Kandji MCP. Audit every device and security policy in your fleet.
Kandji connects your AI agent directly to Apple's Mobile Device Management system. Audit, manage, and enforce compliance across entire macOS and iOS fleets from a single prompt. This MCP lets you retrieve specific device details, track user assignments, check security blueprints, and audit historical management commands without logging into the Kandji dashboard.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
Retrieve comprehensive lists of all managed Apple devices, including their OS version and unique IDs.
List available security parameters (policies) and blueprints to understand how your organization categorizes device compliance.
View logs of management activity, recent commands sent to devices (like wipes or restarts), and account changes over time.
List all users associated with the fleet, as well as every custom and auto-deployed application running on those machines.
Confirm details about your Kandji account identity before executing large-scale audit commands.
Ask an AI about this
Waiting for input…
What AI agents can do with Kandji: Device & Compliance Audits (10 Tools)
These tools let your AI agent perform deep audits on every aspect of your Apple device fleet—from current software versions to historical security commands.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Kandji MCPGet Device
Retrieves deep, specific details and metadata for a single, named Apple asset.
Get Organization
Verifies your account's identity by retrieving core details about the Kandji...
List Activity
Gathers a chronological list of recent system changes and management actions taken...
List Auto Apps
Lists all standard software libraries that Kandji manages for deployment across your...
List Blueprints
Shows the available templates used to categorize, configure, and enforce standards...
List Commands
Lists recent remote management commands sent out, such as Lock, Wipe, or Restart actions.
List Custom Apps
Provides a list of proprietary or non-store applications that have been deployed to your fleet.
List Devices
Returns a complete roster of all managed Apple devices, showing their IDs, names...
List Parameters
Lists every available security control or policy parameter that can be used to...
List Users
Retrieves a comprehensive list of all users associated with your managed devices...
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The Kandji integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Kandji, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Kandji. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
The pain of manual compliance audits
Today, proving that your entire corporate fleet meets security standards is an exercise in clicking. You have to jump between the device roster tab, the user management section, and several different policy dashboards just to piece together a single report. Then you copy-paste those details into a spreadsheet for review.
With this MCP, the process changes entirely. Your agent handles that tedious navigation. You ask it one question—for example, 'Show me all devices missing mandatory encryption'—and it pulls the data from list_devices and compares it against the status found in list_parameters. The result is an immediate, actionable report.
Get instant device inventory with Kandji MCP
Manually tracking which devices are running out-of-date software or haven't been assigned a user requires multiple checks across the dashboard. You have to check list_devices, then open details for each one, and finally cross-reference with list_users.
Now, you just ask your agent: 'List all MacBooks that are running macOS Monterey or older.' The MCP runs the necessary queries and delivers a filtered list right away. It's immediate audit power.
What Kandji MCP does for your AI
Managing large groups of Apple devices involves dozens of dashboards, reports, and manual checks. With this connector, your AI agent handles that overhead. You can query everything from basic device inventory to deep security compliance status in plain language. Need to know which user owns a specific Mac? Or check if the latest OS patch was applied across 50 units? Your agent pulls those details for you.
It acts as an automated extension of your existing IT workflow, allowing you to gather comprehensive reports on device health and security history instantly. When connected via Vinkius, this MCP becomes a key part of your overall enterprise intelligence layer, letting any compatible AI client execute complex auditing tasks across multiple systems—all without needing to know the underlying Kandji API structure.
019d75bf-2f03-7202-a8e6-2d6b34f5f0d6 
How to set up Kandji MCP
The bottom line is: your AI client gets actionable device security reports without you ever touching an MDM console.
Tell your agent the specific data point you need, such as 'list all devices in California' or 'show last week's security changes.'
The MCP translates that request into the necessary Kandji API calls and fetches the structured report data.
Your agent receives a clean, summarized output, allowing you to immediately read, analyze, and act on the compliance findings.
Who uses Kandji MCP
The IT Operations Engineer who needs to run a full compliance audit before a major rollout. The Security Analyst who has to prove data retention policies manually. Or the Systems Administrator tired of clicking through multiple dashboards just to answer one question about device status.
