Skip to content
How to automate Mac patch management with Iru in 3 simple steps
Iru Team

10 min read

How to automate Mac patch management with Iru in 3 simple steps

Educational
WWDC 2026: The declarative era is here
Iru Team

4 min read

WWDC 2026: The declarative era is here

Educational
Apple's next operating systems: How and why to test them now
Arek Dreyer

14 min read

Apple's next operating systems: How and why to test them now

Educational

Endpoint Drift: Why EDR coverage breaks down at scale [+ Take the quiz to see where you stand]
Iru Team

7 min read

Endpoint Drift: Why EDR coverage breaks down at scale [+ Take the quiz to see where you stand]

Your dashboard says every endpoint is covered. Patches show as deployed. Policies look locked down.

Educational
How to build a tech stack that runs itself
Iru Team

5 min read

How to build a tech stack that runs itself

Gorilla's IT lead shares the playbook he uses to automate onboarding, offboarding, and compliance with Iru so routine work runs itself and the team can focus on higher-value projects. IT teams are being asked to do more than ever. Device management, security, compliance, AI enablement, and often all of it with a team of one. The difference between keeping up and falling behind often comes down to how much of the routine work can run without you.

Educational
Zero-Trust Endpoint Security: How To Defend Your Largest Attack Surface
Iru Team

15 min read

Zero-Trust Endpoint Security: How To Defend Your Largest Attack Surface

In January 2026, the Dutch Data Protection Authority (the agency responsible for protecting citizens' personal data) had its own employee's work-related data accessed and stolen. Attackers exploited critical zero-day vulnerabilities in Ivanti's endpoint mobile management software before patches were even available. That same day, bad actors attacked the European Commission, and Finland's government IT provider lost data on up to 50,000 employees. All three incidents traced back to a single point of failure: endpoint management tools that granted access based on device identity alone, without verifying whether those devices were actually secure.

Educational
Securing Windows: Vulnerability management, auto patching, and OS updates
Iru Team

6 min read

Securing Windows: Vulnerability management, auto patching, and OS updates

Unpatched software is behind roughly 60% of breaches. And with AI models getting better at finding exploitable vulnerabilities faster than most teams can remediate them, the window between disclosure and exploitation is shrinking fast.

Educational
Local admin cccounts on Mac: should IT teams create them?
Iru Team

6 min read

Local admin cccounts on Mac: should IT teams create them?

Updated May 2026. For IT teams deploying Mac computers, the question is: To create local IT admin accounts on those computers or not? What Are Mac Admin and Standard User Accounts? To be clear on what we’re talking about: A local IT admin account is a user account with admin privileges created on a Mac in addition being used as to the primary user account. There are several reasons IT teams might want to distribute such accounts—but there are also good reasons why they might not. There are also several ways to do so, as well as a couple of alternatives that could obviate the need to deploy such accounts altogether. Let’s walk through each of those decisions.

Educational
Apple is about to enforce stricter TLS standards for MDM. Are you ready?
Arek Dreyer

7 min read

Apple is about to enforce stricter TLS standards for MDM. Are you ready?

Apple announced that starting as early as iOS 27, iPadOS 27, macOS 27, watchOS 27, tvOS 27, and visionOS 27, its operating systems will enforce stricter TLS requirements for system processes, including MDM, DDM, Automated Device Enrollment, and app distribution. Servers that don't support TLS 1.2 or later (TLS 1.3 recommended), ATS-compliant ciphersuites, and valid certificates may have their connections refused. SCEP servers and content caching servers are currently exempt. IT admins should audit their infrastructure now using Apple's Network Diagnostics Logging Profile to identify non-compliant servers before fall 2026. Starting as early as the next major OS release, Apple devices will refuse to connect to any device management service, Mobile Device Management (MDM) server, enrollment endpoint, or app distribution infrastructure that does not meet tightened TLS standards. Non-compliant servers will simply stop working for enrollment, device management, app delivery, and software updates.

Educational
How endpoint security shaped Bindplane's ISO 27001 journey
Iru Team

5 min read

How endpoint security shaped Bindplane's ISO 27001 journey

Getting ISO 27001 certified is one thing. Building a compliance program that actually holds up between audits, without consuming your engineering team, is another problem entirely.

Educational
What Apple Business Actually Means for Your IT Team (And Whether It Replaces Your MDM)
Arek Dreyer

6 min read

What Apple Business Actually Means for Your IT Team (And Whether It Replaces Your MDM)

Apple dropped a significant announcement on March 24, 2026: Apple Business Essentials, Apple Business Manager, and Apple Business Connect are going away. In their place, a unified platform simply called Apple Business launches on April 14. If your IT team is running any Apple devices, or if you've been relying on Apple Business Essentials for lightweight MDM, this affects you. Here's a clear-eyed look at what's actually changing, what Apple Business includes, and what it still doesn't do.

Educational
Beyond the Login: What CISA's Latest Recommendations Mean
Satyam Patel

4 min read

Beyond the Login: What CISA's Latest Recommendations Mean

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an urgent advisory urging U.S. organizations to harden their endpoint management systems. The guidance came in response to the Stryker attack, claimed by Handala, an Iranian-linked hacktivist group, which wiped thousands of corporate devices without a single piece of malware. The attacker had valid credentials, a live admin session, and access to tools the organization already trusted. That was enough.

Educational
The Guide to Managing Mac Clusters for AI Workloads
Iru Team

6 min read

The Guide to Managing Mac Clusters for AI Workloads

Mac clusters for AI workloads are real infrastructure now. Here’s how to provision, secure, and manage them from day one.

Educational
The right Blueprint, every time: how Iru's Blueprint Routing automates device deployment at enrollment
Iru Team

6 min read

The right Blueprint, every time: how Iru's Blueprint Routing automates device deployment at enrollment

Enrolling a fleet of devices sounds simple in theory: pick a Blueprint, assign some settings, and you're done. But in practice, most organizations are managing a mix of Mac computers, Windows computers, iPhone devices, iPad devices, kiosk tablets, and meeting room devices, each with their own configurations, user types, and provisioning requirements. Keeping all of that straight at enrollment time, without manual intervention or a tangle of enrollment codes, has historically been one of the more tedious parts of device management.

Educational
Mac Logging and the log Command: The 2026 Guide for Apple Admins
Mike Boylan

10 min read

Mac Logging and the log Command: The 2026 Guide for Apple Admins

This post was originally published in April 2022 and has been updated in March 2026 to reflect the latest information. As an IT admin, you’ve almost certainly had to check some form of log when investigating a problem. Logs tell the story of what’s happening on a system, so they can be enormously helpful in both troubleshooting issues and in learning why the system is behaving the way that it is.

Educational

Stay up to date

Iru's bi-weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.