Use declarative device management to manage Apple devices
Your organization can manage the state of a device—and maintain that state—by having devices independently apply configurations based on certain criteria. This management process, known as declarative device management, gives you new ways to enforce software updates, deploy configurations, and keep an up-to-date view across your managed devices. To make adoption simpler, the protocol is now part of the existing device management protocol. (To learn what features of declarative device management are available for your devices, consult your developer’s device management service documentation.)
Enable declarative device management
You enable declarative device management by sending a special device management command to a device. For two Apple devices—Mac, and iPad configured for Shared iPad—there’s support for multiple users, and you can also assign declarations to the user channel. To enable declarative device management on both the device and the user channel, you need to send a command to each.
For more information about Shared iPad, see Shared iPad overview.
Define configurations
Because the declarative device management approach is modular, it offers you great flexibility when defining a device’s configuration. Instead of using a one-to-one relationship—with one activation referring to a single configuration and potentially to a single asset—it uses a more efficient approach.
For example, an activation can group, at the same time, all the configurations that need to get applied. To avoid unnecessary repetition, you can use the same configuration in multiple activations. Just as with configurations, assets can similarly be used by multiple configurations. In addition, assets can be updated independent of related configurations. This autonomous approach reduces user impact because the configuration itself remains on the devices. It’s particularly useful when an account’s credential information needs to be updated while avoiding a full resync of associated data and retaining local user settings.
Transition to declarative device management
To help smooth the transition to declarative device management, the existing device management protocol includes various functions. For example, you can embed existing profiles into a legacy profile declaration. Or you can have a device management service take ownership of an already deployed profile and migrate it into a legacy configuration declaration. In this way, you avoid removing an existing profile and replacing it with a configuration that might disrupt the user.
If you send the same setting as a profile and a declarative configuration to a device, the same rules apply as when multiple profiles deliver the setting. For example, if both a profile and a configuration set up passcode policies, the system merges the policies and enforces the strictest settings.
Important: Software update and app configurations that you apply using declarative device management take precedence over the similar device management commands.
Manually install declarations
For devices with iOS 17, iPadOS 17, macOS 14, visionOS 1.1, or later, organizations and device management service developers can perform tests by manually installing a profile containing declarations—from Settings (for iPhone, iPad, and Apple Vision Pro) or from System Settings (for Mac). You can use this option to install accounts, legacy profiles, passcode and screen sharing configurations, certificates, and identities.
Activation predicates
Declarative device management lets devices apply configurations independently based on certain criteria. The criteria are defined as logical conditions that work using predicates.
Activations can include optional predicates that determine whether the configurations referenced in the activation is applied to the device. For activation predicates, you can use available status reports and custom management properties. Your organization defines these custom management properties as integer, string, or Boolean values, or as arrays. An activation can make use of them to determine whether a certain set of configurations should be applied.
The benefit of activation predicates is in smart use cases, where you can preload devices with declarations, which automatically activate when the device management service sends the correct management property. This approach can help avoid complex grouping and scoping on the service side.