Prerequisites
- Kandji admin access
- Enforce deployment script and enrollment key from the Runlayer dashboard
- At least one Blueprint configured with enrolled devices
Deployment Steps
Get Deployment Artifacts
In the Runlayer dashboard, go to Settings → Shadow MCPs and open or create an Enforce configuration to copy the generated script and enrollment key.
Add a Custom Script Library Item
- Navigate to the Library section in Kandji
- Click Add New → Custom Script → Add & Configure
- Provide a Name (e.g., “Runlayer Enforce”)
- Assign to your target Blueprint(s)
- Set Execution Frequency to Run once per device
- Paste the generated script into the Audit Script field
- Click Save
Verification
Check Script Status
Check the Custom Script’s Status tab in Kandji for execution results. You can force an immediate check-in on a test Mac by running
sudo kandji checkin in Terminal.Log Locations
| Platform | Log Location |
|---|---|
| macOS | /var/log/runlayer/ai_watch_enforce.log |
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | General failure (missing config, enrollment failed) |
| 2 | Network failure |
| 3 | Installation failure |