Use declarative device management to manage Apple devices
Your organisation can manage the state of a device — and maintain that state — by having devices independently apply configurations based on certain criteria. This management process, known as declarative device management, gives you new ways to enforce software updates, deploy configurations and keep an up-to-date view across your managed devices. To make adoption simpler, the protocol has been added to the existing MDM protocol. (To learn what features of declarative device management are available for your devices, consult your MDM vendor’s documentation.)
Enable declarative device management
You enable declarative device management by sending a special MDM command to a device. For two Apple devices — Mac, and iPad devices offering Shared iPad — there’s support for multiple users, and you can also assign declarations to the user channel. To enable declarative device management on both the device and the user channel, you need to send a command to each.
For more information about Shared iPad, see Shared iPad overview.
Define configurations
Because the declarative device management approach is modular, it offers you great flexibility when defining a device’s configuration. Instead of using a one-to-one relationship — with one activation referring to a single configuration and potentially to a single asset — it uses a more efficient approach.
For example, an activation can group, at the same time, all the configurations that need to get applied. To avoid unnecessary repetition, you can use the same configuration in multiple activations. Just as with configurations, assets can similarly be used by multiple configurations. In addition, assets can be updated independent of related configurations. This autonomous approach reduces user impact because the configuration itself remains on the devices. It’s particularly useful when an account’s credential information needs to be updated while avoiding a full re-sync of associated data and retaining local user settings.
Transition to declarative device management
To help smooth the transition to declarative device management, the MDM protocol includes various functions. For example, you can embed existing profiles into a legacy profile declaration. Or you can have an MDM solution take ownership of an already deployed profile and migrate it into a legacy configuration declaration. In this way, you avoid removing an existing profile and replacing it with a configuration that could disrupt the user.
If the same setting is sent as an MDM profile and a declarative configuration to a device, the same rules apply as if the setting was delivered by multiple profiles. For example, if passcode policies are configured by a profile and a configuration, the policies are merged and the strictest settings are enforced.
Important: Software update and app configurations applied using declarative device management take precedence over the similar MDM commands.
Manually install declarations
In iOS 17, iPadOS 17, macOS 14, visionOS 1.1, or later, organisations and MDM developers can perform tests by manually installing a profile containing declarations — from Settings (for iPhone, iPad and Apple Vision Pro) or from System Settings (for Mac). You can use this option to install accounts, legacy profiles, passcode and screen sharing configurations, and certificates and identities.
Activation predicates
Declarative device management lets devices apply configurations independently based on certain criteria. The criteria are defined as logical conditions that work using predicates.
Activations can include optional predicates that determine whether the configurations referenced in the activation will be applied to the device. For activation predicates, you can use available status reports and custom management properties. Your organisation defines these custom management properties as integer, string or Boolean values, or as arrays. An activation can make use of them to determine whether a certain set of configurations should be applied.
The benefit of activation predicates is in smart use cases, where devices can be preloaded with declarations, which automatically activate when the correct management property is sent by the MDM solution. This approach can help avoid complex grouping and scoping on the MDM side.