> For the complete documentation index, see [llms.txt](https://docs.stepsecurity.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.stepsecurity.io/developer-machines/installation-script/mdm-deployment/macos/iru-formerly-kandji.md).
# Iru (formerly Kandji)
This guide walks through deploying Dev Machine Guard across your macOS fleet using **Iru** (formerly Kandji). The deployment uses Iru's **Custom Script** library item to run the loader on a daily schedule, after a short pilot run at higher frequency.
{% hint style="info" %}
The loader script shown in the StepSecurity dashboard is rendered with your tenant's credentials already embedded and should work as-is. If you need to customize the script (alternative install directory, proxy, etc.), reach out to StepSecurity.
{% endhint %}
### Prerequisites
* An Iru tenant with administrative access to **Library** and **Blueprints**.
* A Blueprint scoped to the devices you want to enroll in the pilot, and a second Blueprint covering your full fleet for rollout.
* The Dev Machine Guard loader script for your tenant, downloaded from the StepSecurity dashboard (Step 1 below).
### Step 1. Copy the loader script
* Sign in to the [StepSecurity dashboard](https://app.stepsecurity.io/).
* In the sidebar, go to **Developer Machines → Installation Script**.
* On the **macOS** tab, click the **Copy** button at the top right of the script editor. (You can alternatively click **Download** to save the script as a file.)
### Step 2. Create a Custom Script in Iru
* In Iru, open **Library** from the left sidebar.
* Click **Add Library Item**.
* In the **General** category, select **Custom Script** and click **Add and configure**.
### Step 3. Configure the script
* Give the script a descriptive name, for example `StepSecurity Dev Machine Guard`.
* Under **Blueprints**, select the Blueprint that targets your pilot devices.
* Under execution frequency, select **Every 15 Minutes**. You will change this to **Run daily** after pilot validation in Step 6.
* Leave **Self Service** disabled.
### Step 4. Paste the loader script
* Scroll to the **Audit Script** section.
* Paste the loader script you copied in Step 1 into the editor.
* Leave the **Remediation Script** field empty.
* Click **Save** at the bottom right.
### Step 5. Validate on the pilot group
The 15-minute frequency set in Step 3 means each pilot device will run the loader automatically within 15 minutes of receiving the Blueprint. **No action is needed on the client devices.**
After 15 to 30 minutes, confirm on each pilot device:
* The library item status in Iru shows the script ran successfully.
* The device appears in the StepSecurity dashboard under **Developer Machines → Devices** with recent telemetry.
### Step 6. Roll out to the fleet
Once validation passes, update the Custom Script in Iru:
* Under **Blueprints**, change the assignment from your pilot Blueprint to the Blueprint covering your full fleet.
* Change execution frequency from **Every 15 Minutes** to **Run daily**.
* Click **Save**.
### Uninstalling
To stop Dev Machine Guard from running on enrolled devices, either:
* Remove the Custom Script library item from the Blueprint, or
* Remove the device from the Blueprint.
Iru will stop scheduling further loader runs immediately. Any locally installed Dev Machine Guard binary will remain on the device until cleaned up out-of-band; see [Devices](/developer-machines/devices.md) for guidance.
### Troubleshooting
| Symptom | Where to look |
| ----------------------------------------------------- | -------------------------------------------------------------------------------------------- |
| Iru reports the library item as failed | Iru → Library → the Custom Script item → run history and per-device logs |
| Iru shows the script as successful but no device data | Confirm the script pasted in Step 4 is the full loader, including the embedded configuration |
| Devices missing from the StepSecurity dashboard | Confirm the pilot Blueprint covers the expected devices in Iru |
For additional support, [contact StepSecurity](https://www.stepsecurity.io/contact).
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.stepsecurity.io/developer-machines/installation-script/mdm-deployment/macos/iru-formerly-kandji.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.