SimpleMDM is excited to announce that support for declarative device management (DDM) is now available to all customers and enabled on supported devices. Our team has invested significant time and effort in building and implementing an intelligent development framework to support smoother and more rapid adoption of DDM components as Apple continues to unveil them.
Since our beta program’s inception in October 2023, we have continued to incorporate various declarative device management capabilities. These include installing declarations, receiving updates via status channels, configuring macOS system services, and more.
What is declarative device management?
Apple’s declarative device management is the future of MDM. Originally announced at WWDC 2021, this new approach introduces device-driven logic. Devices automatically and instantaneously notify the MDM server if the device state changes without the server having to constantly poll the device.
At its core, the DDM protocol includes three key components: declarations for device functionality; status channel to track changes in the device state; and extensibility, which allows MDM and devices to report to each other when certain capabilities become available. These elements combined are what make this new version of the MDM protocol so powerful, paving the way for a more responsive device management experience.
New declarative functionality available in SimpleMDM
The initial declarative device management functionality available to all SimpleMDM customers includes Managed Software Updates, support for the service configuration file declaration, and status reports. While Apple's declarative device management already offers more autonomous and proactive device management capabilities, these specific DDM components significantly enhance the experience for both admins and users. From improved reliability and admin control of OS updates and system services configuration to periodic updates via the status channel — these features drastically improve device management.
Managed Software Updates
This new declarative configuration allows admins to schedule the enforcement of OS software updates by a specific date and time while providing device users with enhanced notifications to keep them informed. Managed Software Updates aim to make admins' lives much easier by providing flexible options for defining target updates and scheduling as well as supporting communication with users.
Service configuration files
The service configuration declaration allows admins to configure and manage preferences for system services on macOS devices. Services include sshd, sudo, bash, zsh, Apache httpd, and any others that support them. Previously, there wasn’t a standardized approach for configuring these system services on devices in enterprise environments, leaving it up to the end user to configure them themselves. Now, with Apple’s MDM protocol officially supporting a standard way to manage these services, admins and end users benefit from increased ease and security.
Status reports
SimpleMDM now subscribes to status reports for devices with declarative device management enabled. Status reports are a new device-driven communication channel between the device and the MDM server. These allow the MDM to receive instantaneous updates when a device’s state changes. A few examples include when the state of passcode compliance or FileVault status changes, an app or OS update has finished installing, or an OS update has failed.
Currently, you can view these status reports in the Logs section of the admin interface. We will continue to make these status reports more human-readable and integrate them more deeply into business logic over time.
What’s next for declarative device management?
With all current Apple operating systems now supporting this proactive approach to device management, adopting and implementing DDM capabilities will be an on-going process for our team. We look forward to updates from Apple’s Worldwide Developers Conference (WWDC) this year as well as customer feedback on our initial implementation.
We’ll update this page as new declarative device management features are available in SimpleMDM.
For more information about Apple’s declarative device management, check out these resources:
