Reply To: Is IRK deprecating?


Creating an IRK for mac is a thing of the past now. Over these years, the PRK gained both popularity and functionality while the IRK did not. The chief advantage of IRK to be used as the recovery key for mass deployments is now considered as a pitfall owing to the introduction of PRK escrow systems (common in modern MDM solutions). Another limitation is the danger of a compromised recovery key that will be able to unlock and access all the devices in your institution. Hence it’s always better to have a single unique key for each machine. Apple itself does not recommend the use of IRKs for institutional deployments anymore.