Kandji automates Apple IT

The buoyant Apple-in-the-enterprise space is fascinating to watch as it grows and evolves, in part because not so many years ago it didn’t really exist. Now that it does, this part of the device management and services industry is remarkable in that vendors are working hard to diversify what they provide.

Take a look, for example at how Jamf is blending device management with tough securityMosyle’s focus on MSPs, and the many other players who are becoming increasingly focused on specific verticals. I see this diversification of approaches as an incredibly positive sign that represents the health of this part of Apple-related industry.

The latest such move comes from Kandji, which has optimized the device management experience it provides with something it calls “Assignment Maps.”

What are Assignment Maps?

Assignment Maps automate the assignment of settings and apps to Apple devices. This basically means IT can implement configurations remotely and automatically. The idea is that it streamlines IT workflows. 

How do Assignment Maps work?

To some extent, Assignment Maps reflect Kandji’s core ‘Blueprints” concept. Those consist of collections of Library Items that deploy profiles, settings, scripts, security controls, and apps to devices. With these, devices are configured at scale in response to the Blueprint to which they’ve been assigned. You could have a different Blueprint (and different apps and permissions) for the sales people than for the marketing department, for example.

Assignment Maps work via a concept of assignment nodes. A node is a collection of settings and configurations assigned to a group of devices. The idea is that you might have one node that applies to all company devices, and a sequence of other nodes that are applied to reflect particular roles, tasks, or locations. For IT teams, it means configurations can easily be grouped together and nested, ideally optimizing deployment workloads while enabling devices to be configured precisely in line with business needs.

There are other features, including a new tool to identify why specific items were installed or configured on a device, and systems to prevent conflicting settings from being set on the same device. You’ll find out more about the service here.

Eat to the beat

As we wait on Apple’s announcements at WWDC next week, Apple admins are beginning to consider what fresh challenges they’ll need to overcome to manage their fleets. For many, perhaps the biggest obstacle they may need to be overcome will be how Apple deploys generative AI (genAI) across its platforms.

While for many that will be of huge benefit in terms of getting things done, IT will need to ensure it has mitigation strategies in place to constrain sharing of confidential data — particularly if Apple takes a hybrid approach with both on-device and cloud support, from Apple and third party services.

Solutions that enable granular control — enabling the use of genAI at the edge and forbidding access to not-yet-trusted cloud providers — will inevitably enter currency, and the “one screen manages all” approach championed by most device management vendors will be part of the response to this.

Expect more news at WWDC

That’s going to require Apple to craft APIs to manage such use, and it seems certain that once genAI is baked deep inside all Apple’s platforms IT will require some way to manage how it is used and what data is shared — particularly where third-party services are concerned.

There will be other changes within Apple’s platforms that concern the enterprise, of course, (constraining use of unverified third-party app stores, for example). And yet the beauty of the ecosystem surrounding Apple’s products is that when it comes to large enterprise deployments of new technologies at scale and at device level, a major industry now exists to help your business through.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

​The buoyant Apple-in-the-enterprise space is fascinating to watch as it grows and evolves, in part because not so many years ago it didn’t really exist. Now that it does, this part of the device management and services industry is remarkable in that vendors are working hard to diversify what they provide.

Take a look, for example at how Jamf is blending device management with tough security, Mosyle’s focus on MSPs, and the many other players who are becoming increasingly focused on specific verticals. I see this diversification of approaches as an incredibly positive sign that represents the health of this part of Apple-related industry.

The latest such move comes from Kandji, which has optimized the device management experience it provides with something it calls “Assignment Maps.”

What are Assignment Maps?

Assignment Maps automate the assignment of settings and apps to Apple devices. This basically means IT can implement configurations remotely and automatically. The idea is that it streamlines IT workflows. 

How do Assignment Maps work?

To some extent, Assignment Maps reflect Kandji’s core ‘Blueprints” concept. Those consist of collections of Library Items that deploy profiles, settings, scripts, security controls, and apps to devices. With these, devices are configured at scale in response to the Blueprint to which they’ve been assigned. You could have a different Blueprint (and different apps and permissions) for the sales people than for the marketing department, for example.

Assignment Maps work via a concept of assignment nodes. A node is a collection of settings and configurations assigned to a group of devices. The idea is that you might have one node that applies to all company devices, and a sequence of other nodes that are applied to reflect particular roles, tasks, or locations. For IT teams, it means configurations can easily be grouped together and nested, ideally optimizing deployment workloads while enabling devices to be configured precisely in line with business needs.

There are other features, including a new tool to identify why specific items were installed or configured on a device, and systems to prevent conflicting settings from being set on the same device. You’ll find out more about the service here.

Eat to the beat

As we wait on Apple’s announcements at WWDC next week, Apple admins are beginning to consider what fresh challenges they’ll need to overcome to manage their fleets. For many, perhaps the biggest obstacle they may need to be overcome will be how Apple deploys generative AI (genAI) across its platforms.

While for many that will be of huge benefit in terms of getting things done, IT will need to ensure it has mitigation strategies in place to constrain sharing of confidential data — particularly if Apple takes a hybrid approach with both on-device and cloud support, from Apple and third party services.

Solutions that enable granular control — enabling the use of genAI at the edge and forbidding access to not-yet-trusted cloud providers — will inevitably enter currency, and the “one screen manages all” approach championed by most device management vendors will be part of the response to this.

Expect more news at WWDC

That’s going to require Apple to craft APIs to manage such use, and it seems certain that once genAI is baked deep inside all Apple’s platforms IT will require some way to manage how it is used and what data is shared — particularly where third-party services are concerned.

There will be other changes within Apple’s platforms that concern the enterprise, of course, (constraining use of unverified third-party app stores, for example). And yet the beauty of the ecosystem surrounding Apple’s products is that when it comes to large enterprise deployments of new technologies at scale and at device level, a major industry now exists to help your business through.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Read More