Kandji MCP. Audit your entire Apple device fleet status.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Kandji MCP Server manages Apple device security, blueprints, and user accounts via the Kandji MDM API. Your AI client can list all enrolled devices, check system security parameters, audit user access, and view administrative actions across macOS and iOS fleets.
Use it to automate IT operations and ensure compliance across your entire device pool.
What your AI agents can do
Get device
Retrieves specific details for one managed Apple device.
Get organization
Fetches details about the Kandji organization account.
List activity
Lists recent management actions and system events for auditing purposes.
Retrieves a list of all managed Apple devices, including their IDs, names, and OS versions.
Fetches the full inventory and security metadata for a single, specific Apple device.
Lists recent management actions and system events across the entire Kandji organization.
Lists all available device blueprints and custom applications used to configure the fleet.
Retrieves details about the Kandji organization or lists all associated users.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Kandji MCP Server: 10 Tools for Device & Security Audits
Use these tools to query device status, audit user accounts, and review security policies across your entire Kandji-managed fleet.
019d75bfget device
Retrieves specific details for one managed Apple device.
019d75bfget organization
Fetches details about the Kandji organization account.
019d75bflist activity
Lists recent management actions and system events for auditing purposes.
019d75bflist auto apps
Lists all standard software libraries managed by Kandji.
019d75bflist blueprints
Lists all device blueprints, showing how the fleet is configured.
019d75bflist commands
Lists recent remote actions (Lock, Wipe, Restart) sent to managed devices.
019d75bflist custom apps
Lists all non-store applications deployed to the devices.
019d75bflist devices
Lists all managed Apple devices in the Kandji system.
019d75bflist parameters
Lists all available security policy parameters (policies) for auditing.
019d75bflist users
Lists all user accounts associated with the managed devices.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Kandji, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
You've got the Kandji MCP Server hooked up, so your AI client can handle all the heavy lifting for your Apple devices. You can use list_devices to grab a rundown of every managed Apple device, getting their IDs, names, and OS versions. Need to dig into a specific machine? Use get_device to fetch all the full inventory and security metadata for one device.
To track what's been going down across the whole Kandji organization, list_activity shows recent management actions and system events. You can check out the available device blueprints with list_blueprints to see how your whole fleet is configured. To see what kind of apps you're deploying, list_auto_apps shows all standard software libraries, and list_custom_apps lists any non-store apps.
You can run list_parameters to get a list of every security policy parameter, which is key for auditing. You'll find all the associated user accounts by calling list_users, and you can see the details about the Kandji organization itself using get_organization. If you need to know what remote actions were sent out—like Locks, Wipes, or Restarts—check list_commands.
How Kandji MCP Works
- 1 Your AI client calls the appropriate function (e.g.,
list_devices) and provides any required parameters, like a device ID or date range. - 2 The Kandji MCP Server executes the API request, communicating with the Kandji platform.
- 3 Your agent receives a structured, plain-text response containing the requested data (e.g., a list of all device names and OS versions).
The bottom line is you get structured data about your Apple devices and security status, without having to manually navigate the Kandji console.
Who Is Kandji MCP For?
The IT Operations Engineer who spends all day clicking through dashboards to compile compliance reports. The Security Analyst who needs to audit device status across hundreds of machines. Any system administrator dealing with large, mixed-OS device fleets.
Runs nightly audits to ensure every device reports its current OS version and that all mandatory security profiles are applied.
Uses the agent to look up recent activity (list_activity) and check if any device deviates from the established security blueprints.
Verifies that a new device is properly enrolled and checks its specific details using get_device before allowing it onto the network.
What Changes When You Connect
- See every enrolled Mac and iOS device using
list_devices. You get device names, IDs, and OS versions in one call, eliminating manual inventory reports. - Audit security posture instantly. Use
list_parametersto check all available security controls, andget_deviceto verify if a specific unit is using the correct policy. - Track changes and security breaches with
list_activity. This tool gives you a log of recent management actions, so you know exactly who did what and when. - Verify your entire user base with
list_users. It provides a clean list of all primary users tied to the devices, which is critical for offboarding procedures. - Understand how devices are configured by running
list_blueprints. This shows you the standard configuration templates used across the entire organization. - Review remote actions with
list_commands. This tool shows you a history of commands like 'Wipe' or 'Lock' that have been sent to devices.
Real-World Use Cases
Compliance Check After Policy Change
The Security Analyst needs to confirm that the new corporate VPN policy was applied to all 500 MacBooks. They run list_devices to get the full list, then iterate through the IDs, calling get_device for each one to verify the policy metadata. The agent returns a report of non-compliant machines.
Investigating a Suspicious Device
A device is reported as compromised. The agent immediately calls list_activity to check the last 24 hours of management events, then uses get_device with the device ID to pull its current security parameters and check for unusual deployments.
Offboarding a Former Employee
The System Admin needs to revoke access for a departing user. They use list_users to confirm the user's account ID, then use list_commands to trigger a 'Wipe' command on all associated devices, confirming the action was logged.
Auditing Custom Software Deployments
The IT Engineer wants to know what non-standard apps are running. They call list_custom_apps to get a manifest of all installed third-party software, making it easy to spot unauthorized installations.
