Skip to main content
This feature is available for macOS and Windows devices
Auto Apps are pre-packaged applications that you can deploy directly from the Iru Web App. Iru manages installation, updates, and configuration profiles automatically, so you can ensure applications remain compliant and up to date with minimal effort.
Auto apps deploy to the system, meaning they are installed for all users on the device. If a user has installed a version of the app in their own profile, it will not be updated or managed by the Auto Apps process.

What are Auto Apps?

Auto Apps are pre-packaged applications from software vendors that Iru Endpoint manages automatically. Instead of manually downloading, packaging, and deploying applications, you can select from a curated list of business applications that Iru maintains and updates.

How Auto Apps Work

Iru Endpoint maintains relationships with software vendors to provide pre-packaged, tested versions of popular business applications. When you deploy an Auto App, Iru handles the entire lifecycle:
  • Download and validation from the vendor’s official source
  • Automatic updates when new versions are released
  • Platform-specific configuration for macOS and Windows
  • Security validation including code signing verification
  • Profile management for required system permissions

Auto Apps Capabilities

When you use Auto Apps, Iru manages several critical tasks:
  • Automated Updates — Iru enforces updates for these applications according to your configuration.
  • macOS
  • Windows

macOS-Specific Capabilities

  • Background Items (macOS Ventura and later) — Auto Apps automatically configure background processes.
  • Customizable Notifications — You can manage how notifications behave for each app.
  • Privacy Preferences Policy Control — Iru installs required profiles to ensure apps comply with privacy settings.
  • Rosetta 2 for Apple Silicon — If required, the Kandji Agent will install Rosetta 2 automatically.
  • System Extensions and Kernel Extensions — Required extensions are automatically approved.
For a full list of available Auto Apps, see the Library Items section of the Iru Web App.

Setting Up Auto Apps

1

Navigate to Library

Go to Library and select Add Library Item. For more information about the Library interface, see Library Overview.
2

Select Auto App

Search for and select the desired Auto App from the available options.
3

Configure Label

Optionally add a Label to distinguish multiple versions of the same app.
4

Assign to Blueprints

Select the Blueprint(s) to assign the Auto App to.

Installation Configuration

Configure how Auto Apps are deployed to devices:
  • Continuously Enforce - Automatically install and maintain the app
  • Install-on-demand from Self Service - Make available for users to install
  • Update Only - Only update existing installations
On Windows, Self Service does not support custom URLs. Apps appear in the Iru Self Service app but without web link customization.

Self Service Configuration

When enabling Self Service availability, you can select a Category and customize the user experience.

Version Enforcement

Choose how updates are managed:
  • Do not manage updates - Let apps update through their own mechanisms
  • Automatically enforce new updates - Deploy updates as they become available
  • Manually enforce a minimum version - Set specific version requirements
When enforcing updates, configure the Enforcement timeframe and Time Zone. You can choose to enforce updates in device local time.
  • macOS
  • Windows

macOS-Specific Configuration

Notification Management

You can manage notification settings for Auto Apps on macOS. When managing notifications, users cannot change the settings you configure. When notification settings are modified, an updated Configuration Profile will not be redistributed until the next daily MDM check-in. To trigger an immediate check-in, run sudo update-mdm locally on the Mac.Notification Options:
  • Unmanaged - End users control notification settings for this app
  • Disallow notifications - Prevent users from turning notifications on
  • Allow notifications - Force notifications on with customization options
If an Auto App does not support notifications, you’ll see: “This application does not support notifications.”

