SimpleMDM now supports a number of aspects of Apple’s Declarative Device Management (DDM) protocol. This article covers the DDM components that are currently supported and what to expect.
Enabling Declarative Device Management
The declarative device management channel is enabled automatically on all eligible devices when they check in with MDM. Admins do not need to take any action to enable this.
Legacy MDM protocol functionality will continue to operate normally.
DDM Status Reports
When DDM is enabled on a device, the device will periodically send status reports back to MDM (without the MDM polling for this information). Status Reports provide the current device state with information about the device. Status Reports do not always include the full output of the device state - some reports are triggered by device state changes (such as an OS update), and only include limited information.
When SimpleMDM receives a status report from a device, a log entry will be created with the JSON output from the device.
Declarations (Configurations)
At the moment, the following DDM-specific configurations are available in the SimpleMDM admin interface:
- Managed Software Updates
- Service Configuration Files
- Software Update Settings
- Safari Extensions Settings
- Disk Management Settings
- Background Task Management
- Custom Declarations
Notes:
- When a declaration has been installed, it will be displayed differently from profiles on the device itself. Rather than appearing as a separate profile under System Settings, it will be displayed under the top-level MDM profile details.
- The
profilescommand will not return Declarations in the results. - Declarations are installed/moved to a tamper-proof location.
-
Existing legacy MDM profiles will be migrated to use DDM at a later date.
Further Reading & Learning
For an overview on Declarative Device Management, check out our blog article.
For a deeper dive into Declarative Device Management, see Apple's WWDC videos:
- Meet declarative device management (2021)
- Adopt declarative device management (2022)
- Explore advances in declarative device management (2023)
Known Issues
Legacy DDM profiles fail to update on macOS 14.0. This should be resolved in macOS 14.1+. For macOS 14.0, the updated profiles will need to be removed and re-installed.
