Kandji updates kandji.io

New

New

New

New

A set of new API endpoints related to Automated Device Enrollment integration management is now available. These endpoints allow fetching all Automated Device Enrollment integrations for a tenant, as well as the specific devices from each ADE integration and whether or not the device is enrolled yet. Additionally, admins can create, renew, and delete an ADE integration.

These endpoints will not be enabled by default on existing API tokens; they need to be explicitly enabled within the token's permissions.

With the addition of these endpoints, customers can now have multiple Automated Device Enrollment integrations within a single Kandji tenant. Specifically, the following API endpoints will now be available:

POST /api/v1/integrations/apple/ade

POST /api/v1/integrations/apple/ade/{id}/renew

PATCH /api/v1/integrations/apple/ade/{id}

GET /api/v1/integrations/apple/ade

GET /api/v1/integrations/apple/ade/{id}

GET /api/v1/integrations/apple/ade/{id}/devices

GET /api/v1/integrations/apple/ade/public_key

DELETE /api/v1/integrations/apple/ade/{id}

Visit the API documentation for more info

New

Within the user’s profile, we’ve renamed the “Date and time preferences” section to “Preferences” and added a new option to disable or enable the weekly status emails. This control is maintained at the user level, and selecting “No” will prevent the user from receiving future emails every week.



Additionally, a link to the Disable weekly emails support article has been added to the footer of the weekly email, so Kandji Admins will easily know how to disable these in the future.

Learn more

Improvement

Managed OS has been updated. The latest approved version for Big Sur is now 11.6.7, with the following release date:

11.6.7: June 09, 2022

Improvement

Kandji has updated and expanded our Wi-Fi library item to better support enterprise networking by making it simpler to configure enterprise authentication protocols. 

More specifically, the Wi-Fi library item now allows you to configure seven flavors of the 802.1X Extensible Authentication Protocol (EAP): TLS, TTLS, LEAP, PEAP, EAP-FAST, EAP-SIM, and EAP-AKA.

Because a single network can support multiple authentication types, you can select more than one EAP type in a single library item.

Each of these authentication methods has its own configuration settings. So, for example, if you select TTLS (which uses a TLS tunnel to encrypt another authentication protocol), you then specify an outer authentication protocol (username and password or via directory) and an inner one (CHAP, EAP, MSCHAP, MSCHAPv2, or PAP), as well as minimum and maximum versions of TLS that you want to require.

Some of these authentication methods require the use of certificates to prove the device’s identity. We’ve added the option to obtain such certificates from a SCEP (Simple Certificate Enrollment Protocol) server; when you select SCEP from the Identity certificate drop-down in the Wi-Fi library item, a drawer slides out where you can provide all of your SCEP specifics (URL of the SCEP server, fingerprint of the Certificate Authority certificate, key size and usage, and so on). For details on that and more, see our support article).

New

Additional configuration options for Cloudflare WARP are available from Cloudflare's website.

New

Improvement

We’ve made a significant improvement in the way Auto Apps and managed operating systems are configured and delivered. You can now set up multiple instances of a given Auto App or Managed OS library item, each with its own set of configurations and enforcement options. You can then assign those different instances to different Blueprints.

So, for example, if you want to be sure that everyone on the creative and product teams has Figma installed, but want to make that app optional (via Self Service) for the security group, you can set up two separate Figma Auto App library items, with separate settings and distinct names, then assign the appropriate one to each departmental Blueprint.

Or if you wanted your own IT group to always have the latest version of macOS Monterey, but just want to be sure that the rest of the company is on some version—any version—of Apple’s latest Mac operating system, you can set up two different Managed OS library items and distribute them via Blueprints.

Note: You can have just one instance of any given Auto App or Managed OS library item in a given Blueprint. For more details, see our support articles on Auto Apps and configuring managed OS.