If your organization uses Apple products, it’s more than likely you also utilize its mobile device management (MDM) protocols to control your fleet. Be forwarned, you can find big changes coming with iOS 15.

Putting your device in charge

Apple announced changes to its MDM system at WWDC 2021, introducing a fresh treat it calls ” declarative management .” It’s made to give each device more power and much more responsibility,  and replaces the server-heavy reactive MDM approach used today (in which a device is enrolled, profiles are downloaded, and appropriate action happens after the device confirms its status).

IT admins understand that reactive MDM systems can strain management servers at times. With its autonomy, Apple’s approach helps reduce that increases and workload performance and scalability; it should create a particular difference when managing large fleets of Apple products.

As a result, these devices becomes more proactive and autonomous, policing itself to make sure it maintains your company’s security and device policies. Under this model, these devices doesn’t have to interrogate the MDM server for everything.

Check your MDM vendor for support

A very important factor it does require is your MDM system supports Apple’s new approach. Most MDM solutions vendors have begun dealing with Apple’s new technologies and I anticipate many decide to roll with support for declarative management on your day the new os’s are released.

Individual devices are constrained by the MDM security policy still, but can assess some states instead of seeking help from the server better. The devices may also send updated information to servers as required proactively.

Just a little on what it works

Explaining the machine at WWDC , Apple described three main components. IT and developers admins would want to go comprehensive with the feature on the developer channel, but a deeply simplified description of what’s available follows: Declarations: These JSON objects define policy and the way the device ought to be configured. They manage device configuration, reference data, activations, and management functions. Your permission to request a fresh login password is defined on the device, for instance. Status: This core tells the MDM server whenever a device changes, such as for example when iOS is updated.  This module will let one’s body know these devices has updated that login password once. Extensibility: Both server and device tell one another when new capabilities can be found, such as for example when an operating-system upgrade is available which is installed once.

Apple is rolling out the various component declarations still. Account, passcode and profile configurations now can be found, as are two asset declarations for user passwords and ID.

Apple can be asking developers to take into account how declarative management can best use their solutions, or because of their particular customer groups. It’s easy to understand, for instance, how device fleets in a few industries might reap the benefits of better on-device autonomous MDM: shipping, exploration, underground, for instance.

Not yet designed for Macs

MDM developers, including Jamf, already are dealing with declarative management and can have something to introduce once iOS 15/iPadOS 15 appear likely.

One important thing to notice is that Apple hasn’t yet made declarative management designed for Macs. I believe that’s just a step roughly away, but may be reliant on usage of systems with Apple processors (I don’t know for certain) – nonetheless it surely makes sense to include this sort of protection to Apple’s popular macOS devices.

Two additional improvements in MDM for Apple users in the enterprise shall include Apple Configurator for iPhone, which lets you create Macs for the MDM, and the ability to erase all content and settings on Macs from within System Preferences. These enhancements shall ship with the os’s this fall.

      Please follow me on           Twitter          , or join me in the           AppleHolic’s bar & grill           and           Apple Discussions           groups on MeWe.