The Tradeoffs
Manual Dashboard Scraping
Opening the Kandji web portal, clicking 'Devices,' exporting the CSV, then opening 'Security' and running a separate query. This takes 30 minutes and misses key relationships.
→
Use the Kandji MCP Server. Start by calling list_devices to get the core inventory. Then, call list_parameters to see the available security controls, and feed that data into your agent for a single, comprehensive compliance report.
Over-relying on single tools
Calling only list_devices gives you IDs and OS versions, but tells you nothing about the user or the current security status.
→
You need multiple calls. First, run list_devices. Then, use the IDs found to call get_device for detailed status, and finally, call list_users to link the device to the correct owner.
Assuming data freshness
Relying on cached data or outdated reports that don't reflect real-time changes in the device fleet.
→
The MCP Server connects live. Use list_activity to pull the most recent, real-time management events, ensuring your audit data reflects the current state of the fleet.
When It Fits, When It Doesn't
Use this if you need to automate tasks that require structured, granular data about Apple device compliance, inventory, or user status. Specifically, if your workflow needs to combine data points—for example, pairing a device ID from list_devices with a security policy name from list_parameters and the owner from list_users—this is the tool. Don't use this if your goal is simply to view a high-level, non-actionable dashboard summary. If you just need a general overview of the organization structure, basic API calls might suffice, but this tool gives you the depth and the specific tools to handle complex, multi-step audits. If your problem is pure data visualization without an action layer, look at general API connectors, but for MDM-level control, this is the standard.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Kandji. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Inventorying a device fleet shouldn't require logging into 10 different dashboards.
Today, checking device compliance is a nightmare. You jump into the MDM portal, export the device list, then you have to open the user management section to find out who owns what. Then you check the security tab to see if the latest OS patch is applied, and if it isn't, you have to manually ticket it. It's copy-paste hell.
With the Kandji MCP Server, you just ask your agent for the inventory. It runs `list_devices` and `list_users` simultaneously. You get a structured list that tells you the device name, the owner, and the OS version—all in one go. You get the data, not the headache.
Kandji MCP Server: Audit device and security status.
Before this, checking if a device was wiped or locked required digging through the 'Activity Log' and hoping the event was indexed correctly. It was a deep, manual dive into historical logs.
Now, you ask your agent to check the system history. It runs `list_activity` and gives you a clean, filterable record of the exact management actions. You know exactly what happened, when it happened, and why. It's instant.
Common Questions About Kandji MCP
How do I use the `get_device` tool with a device ID? +
You pass the specific device ID to get_device. The agent returns all the device's metadata, including its current security parameters and configuration, allowing you to verify its compliance status.
Can I use `list_activity` to find out who changed a policy? +
Yes. list_activity tracks all recent management actions. By filtering the log, you can pinpoint the exact user, the time, and the policy that was changed.
What is the difference between `list_devices` and `get_device`? +
list_devices returns a broad list of all enrolled devices for a quick audit. get_device drills down, providing the full, detailed metadata for a single device.
How does `list_blueprints` help with device setup? +
list_blueprints shows you the standardized configuration templates. This lets you verify that the devices are configured using the expected, approved setup.
How do I check for specific security settings using the `list_parameters` tool? +
You use list_parameters to view every available security control. This lets your agent identify specific policies, like requiring a minimum OS version or enabling FileVault, which you can then check against individual devices.
What information does `list_users` provide about device ownership? +
list_users gives you a roster of all users connected to the organization. It maps user accounts to specific device IDs, making it easy to audit who owns which piece of hardware.
Is there a way to audit remote actions using `list_commands`? +
Yes, list_commands tracks MDM actions sent to devices. You can see when commands like 'Lock', 'Wipe', or 'Restart' were executed, providing a clear audit trail of remote management events.
How can I compare all deployed software using `list_auto_apps` and `list_custom_apps`? +
You run both list_auto_apps and list_custom_apps to get a full picture of deployed software. This separates built-in Kandji apps from third-party custom apps, helping you quickly verify the complete software stack on your fleet.
How do I get Kandji API credentials? +
Log in to your Kandji account, navigate to Settings > Access > API Token, and generate a new token. You also need your tenant's API URL.
What is the API URL? +
The API URL is specific to your Kandji instance (e.g., https://yourtenant.api.kandji.io). You can find this in your Kandji API settings.
Can I see remote commands? +
Yes, the list_commands tool allows you to retrieve a history of MDM commands sent to your managed devices.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
IPGeolocation.io
Real-time IP geolocation, security intelligence, and timezone data — identify locations, detect VPNs, and manage timezones directly via AI.
Authkey
Send transactional SMS, voice OTPs, and WhatsApp messages through a unified communication gateway for user verification.
Intruder
Automate vulnerability scanning and security monitoring via Intruder.io API.
You might also like
ZIP Codes API
Manage ZIP code data — audit locations, distances, and regions via AI.
Deterministic Faker Data Engine
Generate thousands of mock names, addresses, and paragraphs instantly. Perfectly deterministic, 100% local, and ready for E2E testing.
Clustdoc
Manage client onboarding and workflows via Clustdoc — track dossiers, monitor applications, and automate invitations directly from any AI agent.