Kandji Raises $100M to Advance Apple in the Enterprise | Learn More

Skip to content

The Evolution of Apple's MDM Protocol

Apple first introduced its mobile device management (MDM) framework with the launch of iOS 4 back in 2009. MDM followed a reactive approach to managing devices remotely. That process entailed:

  • Enrollment of the remote device into management;
  • Pushing configuration profiles from a server to the newly enrolled device;
  • Regular, continual polling by the server to confirm that those configurations were still in force.

The back-and-forth nature of this communication puts stress on the MDM server, especially as the number of devices under management grows into the thousands.

Reactive vs Proactive MDM Protocols

With the introduction of iOS 15 in 2021 and a new device-management model called Declarative Device Management (DDM), Apple moved to reduce that stress and to increase the responsiveness of the system as a whole.

DDM shifts much of the management to the enrolled device itself. It allows the device to act independently and proactively when its configuration changes. Rather than waiting for the server to “ask”—typically at pre-defined intervals—whether or not there have been changes, in the DDM framework the device itself notices those changes. It then either notifies the server about the changes or even remediates itself.

See Kandji in Action

Experience Apple device management and security that actually gives you back your time.

Get Started Contact Us

DDM's Three Data Models

DDM relies on three main components:

  • Declarations
  • Status
  • Extensibility


According to Apple’s DDM documentation:

Declarations are payloads the server defines and synchronizes to the device with the declarative management protocol. They represent policies the organization wants to enforce on the device, and other items such as management metadata.

There are, in turn, four declaration types:

Configurations define specific settings on a device, such as passcode requirements, account settings, screen-lock timeouts, and the like.

Assets are details that devices need for configuration.

Activations are configuration data sent to the devices. They can include multiple configurations.

Management is static information, such as your organization name.


The second component, Status, refers to reports sent from the device to the server providing information about the device’s current state. Those reports can cover things like battery health, hardware family (i.e., MacBook Pro, iPad Air, etc.), OS information, serial number, and a host of other details. (For a full list, see the Status Documentation.)


Extensibility is the way devices and servers communicate with each other, letting them know what new capabilities may be available on the server or the device.

Why You Should Use Declarative Device Management

To be clear, DDM is not something that IT admins use. It’s something that MDM solution providers can build into the products those admins use. But DDM should improve the management experience for both admins and end-users. It makes management more automatic, more responsive, and more reliable, which is good for everyone.

It’s also important to note that DDM is not a replacement for traditional MDM, Rather, as Apple’s documentation put it:, “declarative management can co-exist with MDM commands and profiles,” meaning it sits peacefully side by side with MDM in your management solution.


In short, DDM will make managing devices easier. You’ll be able to create more complex management strategies that give you finer control over the devices you manage. You will have better visibility into your devices, allowing for more active and accurate management. And because much of the management burden is taken over by devices themselves, it should ease the load on networks and servers.

Apple has clearly stated that DDM is the future of device management. But all you have to do as an admin or IT manager is make sure your MDM solution is taking advantage of everything DDM makes possible.