According to MacAdmins, more opportunities for engineers and developers to implement declarative device management solutions should arise at WWDC 2022, at least.
Speaking during the pre-event podcast, the speakers state that Apple will eventually require all mobile device management (MDM) vendors to introduce support for declarative management. Could this include the introduction of declarative device management on Mac?
What is declarative device management?
Apple first introduced declarative device management last year, primarily for two reasons: to make devices more proactive, and to reduce the impact on MDM servers that manage large fleets of devices. This should improve performance and scalability.
"By sending statements to the device and using the status channel, that device becomes more autonomous and proactive. And your MDM solution will manage many facets of the device experience using the MDM protocol," Apple's developer notes explain.
The difference between standard and declarative MDM can be seen as follows:
Standard MDM:
When the MDM sends a command to the device, multiple interactions between the server and the device are required to implement the change. Alternatively, the MDM system should ask the device to update it on any changes made on the device endpoint. The device does not itself monitor for significant changes and will not proactively communicate with the MDM system to inform you that such changes have occurred.
Declarative:
Devices monitor themselves and can notify an MDM system when a change is applied. They can also implement changes faster with less interaction between the server and the device. In part, this battery life also gives the device better protection when it's offline or when the MDM server is unavailable. This is because policies can be applied faster and administrators benefit from more accurate information about the devices in the fleet.
How did Apple build its declarative device management system?
At WWDC 2021, Apple showed off the first version of its declarative device management protocol. It is based on declarations, state channel and extensibility.
What is a Declaration?
A declaration is essentially a political decision given to the device. This can be for account setup or access to corporate services, but can also be applied at the user or device level. You can grant similar privileges to all your users, but assign specific admin rights from their devices, for example.
Claims can include device settings, assets (such as usernames and certificates), and activations, policies that apply to the device. Once a device has pulled all available notifications from the MDM server, it will start applying the necessary policy changes to work with them.
What is the status channel?
In its simplest form, it is used by MDM engines to poll devices for important changes, such as requesting a notification if a device updates its version of iOS. This may trigger additional policies to be assigned to the device corresponding to this newly installed operating system.
What is extensibility?
A good example of what extensibility means in the context of declarative device management might involve updating a device's operating system. The device can notify the MDM server that an update has been made, and then the MDM can assign a new policy that enables a new feature that may not have been supported before. An MDM can also identify devices that have been updated to implement new available features.
Developers can watch a WWDC 2021 session on declarative device management here.
How will Apple improve declarative device management?
We know that Apple has already called declarative device management "the future of device management," which implies that the company will continue to invest in improving its existing system.
It also sends a very clear message to developers that they should prioritize their support of Apple's system in the solutions they provide or, in the case of customers, the MDM systems they choose to use. user.
Apple's first iteration supported iOS devices, implying that the company intends to expand it to its other platforms, including the Mac. Mac integration makes a lot of sense, given Apple Business Essentials and the continued rise of Macs in the enterprise. , but it seems possible that the feature is only available for Macs with an Apple Silicon series chip.
We'll be watching WWDC22 later today to find out if that turns out to be the case. Check back here later for all the highlights of enterprise IT.
Follow me on Twitter or join me at AppleHolic's bar & grill and Apple discussion groups on MeWe.
Copyright © 2022 IDG Communications, Inc.