A new declarative management system gives your device more power and autonomy to regulate enterprise MDM policies. Credit: Thinkstock If your business uses Apple products, it’s very likely you also make use of its mobile device management (MDM) protocols to manage your fleet. Be forwarned, there are big changes coming with iOS 15. Putting your device in control Apple announced changes to its MDM system at WWDC 2021, introducing a new approach it calls “declarative management.” It’s designed to give each device more power and more responsibility, and replaces the server-heavy reactive MDM approach in use today (where a device is enrolled, profiles are downloaded, and appropriate action happens once the device confirms its status). IT admins know that reactive MDM systems can strain management servers at certain times. With its autonomy, Apple’s approach helps reduce that workload and increases performance and scalability; it should make a particular difference when managing large fleets of Apple products. As a result, the device becomes more autonomous and proactive, policing itself to ensure it maintains your company’s security and device policies. Under this model, the device doesn’t need to interrogate the MDM server for everything. Check your MDM vendor for support One thing it does require is that your MDM system supports Apple’s new approach. Most MDM solutions vendors have begun working with Apple’s new technologies and I anticipate many will be ready to roll with support for declarative management on the day the new operating systems are released. Individual devices are still constrained by the MDM security policy, but can better assess some states rather than seeking help from the server. The devices will also proactively send updated information to servers as required. A little on how it works Explaining the system at WWDC, Apple described three main components. Developers and IT admins will want to go in depth with the feature on their developer channel, but a deeply simplified description of what is available follows: Declarations: These JSON objects define policy and how the device should be configured. They manage device configuration, reference data, activations, and management functions. Your permission to request a new login password is set on the device, for example. Status: This core tells the MDM server when a device changes, such as when iOS is updated. This module will let your system know once the device has updated that login password. Extensibility: Both server and device tell each other when new capabilities are available, such as when an operating system upgrade is available and once it is installed. Apple is still rolling out the different component declarations. Account, passcode and profile configurations are available now, as are two asset declarations for user ID and passwords. Apple is also asking developers to think about how declarative management can best work with their solutions, or for their particular customer groups. It’s easy to see, for example, how device fleets in some industries might benefit from more powerful on-device autonomous MDM: shipping, exploration, underground, for example. Not yet available for Macs MDM developers, including Jamf, are already working with declarative management and will likely have something to introduce once iOS 15/iPadOS 15 appear. One important thing to note is that Apple hasn’t yet made declarative management available for Macs. I think that’s only a step or so away, but might be reliant on use of systems with Apple processors (I don’t know for sure) — but it surely makes sense to add this kind of protection to Apple’s popular macOS devices. Two additional improvements in MDM for Apple users in the enterprise will include Apple Configurator for iPhone, which lets you set up Macs for your MDM, and the capacity to erase all content and settings on Macs from within System Preferences. These enhancements will ship with the operating systems this fall. Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Related content news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Mosyle and Fleet bring new device management options to Apple enterprise Apple's growing enterprise market share is generating tons of opportunity for the company's partners in the device management market. Their approaches reflect the diversity of use. By Jonny Evans May 01, 2024 4 mins Apple Mobile Device Management Mobile Security feature Apple is intensely focused on its global AI efforts When the ship that is Apple moves in any direction, you can always count on careless whispers to expose the destination. From research labs to sophisticated AI models and Apple Silicon for server farms, here's what we've learned in just one By Jonny Evans Apr 30, 2024 6 mins Apple Artificial Intelligence news analysis The EU has decided to open up iPadOS 'Our market investigation showed that despite not meeting the thresholds, iPadOS constitutes an important gateway on which many companies rely to reach their customers,' said the EU’s lead anti-competition regulator, Margrethe Vestige By Jonny Evans Apr 29, 2024 4 mins Apple Apple App Store iPad Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe