Speaking during the podcast ahead of the event, speakers said Apple will eventually require all mobile device management (MDM) providers to provide declarative management support. Could this include bringing Defining Device Manager to a Mac?
What is induction device management?
Apple first introduced Definitive Device Management last year, largely for two reasons: to make devices more proactive, and to reduce the impact on MDM servers that handle large fleets of devices. This should enhance performance and scalability.
“By sending advertisements to the device and using the status channel, that device becomes more independent and proactive. Your MDM solution will manage many aspects of the device experience using the MDM protocol,” explains Apple developer notes.
The difference between standard and advertising MDM can be seen as follows:
When the MDM sends a command to the device, multiple interactions between the server and the device are needed to implement the change. Instead, the MDM system must ask the device to update it with any changes made at the end of the device. The device does not monitor itself for significant changes, and will not proactively communicate with the MDM system to let it know that such changes have occurred.
The devices monitor themselves and can notify the MDM system when a change is applied. They can also propagate changes more quickly with less interaction between the server and the device. In part, this autonomy also gives a device better protection when it is offline, or when an MDM server is unavailable. Indeed, policies can be implemented faster and administrators benefit from more accurate information regarding devices in the fleet.
How did Apple build its declarative device management system?
At WWDC 2021, Apple introduced the first version of the Declarative Device Management Protocol. This depends on declarations, channel status, and expansion.
What is a statement?
Advertising is basically a policy decision given to the device. This can be for account settings or access to enterprise services, but it can also be applied at the user or device level. You can offer similar privileges to all your users, but you can for example assign admin rights to specific individuals of their device(s).
Ads can include device configuration, assets (such as user names and certificates), and activations – policies that apply to the device. Once a device pulls all ads available to it from the MDM server, it will start applying any policy changes that are required to work within them.
What is status channel?
At its simplest, MDM engines use this to poll devices for important changes, such as asking for a notification if a device has upgraded its iOS version. This can then set additional policies for the device relevant to the newly installed operating system.
What is scalability?
One good example of what extensibility means in the context of defining device management could relate to the operating system of the device being upgraded. The device can let the MDM server know that an update has occurred and the MDM can then set a new policy that enables a new feature that may not have been supported before. MDM may also be able to identify which devices have been upgraded to deploy any newly available features.
Developers can watch WWDC 2021 session on Declarative Device Management over here.
How will Apple enhance declarative device management?
We know that Apple has already called metadata management the “future of device management,” which means that the company will continue to invest in improving its existing system.
It also sends a message to developers that they should prioritize their support for the Apple system in the solutions they provide, or in the case of customers, the MDM systems they choose to use.
Support for Apple’s first iteration of iOS devices, which in and of itself means that the company intends to expand that to its other platforms, including Mac. Mac integration makes perfect sense, given the basics of Apple Business and Macs continue to rise in the enterprise – But it seems possible that the feature is only available for Macs running the M-series Apple Silicon chip.
Will be Watch WWDC22 Later today to see if that’s the case. Check back here later for all the highlights of your organization’s IT keynote.
Copyright © 2022 IDG Communications, Inc.