How declarative device management transforms Apple MDM

Apple's declarative device management (DDM) is a relative newcomer to MDM. But in only three years, it has become a cornerstone of modern Apple management. You can expect DDM's impact to grow ever more transformative.

April 18 2024 by

Haddayr Copley-Woods

An employee with long light hair and complexion, wearking a black sweater, works on a MacBook managed by Jamf through declarative device management. The background is abstract colors.

At WWDC 2021, Apple's release of declarative device management (DDM) capabilities in its MDM protocol created quite a stir.

It's easy to see why.

What is declarative device management?

Apple describes DDM as a “transformative update” to the existing MDM protocol that allows devices to act proactively and autonomously.

DDM allows an Apple device to be proactive and autonomous through programmed settings. Each device has instructions on how to react to changes in its state. And how to take any action required— without awaiting instructions from a server.

How has DDM transformed MDM?

This change in how devices and servers communicate is nothing short of revolutionary, with effects rippling to nearly all aspects of Apple device management.

The impact DDM has on device security is the most obvious change at first. For instance, if a device drops out of compliance or experiences activity defined as possible malware, it can take action immediately. This means that bad actors have no more lag time during which to strike.

It expands far further than that. DDM:

  • Frees up server-device traffic, speeding performance
  • Allows faster sandboxing and remediation of possible malware, increasing security
  • Requires fewer resources to increase scale and scope, assisting organizational growth.

How DDM works

DDM primarily uses three pillars: declarations, the status channel and extensibility.

  1. Declarations are server-defined payloads sent to devices. They define policies meant to be enforced directly on devices such as accounts, settings, and restrictions. These can be distributed to all users, smaller groups, or even for a single user or device.
  2. The status channel tracks device-state changes. Devices send update reports to the server, which filters those changes to only updates that concern it most. This means more pertinent information arrives far more quickly.

  3. The extensibility inherent in DDM means that maintaining compatibility between different versions of software and different hardware capabilities is not only easier, but also more comprehensive. Automatic synchronization of updated capabilities allows the device to immediately use any useful new features.

Preparing for the future of work

Such a nimble framework delivers immediate speed and increased security. It also allows organizations to welcome the future without waiting for their infrastructure to catch up.

The nature of work has already experienced profound change, such as in remote and hybrid options that save organizations and employees time, money, and effort; BYOD models allowing for privacy and management; and increased expectations that employees will have a choice in which device they use for work. Jamf, partially thanks to new DDM capabilities, has navigated these profound changes with ease.

And there's only more to come.

What's coming next?

While no one has clairvoyance into Apple's future moves, Jamf leaders expect developments in the following areas to be enacted fairly soon:

  • Enhanced security: expect administrative actions to increasingly require proper administrative tooling. This decreases risk from bad actors and plain old human error.
  • More nuanced access: we believe that organizations will have even more ability to granularly control access to services (and facilities).
  • Better, safer user experience: as customized identity capabilities iterate to include more and more providers, each can connect and easily create managed IDs. Users who can use one key to access everything they need for work are happier and safer.

Discover more about DDM

DDM's possibilities can sometimes seem as confusing as they are innovative, and it can be hard to wrap your head around it. That's why Jamf created a straightforward yet detailed paper laying out the details and advantages of DDM. In it, you'll learn ways to take advantage of DDM in your workflows and how Jamf can help.

Read " Declarative Device Management: DDM’s impact on modern management is hard to overstate."