Device Management
Endpoint Detection & Response
Vulnerability Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Mac
iPhone and iPad
Apple TV
Vision Pro
Financial Services
Technology
Artificial Intelligence
Marketing Agencies
Healthcare & Biotech
Consumer Brands
Startup
Growth
Enterprise
Resources Hub
The Sequence
Customer Stories
Reviews
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Kandji Status
Customer Login
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
Back to Product UpdatesThe CIS Level 1 and Level 2 Blueprint templates have been fully updated to align with the macOS 15 and macOS 26 CIS benchmark recommendations.
This includes the following new Parameters that can be turned on for any existing Blueprint and are automatically included in new Blueprints created from the CIS templates:
- Report Lockdown mode status
- Ensure Apple Mobile File Integrity (AMFI) is enabled
- Ensure logging is enabled for sudo
- Ensure Signed System Volume (SSV) is enabled
- Ensure XProtect is running and up to date
- Ensure users' accounts do not have a password hint
- Show location icon in Control Center when system services request your location
- Audit Touch ID settings
The following Parameters were improved to align against the updated benchmarks:
- Ensure date and time is set automatically and Ensure time is within appropriate limits both now check the overall status of
timed - Set security auditing flags now sets the following flags by default:
aa,ad,lo,-all - Set retention for security auditing sets a default maximum size of 5GB
The following Library Item settings are automatically included in new Blueprints created from the templates:
- Restrictions:
allowMediaSharingModification,allowExternalIntelligenceIntegrations,allowExternalIntelligenceIntegrationsSignIn,allowWritingTools,allowMailSummary,allowNotesTranscription,allowNotesTranscriptionSummaryare set to false - Energy Saver: Configure Screen Saver option is set to 15 minutes by default
- Safari: Iru provided custom profiles are included to always show the status bar, always show full website address, enable advertising privacy protection, prevent cross-site tracking, and always warn when visiting a fraudulent website
- Siri: Iru provided custom profiles are included to disable assistive voice and disable improving Siri
- Apple search: An Iru provided custom profile is provided to disable improving Apple search