Apple Unveils Major MDM Upgrades at WWDC 2025 – From Setup SSO to Seamless Migration and Powerful New APIs. A quick rundown of what’s new in device management from WWDC 2025
Every year, it gives us a sense of just how committed Apple is to the enterprise space – and 2025 delivered in a big way. In the session “What’s New in Apple Device Management and Identity”, Graham McLuhan introduced a wide range of updates that really stood out. The direction is clear: more control, more automation, more integration. Here’s my take on the key highlights.
Apple Business Manager & Apple School Manager: More Control, More Transparency
Apple is expanding its Business Manager even further – taking a major step toward automation. New service APIs now offer structured access to device inventory, AppleCare status for individual devices, and MDM assignments. This is especially valuable for large organizations managing extensive fleets or integrating device data into third-party systems.
One standout update is device migration between MDM servers now being possible – no full reset is needed. With scheduling options, user notifications, and automated execution, Apple makes switching MDMs or consolidating servers much smoother. Apps and settings remain saved – meaning IT teams save a lot of time.
When it comes to Managed Apple Accounts, Apple continues to improve clarity and control. You can now identify and block personal Apple IDs registered under the company domain, giving organizations more visibility and tighter security.
Apple has also enhanced support for Federated Authentication and Account Capture, making it easier to integrate user accounts into the Apple ecosystem.
Setup & Enrollment: Smarter Onboarding, Stronger Identity Focus
As an MDM provider, we know that a secure, user-friendly onboarding experience is key to effective iOS device management. With WWDC 2025, Apple puts an even bigger spotlight on this.
A real game changer is the deeper integration of Platform SSO into the Setup Assistant. Users authenticate via their company account right at setup – and are automatically enrolled. No temp account, no disjointed process. For large or distributed organizations, this improves both the user experience and the security and consistency of rollouts.
Account-driven enrollment has also been enhanced. If a device can’t reach a domain
endpoint, Apple Business Manager now steps in automatically. This reduces
technical issues during rollouts and lightens the burden on IT – especially
helpful for mixed networks or BYOD scenarios.
Other updates like Automated Enrollment for Vision Pro, Authenticated Guest Mode, and Tap to Login for Mac all point to Apple’s focus on shared device use and tighter identity integration. Whether you’re iOS-centric or managing a mixed fleet, these features can integrate smoothly into your existing workflows.
Device Management & Updates: Declarative Management Becomes the New Standard
Apple is doubling down on Declarative Device Management (DDM). Traditional MDM-driven update control is being phased out – a major shift in approach.
For us and for IT admins, this means rethinking how we manage updates – and the benefits are clear. DDM makes update processes more efficient, more reliable, and less dependent on constant server contact.
But DDM goes beyond updates. Apple is expanding its use of the declarative model for configuring core system components. A great example is Safari. Homepages, bookmarks, and security settings can now be managed centrally and consistently – improving both usability and admin control.
Apple is also expanding control over its new Apple Intelligence features. Companies can decide whether to enable tools like the writing assistant, notification summaries, or image generation – a big plus for data-sensitive industries.
FAQ: Declarative Device Management (DDM)
Declarative Device Management is a modern way to manage Apple devices. You define the desired state (settings, apps, policies), and the device takes care of reaching and maintaining that state on its own.
With traditional (imperative) MDM, the server sends direct commands. DDM, on the other hand, uses “declarations” – the device knows what to do and figures out how and when to do it.
– Less network traffic and lower server load
– Faster policy implementation
– Devices act proactively – even offline
– More stable and scalable management for large fleets
DDM launched with iOS 15, iPadOS 15, and macOS Monterey. It continues to expand and is now available for fully managed (“supervised”) devices.
Return to Service: Get Devices Ready Faster
Apple’s new “Return to Service” feature targets shared device environments – from retail and healthcare to classrooms. The big news is that iPhones, iPads, and Vision Pro can now keep managed apps on a reset. Only user data is wiped – apps don’t need to be downloaded again. That saves bandwidth, time, and speeds up turnover.
Vision Pro also has its own reset option, accessible directly via the Control Center or the lock screen. Ideal for training, demos, or clinical use – and a clear signal that Apple is positioning Vision Pro as a serious business tool.
App Management: Fine-Tuned Control for Productive Workflows
App management is getting a serious upgrade. Admins can now define update behavior for each app individually – allowing auto-updates, blocking them, or locking to a specific version. Perfect for security-sensitive or industry-specific apps. A new status channel gives real-time info on app installation and current versions.
With the new ManagedApp Framework, configurations, login credentials, certificates, or identities can now be securely passed to apps. Developers can build highly secure, customizable business apps using this framework.
Another highlight is that macOS apps and packages can now be distributed via Declarative Device Management – not just iOS and iPadOS. You can now mark apps as required or optional on Macs too – with full feedback and control via MDM.
The Bottom Line: Full Speed Ahead for Our Mission
We see Apple’s 2025 announcements not just as technical upgrades, but as clear validation of the path we’re on. Our DNA is efficient, user-friendly, and automated mobile device management – and that’s exactly where Apple is headed with Declarative Device Management (DDM).
We’re especially excited about MDM migration as switching to Cortado is now smoother than ever. Companies can bring over existing devices – no reset, no downtime, and full app retention.
The new Apple Business Manager APIs open up huge potential. We’ll be integrating them early to give our customers maximum control and transparency, supporting modern, privacy-compliant IT operations.
Where Apple’s native services leave gaps, we step in, with hosting via German data centers, a strong focus on data privacy, and expert support that’s available when it matters.
In short: if you’re looking to manage Apple devices productively, securely, and efficiently, without unnecessary overhead but with full potential, you’ve come to the right place. We’re excited to connect.
Smart Apple Device Management Starts Here – with Cortado
See how simple, secure, and efficient iOS device management can be. Our MDM solution combines full Apple compatibility with intuitive handling and strict German privacy standards.