WWDC 2026 sets a clear direction for device management: Declarative Device Management becomes the new state of the art
WWDC 2026 brought significant advancements for enterprise IT and Apple device management. With iOS 27, macOS 27, and iPadOS 27, Apple continues to move away from traditional MDM commands and further establishes Declarative Device Management (DDM) as the new standard. Roman Usiatycki, Team Lead Service Specialists, summarizes the key announcements from WWDC’s Device Management session and explains their significance.
Declarative Device Management becomes the new state of the art
The clearest message from this year’s WWDC is that Declarative Device Management is no longer an optional add-on. It is becoming the preferred framework for device configuration, providing organizations with expanded deployment and management capabilities through several new enhancements. Apple is explicitly encouraging administrators and UEM vendors to adopt DDM when implementing new features and functionalities.
- Declarative Credential Management: Apple is extending DDM with native credential management capabilities. This means that when a certificate is renewed, the system automatically propagates the change to all associated configurations without requiring separate profile updates. This significantly reduces the administrative burden of certificate renewals, particularly in environments with numerous per-app VPN or Wi-Fi profiles.
- System Health Status: Beginning with the new operating system releases, MDM servers can use DDM to query a device’s System Health Status. This allows organizations to implement more granular compliance checks without relying on proprietary attestation solutions. Details regarding the available status fields will be published in Apple’s updated MDM protocol documentation.
macOS 27: Migration, content caching, authentication, and more
macOS 27 introduces several noteworthy enhancements for device administrators and UEM providers, the first two of which are also tied to Declarative Device Management:
- Migration Feature: Apple is introducing a migration feature designed to simplify the transition from one Mac to another. Through DDM, administrators can control which accounts, data, and settings are transferred to the new device.
- Content Caching Configuration: Configuration of the Content Caching service can now be managed through DDM declarations, enabling more consistent and centralized configuration management.
- App Configuration: The App Configuration framework, already available on iOS, is now coming to macOS.
- Package Uninstall: UEM-driven package uninstallation capabilities are being expanded. Additional details will be provided in the final documentation.
- Login Screen and Authentication: The macOS login experience is being redesigned and will offer enhanced management controls:
- Mandatory Touch ID: Administrators can require Touch ID for both screen unlock and FileVault unlock operations.
- Web-Based Authentication for Platform SSO: All modern authentication flows, including QR code–based sign-ins, will be supported. Automatic QR code scanning during the authentication process will simplify passwordless authentication scenarios.
iOS 27/iPadOS 27: Privacy prompts, Shared iPad, and business APIs
Several updates are also coming to iOS 27 and iPadOS 27:
- Consolidated Privacy Prompts: Permission requests for access to the camera, microphone, and other resources can now be consolidated. Administrators can define recommended permissions for apps and websites, while users can approve multiple permissions at once instead of responding to individual prompts for each app or site. This helps reduce prompt fatigue in managed environments.
- Authenticated Guest Mode for Shared iPad: Shared iPad devices will soon support an authenticated guest mode, enabling controlled temporary access without requiring a full user session.
- New Apple Business APIs: Apple announced updated Business APIs, including enhancements related to subscription management within Apple Business Manager and the Volume Purchase Program (VPP). Details regarding a new onboarding workflow will be released at a later date.
Assessment: What do the WWDC updates mean for your device management strategy?
With WWDC 2026, Apple is consistently advancing the direction it has been pursuing for several years: Declarative Device Management is becoming the new standard, traditional MDM commands are increasingly being replaced by declarations. For UEM providers, this means that new capabilities will progressively become available only through DDM. Organizations, in turn, benefit from a range of new features that provide greater control, reduce administrative effort, and enable more consistent device management.
We will continue to monitor the final documentation and beta releases and will provide updates through our blog and newsletter as soon as specific compatibility information for various UEM solutions becomes available.
