# Kandji MCP

> Kandji connects your AI agent directly to Apple's Mobile Device Management system. Audit, manage, and enforce compliance across entire macOS and iOS fleets from a single prompt. This MCP lets you retrieve specific device details, track user assignments, check security blueprints, and audit historical management commands without logging into the Kandji dashboard.

## Overview
- **Category:** security-compliance
- **Price:** Free
- **Tags:** mdm, apple-device-management, fleet-security, it-automation, macos-management, ios-security

## Description

Managing large groups of Apple devices involves dozens of dashboards, reports, and manual checks. With this connector, your AI agent handles that overhead. You can query everything from basic device inventory to deep security compliance status in plain language. Need to know which user owns a specific Mac? Or check if the latest OS patch was applied across 50 units? Your agent pulls those details for you.

It acts as an automated extension of your existing IT workflow, allowing you to gather comprehensive reports on device health and security history instantly. When connected via Vinkius, this MCP becomes a key part of your overall enterprise intelligence layer, letting any compatible AI client execute complex auditing tasks across multiple systems—all without needing to know the underlying Kandji API structure.

## Tools

### get_device
Retrieves deep, specific details and metadata for a single, named Apple asset.

### get_organization
Verifies your account's identity by retrieving core details about the Kandji organization itself.

### list_activity
Gathers a chronological list of recent system changes and management actions taken within the platform.

### list_auto_apps
Lists all standard software libraries that Kandji manages for deployment across your devices.

### list_blueprints
Shows the available templates used to categorize, configure, and enforce standards on different device groups.

### list_commands
Lists recent remote management commands sent out, such as Lock, Wipe, or Restart actions.

### list_custom_apps
Provides a list of proprietary or non-store applications that have been deployed to your fleet.

### list_devices
Returns a complete roster of all managed Apple devices, showing their IDs, names, and OS versions.

### list_parameters
Lists every available security control or policy parameter that can be used to secure the environment.

### list_users
Retrieves a comprehensive list of all users associated with your managed devices, confirming ownership records.

## Prompt Examples

**Prompt:** 
```
List all managed Mac computers in Kandji.
```

**Response:** 
```
I'll fetch the list of all Apple devices currently enrolled in your Kandji account.
```

**Prompt:** 
```
Show me the details for device ID 'abc-123'.
```

**Response:** 
```
I'll retrieve the full inventory and security metadata for that specific Apple device.
```

**Prompt:** 
```
Check recent administrative activity in Kandji.
```

**Response:** 
```
I'll look up the log of recent management actions and system events in your Kandji account.
```

## Capabilities

### Audit Device Inventory and Status
Retrieve comprehensive lists of all managed Apple devices, including their OS version and unique IDs.

### Examine Security Configuration
List available security parameters (policies) and blueprints to understand how your organization categorizes device compliance.

### Track Historical Events
View logs of management activity, recent commands sent to devices (like wipes or restarts), and account changes over time.

### Identify Ownership and Software
List all users associated with the fleet, as well as every custom and auto-deployed application running on those machines.

### Verify Organizational Scope
Confirm details about your Kandji account identity before executing large-scale audit commands.

## Use Cases

### Pre-Audit for New Policy Rollout
An engineer needs to deploy a new security policy. They ask their agent to first run list_devices and then use get_device on several sample units. The agent compiles the current OS version and compliance status of each, ensuring no device falls outside the acceptable range before deployment.

### Investigating Device Loss
A user reports a lost Mac computer. The analyst asks their agent to check list_activity and list_commands for that specific device ID. The agent quickly identifies if the last recorded action was a 'Wipe' command or if there are any unusual system changes in the logs.

### Onboarding New Departments
A manager needs to ensure all new employees have correct software and user assignments. They ask their agent to list_users for a specific department, then run list_custom_apps to confirm that the required departmental applications are installed on every assigned device.

### Compliance Reporting
The security team needs proof of adherence to regulations. They ask their agent to pull data using list_parameters and get_organization details, generating a report proving that all managed assets meet the minimum required security controls defined by the organization.

## Benefits

- You eliminate the need to manually cross-reference spreadsheets. By using list_devices, you get a real-time roster of every Apple asset currently enrolled in the network.
- Never waste time guessing compliance status again. Use list_parameters and list_blueprints to see exactly what policies are available and how your devices are categorized for enforcement.
- When something goes wrong, you don't have to guess why. By running list_activity or viewing recent management commands via list_commands, you get a full audit trail of who did what and when.
- Finding out who owns a device used to take digging through multiple tabs. Now, calling list_users instantly maps every asset back to its primary user account.
- It saves hours of work by letting your agent aggregate information from different sources—like combining list_devices data with list_custom_apps data—in one query.

## How It Works

The bottom line is: your AI client gets actionable device security reports without you ever touching an MDM console.

1. Tell your agent the specific data point you need, such as 'list all devices in California' or 'show last week's security changes.'
2. The MCP translates that request into the necessary Kandji API calls and fetches the structured report data.
3. Your agent receives a clean, summarized output, allowing you to immediately read, analyze, and act on the compliance findings.

## Frequently Asked Questions

**How do I find out which user owns a specific device using Kandji MCP?**
You can use the list_users tool to view all associated users and then reference those results against your device inventory. This confirms ownership records quickly.

**Does Kandji MCP allow me to see past security changes?**
Yes, run list_activity to get a historical log of recent management actions and system events. It gives you the audit trail for compliance review.

**Can I check what apps are installed on my devices with Kandji MCP?**
You can use both list_auto_apps and list_custom_apps to see all standard and proprietary software deployed across your entire fleet.

**How do I audit the overall scope of my account in Kandji MCP?**
Use get_organization to verify core identity details about your Kandji setup. This is a good first step before running large-scale audits.