
This should offer IT departments the ability to streamline certificate management in particular, it should help in deploying updated certificates, since there will be fewer certificates that need to be deployed.Īctivation: Activations are essentially rules (referred to as predicates) for when specific configurations or actions should occur. One major advantage to assets: instead of installing multiple certificates (or multiple instances of the same certificate), an asset declaration can be applied to multiple configurations. To some extent they function like provisioning profiles in traditional MDM (typically used to deploy certificates). This includes things like user account information, security certificates, and MDM-related service URLs. The declarations designate the various settings, restrictions, and other types of management supported by Apple devices.Īsset: This type of declaration provides supporting information to devices. Under the new system, declarations include four types of directives to managed devices: configurations, assets, activations, and management.Ĭonfiguration: This type of declaration aligns closely with configuration profiles in traditional MDM. I expect that MDM vendors will make this change absolutely invisible to the admin. While this is a change, most of these XML data strings are essentially the same despite the difference in file type. Declarative management drops that approach in favor JSON objects. Up till now, configuration profiles have existed as a. One difference between traditional MDM and declarative MDM is how data is communicated and interpreted.
#Apple server mdm Offline#
They can also evaluate changes to their device state and take appropriate actions, even if a device is offline and cannot connect to the management services or the internet as a whole. Instead of relying on the server polling to get a current device status, devices are now empowered to monitor their own device state and to proactively communicate that to the server/service as needed. This offloads functionality from the MDM server/service. So what is declarative management? And why should I care?ĭeclarative management pushes much of the determination about compliance - and, to some extent, remediation from non-compliance - to the device. It also affects things like bandwidth for apps and overall battery life.

The result can be a reduction in server load and bandwidth for the device (and the network it’s connected to). One of the goals of declarative management is to eliminate this back-and-forth approach. This polling, which can query for almost every piece of device configuration and then send updates to devices to meet compliance, requires a lot of bandwidth for the device and server/services. MDM servers can query devices on an automated basis or on-demand. Polling devices for their status is one of the big things that makes MDM work. MDM can also be used to to query devices for their current state and send MDM commands such as requiring a new password, wiping corporate data from a lost device, or clearing a passcode when the user has forgotten it. Provisioning profiles do just what the name implies: they provision various certificates and other security elements that are key to managed devices that enable them to connect with servers/services that are needed to access enterprise resources.Īn MDM server/service is the glue that ties together the various devices in an enterprise and assigns profiles to them. The contents of a profile are often referred to as a payload. They can even be used to preconfigure enterprise app settings if needed. These files can configure or restrict most of the iOS experience. These actually predate Apple MDM and were first introduced in iPhone OS 2 alongside support for Exchange.


Apple MDM todayīefore we get to what declarative management is, let’s take a a brief recap of Apple’s MDM protocol as it has previously been implemented.Īpple MDM encompasses a handful of different components: configuration and provisioning profiles, the MDM service, and various MDM commands.Ĭonfiguration profiles are strings of XML data that are formatted as.

While declarative management will make its debut with iOS 15 and iPadOS 15, Apple said it will also be supported in macOS Monterey, though not right away. Declarative management, introduced at the company’s developer conference in June, is the first change that modifies the protocol itself. Earlier MDM changes primarily focused on adding new management, security, or deployment features, extending what MDM could enforce. One of the biggest enterprise additions to iOS 15 and iPadOS 15 is a significant change to Apple’s MDM (mobile device management) protocol.
