Skip to main content
MDM rollout is available on Enterprise plans only.
If your enterprise uses an MDM (Mobile Device Management) tool, you can provision Corridor across all employees automatically. With MDM, developers don’t need to separately install the Corridor extension or sign up—everything is handled for them.

Supported platforms

MDMOS Support
KandjimacOS
IntunemacOS, Windows

Supported IDEs

  • VS Code
  • Windsurf
  • Cursor

Prerequisites

Verifying a domain

In order to use the MDM scripts, you must verify an email domain for your team. Corridor will only provision users with the email domain you have verified.
1

Navigate to Teams

Go to app.corridor.dev/teams.
2

Enter your domain

Go to the Domain Verification section and enter your organization’s domain name (e.g., acme.com).
3

Add DNS record

Copy the DNS TXT record provided and add it to your DNS provider.

Creating a universal team token

In order to use the MDM scripts, you must create a universal team token to identify your team and verify your team admin access.
1

Navigate to Teams

Go to app.corridor.dev/teams.
2

Generate a token

Under Universal Team Tokens, click Generate New Tokens. Add a token name and select an expiration date.
3

Copy the token

Copy the universal team token—you’ll use it in the MDM scripts below.

Kandji (macOS)

For Kandji, you must create a custom profile with global variables before running the Corridor script.

Create a custom profile

1

Add custom profile

In Kandji, go to Library and search for Custom Profile.
2

Download global variable config

Click Custom Profile, then download the Global Variable Config that Kandji supports.
3

Upload the config

Upload the Global Variable config XML to the Custom Profile. Click Continue and add the profile.

Add the Corridor script

1

Create a custom script

In Kandji, go to Library and search for Custom Script. Assign to your desired Blueprints. Select Execution Frequency: Run once per device.
2

Download the script

Download the Corridor Kandji script:
curl https://raw.githubusercontent.com/CorridorSecurity/CorridorSecurity/refs/heads/main/mdm/kandji-macos.sh -o kandji-macos.sh
3

Add your token

Replace the CORRIDOR_TEAM_TOKEN value at the top of the file with the universal team token you generated.
4

Upload and save

Upload the file with the correct CORRIDOR_TEAM_TOKEN to Kandji and click Save.

Intune

Intune scripts support both macOS and Windows. You must first generate a Microsoft Graph token with the right permissions—this token is used to retrieve the device email.

Generate a Microsoft Graph token

1

Open Graph Explorer

Go to Microsoft Graph Explorer and sign in.
2

Set permissions

Click Modify Permissions and consent to User.Read permissions. This requires Admin consent.
3

Copy the token

Refresh the page, then click Access token and copy the Microsoft Graph API access token.

Windows

1

Navigate to scripts

On intune.microsoft.com, go to Devices → Scripts and remediations under Manage Devices.
2

Add a script

Click Platform scripts → Add → Windows 10 and Later. Set a name and description.
3

Download the script

Download the Corridor Intune Windows script:
curl https://raw.githubusercontent.com/CorridorSecurity/CorridorSecurity/refs/heads/main/mdm/intune-windows.ps1 -o intune-windows.ps1
4

Add your tokens

In the script, replace the CORRIDOR_TEAM_TOKEN value with your universal token, and replace the GRAPH_API_TOKEN value with the Microsoft Graph API access token.
5

Configure script settings

Select Yes for “Run this script using the logged on credentials”, No for “Enforce script signature check”, and No for “Run script in 64 bit Powershell Host”.
6

Assign and save

Assign the script to the selected group of devices and click Save. Sync all devices with bulk device actions to force the script to run.

macOS

1

Navigate to scripts

On intune.microsoft.com, go to Devices → Scripts and remediations under Manage Devices.
2

Add a script

Click Platform scripts → Add → macOS. Add a name and description.
3

Download the script

Download the Corridor Intune macOS script:
curl https://raw.githubusercontent.com/CorridorSecurity/CorridorSecurity/refs/heads/main/mdm/intune-macos.sh -o intune-macos.sh
4

Add your tokens

In the script, replace the CORRIDOR_TEAM_TOKEN value with your universal token, and replace the GRAPH_API_TOKEN value with the Microsoft Graph API access token.
5

Configure script settings

Select Yes for “Run script as signed-in user” and 1 time for “Max number of times to retry if script fails”.
6

Assign and save

Assign the correct groups to the script and click Save. Sync all devices with bulk device actions to force the script to run.