Back in 2021, when introducing declarative device management, Apple claimed that it would transform the existing MDM protocol and change it for both IT admins and users. And it did.
Declarative device management (DDM) was a giant leap in device management, and over the years, Apple added to it by presenting new features during Apple’s Worldwide Developers Conferences (WWDCs) and expanding support for DDM to cover all platforms. In this article, we’ve collected everything there is to know about Apple declarative device management, including key insights from WWDC25.
What is declarative device management?
Declarative device management is a management process that allows you to manage devices independently by applying configurations based on certain criteria. In this case, a server sends a description of the desired device state, and the device supports it autonomously.
Looking for how to maintain your organization’s Mac fleet? Check out CleanMyMac Business. It has a lot to offer: fleet-wide malware protection, reports on device compliance, clear metrics helping you assess the health of each Mac, and automation of routine tasks like disk clearing and app updates. Want to test this on your Mac fleet? Try 14 days free here (no credit card required).
Unlike MDM, which is more of a reactive approach to managing and maintaining Apple devices across the organization, DDM is considered proactive because it allows the device to take action based on predefined criteria instead of waiting until they are pushed by the MDM server. As a result, it helps make device information more accurate, allows policies to be applied faster, and maintains the device in the desired state.
Pillars of Apple’s declarative device management
Apple’s declarative device management consists of three main pillars.
Declarations
Declarations are payloads that represent the policies of an organization. They are created by the server and sent to devices. Declarations can be used to configure settings, accounts, and restrictions and deployed at different levels: to individual users/devices or deployment-wide.
There are 4 types of declarations:
- Configurations: these are similar to MDM profile payloads (e.g., restrictions or account settings).
- Assets: reference data that configurations need. They have one-to-many relationships with configurations (many configurations may reference one asset).
- Activations: a set of configurations applied to an enrolled device. They determine how and when the system applies the policies dictated by configurations.
- Management: these declarations convey metadata about the server’s supported details and the organization.
Status channel
Status channel is a communication channel used by the device to report updates to the server. These updates include new information about the device. The server can receive only vital updates by subscribing to specific status items.
Extensibility
Extensibility ensures scalability and the ability to implement new features in the future. It is built into the protocol, and so devices and the server can advertise the changes in their capabilities and use new payloads once they are available.
Why you should adopt DDM
If you are looking for how to make device management more effective, improve real-time updates, and reduce server dependency, Apple’s declarative device management may be the right choice. Here are a few more benefits it has to offer:
✅ Instant communication via the status channel that removes the need for frequent polling.
✅ DDM allows servers to be lightweight.
✅ Declarative device management improves user experience by eliminating unnecessary disruptions (in most cases).
✅ Network bandwidth usage is lowered, and so is the overall complexity of device management.
✅ DDM can be adopted alongside traditional MDM, letting you transition to a new model gradually and seamlessly.
✅ There is no direct cost associated with declarative device management since it is a part of the MDM framework. But you will have to look for a third-party MDM solution (like Jamf Pro) that supports Apple’s DDM.
How to use declarative device management
You can use DDM to manage your organization’s Apple devices. Here are a few important things to consider:
📌 To enable declarative device management, you need to send a special MDM command to your target device.
📌 Declarative device management is modular, meaning that you can group several configurations for one device.
📌 There are different functions to help make the transition from MDM to DDM smooth. For example, there are tools that allow you to avoid replacing existing MDM profiles with new configurations, so the user won’t be distracted. Instead, existing profiles can be turned into legacy profiles, and DDM will take over them.
📌 If you use DDM to manage updates, users get information on when to install any update and when it will be enforced. You also get transparency about update statuses.
📌 Configurations can be applied individually based on certain criteria (activations mentioned above).
WWDC25: Takeaways for organizations
At WWDC25, Apple highlighted important updates to make device management migrations easier. Here are a few main insights related to DDM.
Safari management
Two new declarative configurations will be available in Safari: setting a default homepage and managing bookmarks. It will give IT teams more control over leading employees toward sanctioned web resources, which may be especially crucial in strictly regulated industries. Once implemented, it will also support compliance efforts and make the browsing experience more customizable.
With these new features, all Safari management — from allowing to clear browser history and preventing pop-ups to cookie handling — is now in DDM. Note: the set of features varies across different operating systems, with macOS and visionOS having fewer of them compared with iOS and iPadOS.
Software updates
Apple introduced software updates using DDM in 2023, and is now bringing these features to Apple TV and Vision Pro, meaning that it is now complete across all Apple’s platforms. It will allow IT teams to control update deferrals, define deadlines for updates, and set update cadence.
Apple Intelligence
Apple announced the ability to control the use of Apple Intelligence across all platforms, bringing payload to Vision Pro and visionOS. Now, organizations can enable or disable Apple Intelligence and ensure it meets industry regulations and internal policies using DDM.
App preservation for Return to Service
In industries where devices are shared between users, Return to Service is an effective and quick way to reset devices. This year, Apple improved the process and introduced the ability to preserve managed apps and only wipe user data. This way, there’s no need to redownload the app when giving the device to the next user. Note: it is limited to iOS, iPadOS, and visionOS.
App management
Apple believes that declarative device management is the best way to manage apps, and this is why they presented the new ManagedApp Framework. It will be available across all platforms and will allow the deployment of App Store apps, custom apps, and packages, including self-service applications.
ManagedApp Framework is a new API that lets IT teams securely deploy app configurations (certificates, passwords, settings, identities, etc.).
Apple’s declarative device management has transformed a traditional approach to managing corporate devices, making it proactive and giving more autonomy to devices. If your organization seeks to reduce server load and, at the same time, be in line with internal and industry regulations, it may be a valuable tool, given that your MDM solution supports these features.
