Home iOS Apple is changing its MDM system in iOS/iPadOS 15

Apple is changing its MDM system in iOS/iPadOS 15


If your business uses Apple products, it’s very likely you also make use of its mobile device management (MDM) protocols to manage your fleet. Be forwarned, there are big changes coming with iOS 15.

Putting your device in control

Apple announced changes to its MDM system at WWDC 2021, introducing a new approach it calls “declarative management.” It’s designed to give each device more power and more responsibility, and replaces the server-heavy reactive MDM approach in use today (where a device is enrolled, profiles are downloaded, and appropriate action happens once the device confirms its status).

IT admins know that reactive MDM systems can strain management servers at certain times. With its autonomy, Apple’s approach helps reduce that workload and increases performance and scalability; it should make a particular difference when managing large fleets of Apple products.

As a result, the device becomes more autonomous and proactive, policing itself to ensure it maintains your company’s security and device policies. Under this model, the device doesn’t need to interrogate the MDM server for everything.

Check your MDM vendor for support

One thing it does require is that your MDM system supports Apple’s new approach. Most MDM solutions vendors have begun working with Apple’s new technologies and I anticipate many will be ready to roll with support for declarative management on the day the new operating systems are released.

Individual devices are still constrained by the MDM security policy, but can better assess some states rather than seeking help from the server. The devices will also proactively send updated information to servers as required.

A little on how it works

Explaining the system at WWDC, Apple described three main components. Developers and IT admins will want to go in depth with the feature on their developer channel, but a deeply simplified description of what is available follows:

Declarations: These JSON objects define policy and how the device should be configured. They manage device configuration, reference data, activations, and management functions. Your permission to request a new login password is set on the device, for example.

Copyright © 2021 IDG Communications, Inc.