what is declarative device management

Declarative device management is a new approach introduced by Apple to manage devices more efficiently and effectively. It allows IT administrators to define the desired state of a device, and the device itself ensures it remains in that state. This method contrasts with the traditional imperative management, where specific commands are sent to devices to perform actions.

In the context of the session "What’s new in device management" at WWDC 2024, declarative device management includes several enhancements and new features:

1. Automated Device Enrollment: This feature allows IT teams to ship devices directly to users, enroll them into MDM, customize the setup experience, and ensure they are ready to be managed without physically touching the devices. This is now extended to Apple Vision Pro with VisionOS 2.0 (What’s new in device management).

2. Software Update Management: A new software update settings configuration replaces all legacy MDM software update management commands, profiles, and restrictions. This declaration can be used on supervised devices with iOS and iPadOS 18 and macOS 15 or later to manage all aspects of software updates (What’s new in device management).

3. MDM Commands and Payloads: VisionOS 2.0 supports most configurations and payloads, including passcode policy domains and web content filter payloads, along with new MDM commands like device lock and various settings sub-commands (What’s new in device management).

4. Data Separation: Using either device enrollment or user enrollment with a managed Apple account enables data separation in iCloud Drive, Notes, Reminders, and more. This ensures personal data remains private even on organization-owned devices (What’s new in device management).

These features make it easier for IT teams to manage devices, enforce policies, and ensure compliance with organizational requirements.