and their live chat support is very responsive and helpful when you run into issues.
One area for improvement would be offering more structured implementation support. For example, an optional paid onboarding or guided setup service could help organizations get up and running faster and with more confidence, especially those without a dedicated IT team.
What problems is the product solving and how is that benefiting you?
Before using Iru, we didn’t have a centralized way to manage and secure our Apple devices. Device setup was largely manual, which made onboarding time-consuming and increased the risk of inconsistencies in configurations and security settings.
Iru solves this by providing a structured and automated way to manage our entire device fleet. With blueprints and automated policies, we can ensure that every device is configured consistently and meets our security standards from the start.
This has significantly improved our onboarding process — new employees can be up and running within an hour — and reduced the time spent on ongoing device management. It also gives us much better control and visibility over our environment, which is essential from both an operational and security perspective.
For a small consultancy without a dedicated IT department, this has made a noticeable difference in efficiency and reliability.
Iru solves this by providing a structured and automated way to manage our entire device fleet. With blueprints and automated policies, we can ensure that every device is configured consistently and meets our security standards from the start.
This has significantly improved our onboarding process — new employees can be up and running within an hour — and reduced the time spent on ongoing device management. It also gives us much better control and visibility over our environment, which is essential from both an operational and security perspective.
For a small consultancy without a dedicated IT department, this has made a noticeable difference in efficiency and reliability.
reviewer2816877
Remote tools have enabled global laptop wipes and effortless checks of installed apps
Reviewed on Apr 14, 2026
Review provided by PeerSpot
What is our primary use case?
When I use Kandji to erase laptops, I open the browser for Kandji , log in with my account, and figure out the name of the laptop in the Mac browser. I find the Mac and ensure it is connected to the internet. When it is connected to the internet, I click on erase the MacBook, and it performs the task automatically without requiring any additional actions from me.
When I check the specific applications installed on the MacBooks, it does not help me with anything beyond verification. We do not have control or a way to stop things from being installed on laptops, so we simply check when needed. We do not check day by day; we only check if we open a laptop and see something unusual.
What is most valuable?
Kandji offers excellent features, including the ability to erase devices remotely without needing to be in front of the laptop. I also appreciate the ability to check the specific applications installed on the MacBooks.
Kandji has positively impacted my organization because we are a large company with many people around the world. The remote capability is particularly valuable; for example, someone from Boston and I living in Portugal can complete erase jobs remotely. This capability has created a significant impact for our organization.
What needs improvement?
Currently, I cannot recall anything specific that needs improvement. However, I rated Kandji an eight because the laptop needs to be connected to Wi-Fi to erase it. If it did not require a Wi-Fi connection, I would rate it a ten.
For how long have I used the solution?
My main use case for Kandji has been for approximately one year and a half.
What do I think about the stability of the solution?
Kandji is stable at the moment.
What do I think about the scalability of the solution?
Kandji's scalability is good.
What was our ROI?
The remote capability of Kandji has saved my team time and helps us considerably, though I do not have specific numbers to share.
What other advice do I have?
If you have a large company with many Mac users, Kandji is a good tool to help manage your devices. I would rate this product an eight.