Running routine fleet checks, such as listing all managed devices and checking if required software is deployed across every unit.
Auditing system changes and tracking administrative activity to ensure policy adherence and detect unauthorized access attempts.
Verifying user assignments across the entire device pool or checking which security blueprints are active for new hardware deployments.
Benefits of connecting Kandji MCP
You eliminate the need to manually cross-reference spreadsheets. By using list_devices, you get a real-time roster of every Apple asset currently enrolled in the network.
Never waste time guessing compliance status again. Use list_parameters and list_blueprints to see exactly what policies are available and how your devices are categorized for enforcement.
When something goes wrong, you don't have to guess why. By running list_activity or viewing recent management commands via list_commands, you get a full audit trail of who did what and when.
Finding out who owns a device used to take digging through multiple tabs. Now, calling list_users instantly maps every asset back to its primary user account.
It saves hours of work by letting your agent aggregate information from different sources—like combining list_devices data with list_custom_apps data—in one query.
Kandji MCP use cases
Pre-Audit for New Policy Rollout
An engineer needs to deploy a new security policy. They ask their agent to first run list_devices and then use get_device on several sample units. The agent compiles the current OS version and compliance status of each, ensuring no device falls outside the acceptable range before deployment.
Investigating Device Loss
A user reports a lost Mac computer. The analyst asks their agent to check list_activity and list_commands for that specific device ID. The agent quickly identifies if the last recorded action was a 'Wipe' command or if there are any unusual system changes in the logs.
Onboarding New Departments
A manager needs to ensure all new employees have correct software and user assignments. They ask their agent to list_users for a specific department, then run list_custom_apps to confirm that the required departmental applications are installed on every assigned device.
Compliance Reporting
The security team needs proof of adherence to regulations. They ask their agent to pull data using list_parameters and get_organization details, generating a report proving that all managed assets meet the minimum required security controls defined by the organization.
Kandji MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Asking for 'All device data'
The agent gets overwhelmed with raw JSON dumping every single metadata point, making it impossible to find the specific OS version or user ID they needed.
Instead of general queries, use list_devices first to get a clean roster. Then, if you need deep detail on one unit, call get_device using the specific device name or ID.
Ignoring historical context
The team sees a compliance failure today but doesn't know when it started. They just check the current dashboard view.
Always run list_activity to get recent management history. This tool shows exactly which administrative change or system event caused the deviation, giving you critical context.
Assuming a policy exists
A user assumes 'Disk Encryption' is an available setting and tries to enforce it without checking if the blueprint supports it.
First run list_parameters. This tool lists all valid security controls, ensuring you only attempt to configure policies that actually exist in your Kandji environment.
When to use Kandji MCP
Use this MCP if your primary need is automating IT auditing and compliance checks against a standardized Apple MDM system (macOS/iOS). This connector excels at listing assets (list_devices), verifying ownership (list_users), and proving policy adherence by checking available controls (list_parameters).
Don't use it if you are trying to manage non-Apple hardware (like Windows desktops) or if your goal is communicating with a separate system, like an HR database. For cross-platform data integration, look for a general enterprise connector type. If your task involves writing code that uses the device data but doesn't read it from Kandji, you might need to integrate this MCP output into a workflow automation tool instead.
Frequently asked questions about Kandji MCP
How do I find out which user owns a specific device using Kandji MCP? +
You can use the list_users tool to view all associated users and then reference those results against your device inventory. This confirms ownership records quickly.
Does Kandji MCP allow me to see past security changes? +
Yes, run list_activity to get a historical log of recent management actions and system events. It gives you the audit trail for compliance review.
Can I check what apps are installed on my devices with Kandji MCP? +
You can use both list_auto_apps and list_custom_apps to see all standard and proprietary software deployed across your entire fleet.
How do I audit the overall scope of my account in Kandji MCP? +
Use get_organization to verify core identity details about your Kandji setup. This is a good first step before running large-scale audits.