Additional macOS Options

  • Add to Dock during install
  • Preinstall or Postinstall scripts
  • Click Save to complete configuration

Update Only Mode

Use Update Only when you don’t want Iru to deploy an app but still want to enforce updates for existing installations.
  • Updates apply if the app is already installed (based on matching Bundle ID for macOS and custom detection logic for Windows)
  • The app will not be newly installed by Iru
  • No configuration profiles (e.g., PPPC, System Extensions, Notifications) will be deployed for macOS

Considerations

Update Enforcement

When enforcement options are chosen and an application is below the required minimum version, setting the installation method to “Update Only” ensures that updates are applied to applications installed outside of Iru, as long as the Bundle ID (macOS) or the custom detection logic Iru uses for Windows matches. This setting will not install the app via Iru if it’s not already present; it will only keep the app up to date. Similarly, when enforcement options are selected and the application version is below the minimum enforced version, setting the installation method to Install on-demand from Self Service will also apply updates to applications installed outside of Iru, provided the Bundle ID on macOS or custom Windows detection logic matches.

Update Process

When a new update is released, it’s automatically cached on users’ devices immediately. You must select an Enforcement Time to determine when to enforce the update. The enforcement deadline can be based on either server-side time or local device time, depending on your selected Enforcement Time Zone.
  • macOS
  • Windows

macOS Update Process

After the app is successfully cached, if the app is running, users are notified of the pending installation. If the app is not running, Kandji Agent will update the app silently without requiring any user interaction.

Notifications

If Auto App updates are configured to be managed, they will automatically install a profile via MDM to allow the application to receive notifications.

Adding Multiple Auto Apps to Your Library

Iru allows you to add the same Auto App to your Library multiple times. This feature is useful when configuring different settings for various Blueprints. For instance, you can set up an Auto App to automatically install on devices within one Blueprint while making it available in Self Service for another. When you configure the same Auto App multiple times, you can add a Label. This label helps distinguish each Auto App Library Item from others in your Library. These labels are not visible to end users but are displayed throughout the Iru admin interface.

Auto App Security Information

Auto Apps come directly from their respective software vendors. Iru ensures the fidelity of all updates by performing strict signature validations during download and packaging.
  • macOS Auto Apps
  • Windows Auto Apps

Code Signing Confirmation

  • We affirm that the application code is properly signed using an Apple-issued certificate.
  • We verify that the Apple-assigned Team Identifier matches the known identity of the registered developer.
  • We validate that the code signing identifier for the app bundle exactly matches the expected value.
  • We assess notarization to certify that there are no code-signing issues and that the software is free of known malicious content.

Signing Authority Validation

As part of our internal QA process, we confirm the signing authority for Auto Apps. This process establishes a chain of trust by ensuring that the app’s signing certificate was issued by Apple’s intermediate and root certificate authorities. It guarantees that the Auto App’s code signature precisely matches the developer’s name and identifier. These values, issued by Apple, cannot be spoofed or falsified.All Auto App installers are signed with valid Developer ID certificates issued by Apple under the registered Apple Developer program used by Gatekeeper. These certificates, issued either to Iru or a third-party vendor, establish a trust relationship that verifies the integrity of the installer.

User Experience

For details on how users interact with Auto Apps, see the User Experience with Auto Apps article.

Migrating from a Custom App

If you previously deployed an app as a Custom App, you can migrate to Auto Apps for better management and automatic updates. For more information about Custom Apps, see Custom Apps Overview.
1

Add Auto App

Add the Auto App to the same Blueprint.
2

Deploy Auto App

Deploy the Auto App. Iru will not overwrite an existing installation but will apply update enforcement if needed.
3

Remove Custom App

Delete or deactivate the Custom App item.
4

Clean up profiles

For macOS, remove any related System Extension or PPPC profiles. Auto Apps include required profiles automatically.

Requesting New Auto Apps

You can submit Auto App requests in the Resources section of the Iru Web App.

General Requirements

  • Not available in the Mac App Store or Apple Business Manager
  • Must be a business/enterprise application
For more details, see Submit Feature Requests & Ideas.

Best Practices

Test Before Deployment

Test Auto Apps on a small group of devices before rolling out to your entire fleet.

Monitor Updates

Set up monitoring to track Auto App update deployments and any issues.

User Communication

Communicate with users about Auto App deployments and update schedules.

Version Management

Regularly review and update Auto App versions to ensure security and compatibility.