A new declarative management system gives your device more power and autonomy to regulate enterprise MDM policies. Credit: Thinkstock If your business uses Apple products, it’s very likely you also make use of its mobile device management (MDM) protocols to manage your fleet. Be forwarned, there are big changes coming with iOS 15. Putting your device in control Apple announced changes to its MDM system at WWDC 2021, introducing a new approach it calls “declarative management.” It’s designed to give each device more power and more responsibility, and replaces the server-heavy reactive MDM approach in use today (where a device is enrolled, profiles are downloaded, and appropriate action happens once the device confirms its status). IT admins know that reactive MDM systems can strain management servers at certain times. With its autonomy, Apple’s approach helps reduce that workload and increases performance and scalability; it should make a particular difference when managing large fleets of Apple products. As a result, the device becomes more autonomous and proactive, policing itself to ensure it maintains your company’s security and device policies. Under this model, the device doesn’t need to interrogate the MDM server for everything. Check your MDM vendor for support One thing it does require is that your MDM system supports Apple’s new approach. Most MDM solutions vendors have begun working with Apple’s new technologies and I anticipate many will be ready to roll with support for declarative management on the day the new operating systems are released. Individual devices are still constrained by the MDM security policy, but can better assess some states rather than seeking help from the server. The devices will also proactively send updated information to servers as required. A little on how it works Explaining the system at WWDC, Apple described three main components. Developers and IT admins will want to go in depth with the feature on their developer channel, but a deeply simplified description of what is available follows: Declarations: These JSON objects define policy and how the device should be configured. They manage device configuration, reference data, activations, and management functions. Your permission to request a new login password is set on the device, for example. Status: This core tells the MDM server when a device changes, such as when iOS is updated. This module will let your system know once the device has updated that login password. Extensibility: Both server and device tell each other when new capabilities are available, such as when an operating system upgrade is available and once it is installed. Apple is still rolling out the different component declarations. Account, passcode and profile configurations are available now, as are two asset declarations for user ID and passwords. Apple is also asking developers to think about how declarative management can best work with their solutions, or for their particular customer groups. It’s easy to see, for example, how device fleets in some industries might benefit from more powerful on-device autonomous MDM: shipping, exploration, underground, for example. Not yet available for Macs MDM developers, including Jamf, are already working with declarative management and will likely have something to introduce once iOS 15/iPadOS 15 appear. One important thing to note is that Apple hasn’t yet made declarative management available for Macs. I think that’s only a step or so away, but might be reliant on use of systems with Apple processors (I don’t know for sure) — but it surely makes sense to add this kind of protection to Apple’s popular macOS devices. Two additional improvements in MDM for Apple users in the enterprise will include Apple Configurator for iPhone, which lets you set up Macs for your MDM, and the capacity to erase all content and settings on Macs from within System Preferences. These enhancements will ship with the operating systems this fall. Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Related content news analysis EU commissioner slams Apple Intelligence delay Margrethe Vestager, Europe's chief gatekeeper, takes a shot at Apple's decision to delay rolling out the company's AI. By Jonny Evans Jun 28, 2024 7 mins Regulation Apple Generative AI news Hexnode CEO: Enterprises must get ready for app sideloading As iOS app sideloading unfurls in Europe, companies all need to figure out how to protect themselves, said Hexnode CEO Apu Pavithran. By Jonny Evans Jun 27, 2024 5 mins Apple App Store Enterprise Mobile Management Mobile Device Management news analysis OpenAI brings its ChatGPT app to all Mac users You no longer need to pay to use the ChatGPT app on an Apple Silicon Mac. By Jonny Evans Jun 26, 2024 4 mins Mac Chatbots Apple opinion Why Apple is now in the server market It's not just about security, it's also about scale and efficiency. By Jonny Evans Jun 25, 2024 5 mins Apple CPUs and Processors Generative AI Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe