WWDC 2026: The declarative era is here

Apple just removed the legacy MDM commands for software update management. As of OS 27, not deprecated with a long runway, not flagged as discouraged, they’re gone. That's a clear signal yet that the declarative era is here.

Here's what WWDC 2026 means for the people managing Apple fleets.

Apple Intelligence dominates the keynote

This year's keynote was almost entirely filtered through the Apple Intelligence and Siri AI lens. The typical platform-by-platform feature announcements were still there, but framed around AI capabilities rather than presented on their own. The message from Apple was unmistakable: Apple Intelligence is now foundational to their platforms, and new features going forward will increasingly build on top of it.

For admins, the AI focus was less directly relevant than the device management session, but it signals where Apple is investing. OS 27 reads more like a polish-and-quality-of-life release than a feature avalanche, which many in the IT community will welcome after a few years of rapid change.

The keynote also carried the weight of a transition moment: Tim Cook's last WWDC as CEO. John Ternus, a deeply product-focused executive, takes the helm next. The hope in the Apple community is that this shift brings renewed focus on quality and experience, a return to Apple's roots, while also sticking the landing on the AI ambitions that defined Tim's final chapter.

Declarative management is now

The most significant takeaway from this year's "What's New in Managing Apple Devices" session was direct: the declarative future is now.

Apple's Cyrus Daboo put it plainly in the session: declarative management isn't on the roadmap anymore. It's shipping, it's in production across fleets worldwide, and Apple is fully committed to it as the management paradigm going forward. The numbers back that up: WWDC 2026 introduced 11 new declarations, 15 new declarative status items, and a range of enhancements to existing declarations.

Some of these are net-new functionality, while others are ports of existing Mobile Device Management (MDM) capabilities into the declarative framework. And one move was definitive: Apple has removed the legacy software update management MDM commands, queries, and restrictions as of OS 27. Software update management now requires the declarative implementation. Full stop.

For admins already on a platform that supports declarative management and its software update functionality, this transition requires no changes — devices keep updating on schedule, users never notice a thing. For those still relying on legacy MDM commands, the clock has run out.

The biggest win for IT teams: Unified privacy consent prompts

If you manage Macs, this is the one to get excited about. Right now, when a user opens an app like Zoom for the first time, they face a cascade of individual permission dialogs (camera, microphone, screen sharing) each appearing at different moments, sometimes mid-meeting, sometimes after it ends. It's confusing for everyone, and it generates a predictable wave of help desk tickets on day one.

With macOS 27, admins can now use declarative device management to configure unified privacy consent prompts. The first time a managed app opens, the user sees a single consolidated dialog with a custom explanation from IT explaining why those permissions matter, rather than a series of interruptions. One click, and they're in. (Screen recording isn't included in this first pass, so there's room for that workflow to improve as macOS 27 matures.)

This change has real operational impact. Onboarding gets smoother, help desk volume drops, and users get a cleaner, less baffling first-run experience. The same capability extends to websites visited in Safari.

More MDM updates worth noting

Managed App Framework comes to macOS. Apple's Managed App framework, previously available only on mobile platforms, is now available on Mac. This expands the management surface for app lifecycle control on macOS.

Managed App Subscriptions are coming later this year. Business customers will soon be able to manage App Store apps that require paid subscriptions, including the new Creative Bundle versions of Keynote, Numbers, and Pages. Previously, apps with subscription requirements couldn't be managed through MDM. This closes a meaningful gap for organizations running creative workflows.

Network configurations move to declarative. Apple migrated credential-reliant configurations (VPN, Network Relay, DNS Proxy, DNS Settings, and others) into the declarative management framework. The practical benefit: you now publish a single certificate asset that all of these declarative configurations can reference, rather than managing certificates separately per profile. Less duplication, cleaner credential management across the board.

Enhanced AppleCare troubleshooting. Device management can now initiate enhanced logging sessions specifically for troubleshooting with AppleCare. It's a quality-of-life improvement that streamlines the support process when issues escalate.

Return to Service polish. Apple continued refining the Return to Service workflow, with additional improvements to the flow's reliability and behavior.

New declarative status items for edge cases. Several new status items are worth watching, including detectors for Lockdown Mode, and indicators for whether a device is currently in Setup Assistant or a Return to Service workflow. These give admins better visibility into device state during sensitive transitions.

Authentication and security updates

Web-based auth and multi-factor authentication (MFA) for user creation. FileVault unlock, the login window, and the lock screen now support web-based authentication and MFA for user creation workflows, a significant upgrade for organizations requiring stronger authentication at the point of account setup.

Authenticated Guest Mode can unlock FileVault. Guest Mode in macOS 27 can now authenticate against FileVault, expanding the usability of managed guest sessions without sacrificing disk encryption requirements.

What this means for your fleet

The declarative framework is now the only supported path for software update management, and Apple shipped 11 new declarations and 15 new status items to show they're not slowing down. Organizations that have been treating declarative as a future investment now have a hard deadline tied to OS 27 adoption.

On the user experience side, the unified privacy consent changes in macOS 27 are the kind of improvement admins can actually point to: less friction at onboarding, fewer help desk tickets, and a first day that doesn't start with a user confused by permission popups mid-call.

The betas are just getting started. We'll be watching closely as OS 27 matures, and Iru will be ready.