Iru Release Notes

Managed OS for macOS has been updated. The latest approved version for Tahoe is now 26.4.1, with the following release date:

macOS 26.4.1

Apr 09, 2026

We’ve released Iru Agent for Mac (5.1.1 (5378)) and Windows (1.7.14). This update rebrands the Kandji agent to Iru across all end-user facing apps, including the menu bar app, Self Service, Liftoff, and Passport. Additionally, the kandji CLI tool on Mac has been renamed to iru and now includes a terminal user interface (TUI). To use the TUI, invoke sudo iru with no additional options. A symlink remains in place so that scripts using kandji will continue to function as expected, and the iru...

A dedicated Windows system tray application gives end users a clear prompt to close applications that block an install when an Auto App or Windows Custom App deployment runs. The tray icon uses the Iru jelly-style mark. When an install targets processes you configured to detect as open apps, the tray application surfaces a prompt so users can close those applications before installation continues—reducing failed installs. The tray application installs automatically on managed Windows...

Managed OS for iOS and iPadOS has been updated.

The latest approved version is now 26.4.1, with the following release dates:

iOS 26.4.1 : Apr 08, 2026

iPadOS 26.4.1 : Apr 08, 2026

Device Isolation gives you the ability to immediately sever a network connection for any macOS device suspected of compromise. This feature, accessible directly within the Detections section, allows for rapid containment of active threats like malware or unauthorized lateral movement. This feature was released in preview mode on March 5, 2026. Today, this feature is now generally available to all customers who have Iru EDR. For more information, see our support article.

The Windows Custom App Library Item deploys Win32 applications via MSI and EXE packages to Windows devices, with full control over installation, detection, and enforcement. Upload a zipped installer containing your MSI or EXE and any supporting files, define silent install and uninstall commands, and configure detection logic so the agent knows whether the app is present on a device. A PowerShell script can also be used to deploy the app to make changes before or after the installation.

The udid attribute is now available in the main /devices enterprise API endpoint, meaning it's no longer necessary to loop through each device to read this attribute. Reference the enterprise API documentation for more details.

The restriction to Disallow Rosetta usage awareness (allowRosettaUsageAwareness) is now available in the Apple Restrictions Library Item. This restriction turns off Rosetta usage awareness, which prevents a pop-up dialog being displayed to the user indicating that Rosetta will be removed in a future version of macOS. It deploys to macOS 26.4 and later.

Windows Server Update Services (WSUS) settings in the Windows Update Library Item control where Windows devices receive updates: an internal Windows Server Update Services (WSUS) server, Microsoft Update, or a combination of both. The Update service URL can be configured to route devices to a WSUS server, while the update source for feature updates, quality updates, driver updates, and other update types can be selected independently. Per-type source controls support a mix of Windows Update...

We’ve released Kandji Agent 5.0.1 (5376).

This update includes an informational banner in the Menu Bar App to inform end-users about the upcoming branding change on April 8 from Kandji to Iru, shown below.

For more information about what to expect in the branding change, see our product documentation.