The Iru Blog

Securing Windows: Vulnerability management, auto patching, and OS updates

Local Admin Accounts on Mac: Should IT Teams Create Them?

Apple is about to enforce stricter TLS standards for MDM. Are you ready?

Summary Apple announced that starting as early as iOS 27, iPadOS 27, macOS 27, watchOS 27, tvOS 27, and visionOS 27, its operating systems will enforce stricter TLS requirements for system processes, including MDM, DDM, Automated Device Enrollment, and app distribution. Servers that don't support TLS 1.2 or later (TLS 1.3 recommended), ATS-compliant ciphersuites, and valid certificates may have their connections refused. SCEP servers and content caching servers are currently exempt. IT admins should audit their infrastructure now using Apple's Network Diagnostics Logging Profile to identify non-compliant servers before fall 2026. Starting as early as the next major OS release, Apple devices will refuse to connect to any device management service, Mobile Device Management (MDM) server, enrollment endpoint, or app distribution infrastructure that does not meet tightened TLS standards. Non-compliant servers will simply stop working for enrollment, device management, app delivery, and software updates.

How endpoint security shaped Bindplane's ISO 27001 journey

Getting ISO 27001 certified is one thing. Building a compliance program that actually holds up between audits, without consuming your engineering team, is another problem entirely.

What Apple Business Actually Means for Your IT Team (And Whether It Replaces Your MDM)

Apple dropped a significant announcement on March 24, 2026: Apple Business Essentials, Apple Business Manager, and Apple Business Connect are going away. In their place, a unified platform simply called Apple Business launches on April 14. If your IT team is running any Apple devices, or if you've been relying on Apple Business Essentials for lightweight MDM, this affects you. Here's a clear-eyed look at what's actually changing, what Apple Business includes, and what it still doesn't do.

Beyond the Login: What CISA's Latest Recommendations Mean

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an urgent advisory urging U.S. organizations to harden their endpoint management systems. The guidance came in response to the Stryker attack, claimed by Handala, an Iranian-linked hacktivist group, which wiped thousands of corporate devices without a single piece of malware. The attacker had valid credentials, a live admin session, and access to tools the organization already trusted. That was enough.

The Guide to Managing Mac Clusters for AI Workloads

Mac clusters for AI workloads are real infrastructure now. Here’s how to provision, secure, and manage them from day one.

The right Blueprint, every time: how Iru's Blueprint Routing automates device deployment at enrollment

Enrolling a fleet of devices sounds simple in theory: pick a Blueprint, assign some settings, and you're done. But in practice, most organizations are managing a mix of Mac computers, Windows computers, iPhone devices, iPad devices, kiosk tablets, and meeting room devices, each with their own configurations, user types, and provisioning requirements. Keeping all of that straight at enrollment time, without manual intervention or a tangle of enrollment codes, has historically been one of the more tedious parts of device management.

The Better Way to Migrate iOS and iPadOS Devices

Moving to a new device management solution has never been easier. With iOS 26 and iPadOS 26, we're introducing support for a powerful migration feature that transform how organizations transition their iPhone and iPad fleet to Iru.

5 Use Cases for Custom PowerShell Scripts in Windows Device Management

Modern Windows device management has come a long way. With UEM-based endpoint management, IT teams can enforce security baselines, configure system settings, deploy applications, and maintain compliance at scale. But even in the most mature Windows management environments, there are always scenarios that require customization. That’s where PowerShell scripting continues to play an important role.

How to Level Up Your Security Education Program

Educating end-users is a core responsibility for security teams. Not only are such education programs required by compliance regimes, but they’re also one of the most effective ways to actually maintain security: Users are now one of the key attack vectors for bad actors. The more they know about the threats and how to respond to them, the better they’ll be able to defend themselves and your organization.

Migrating MDM on iOS and iPadOS Using Return to Service

When you’re migrating from one MDM solution to another, you have to move the devices you’re managing with you. They need to be enrolled in that new solution so you can manage them.

Apple Intelligence: What Mac Admins Need to Know

One of Apple’s biggest announcements at this year’s WWDC was about the upcoming release of what the company calls Apple Intelligence. But, this being Apple, it wasn’t just a jumping-on-the-bandwagon announcement about AI. Rather, it’s about the very Apple approach the company is taking to artificial intelligence, one that puts user benefits and protections first.

How to Make Device Management Work for End Users

There’s no question that modern device management is a boon to IT teams. It simplifies and centralizes the way you deploy operating systems, apps, and settings on the devices your organization relies on to get its work done. It also gives you visibility into how those devices are being used and whether they’re in compliance with your desired end-states.