What's the best way to get an App Store app onto many iOS devices? If those devices are supervised, the best way is to use MDM and Apple's new Managed Distribution method. I'll demonstrate how to do that using AirWatch below. (Other MDM providers have similar capabilities. Check with your favorite.)
- Make sure you will meet the requirements: VPP, MDM, Supervision, and a common Apple ID.
- Link your MDM provider to your Apple VPP account
- Invite your MDM "users" to your VPP program
- Use VPP to "purchase" apps (even free ones)
- Use MDM to deploy the apps to your users.
Before we start, are you sure you want to do this? Apple Configurator may be a much better solution for the "getting apps onto iPads and iPhones" problem, at least when all the devices are in the same room. But if the devices will be scattered far from the iGeek, then keep reading.
The setup is quite important.
- Make sure your MDM provider your platform version supports iOS 7's new Managed Distribution system. ("New" means November 2013.)
- You'll need to create an MDM user who will own all those devices. You will want to make sure this user is in a new location group.
- You will need to set up an iTunes Volume Purchase Program account for your business or school. Note this requires a new Apple ID, a DUNS number, a pound of flesh, some eyes of newts and toe of dog, and a few days for processing. OK, it isn't that hard, I'm just having fun.
- You'll need an Apple ID to share among your devices. You will want to use the technique to credit an Apple ID without a credit card. (I'm assuming you will be distributing only free apps to your devices, which means you can share the same Apple ID.)
Got it? Good. Now for every iOS device, you'll need to do a few preparation steps. (Hint: If you play your cards right, you will be able to accomplish all of the below in a single stoke.)
- Supervise it using Configurator
- Sign in to the App Store using the common Apple ID (restore a backup image with the App Store user signed in)
- Enroll into MDM (you can do that automatically using Configurator during the supervision process, at least with Casper Suite, AirWatch, MobileIron, and others.)
- Associate the device with the common MDM user (that should be a setting in MDM prior to generating the enrollment profile)
Link your MDM provider to your Apple VPP account
Sign into your VPP Account. In the upper-right corner, click on your Apple ID and then "Account Summary".
In the "Managed Distribution" section, download the VPP token. This contains the credentials your MDM provider needs to link to VPP.
Now log into AirWatch. Navigate to Settings > Apps > Catalog > License Based VPP. Double check you are looking at the correct location group.
Enter a name to describe this connection (I called it "Tekserve VPP") and upload the token. I strongly recommend "Automatically Send Invites" is NOT checked.
Save this config, and you now have linkage!
Invite your MDM "users" to your VPP program
Next step is to invite your MDM users to participate in the program. There is no assumption that the Apple ID is the same as the MDM user's email. In fact, Apple is pretty clear they don't want MDM (or the employer) to ever know an employee's Apple ID. Therefore the MDM system needs to send an email to the users, who click a link to accept enrollment in the VPP program.
I haven't yet figured out how to invite one user at a time, so we're going to have to invite EVERY user in the MDM location group. Now if you have been following carefully, you are working in a location group with only a single MDM user. Cool. Send the invitations by clicking the "(Re)Invite Users" button. There won't be a confirmation, but email will be sent to all addresses the MDM has on file.
Using your iOS7 device's browser, please click on this https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/associateVPPUse... to register for Apple's License Based VPP Program. Registering for the program will enable you to download applications purchased by your organization on your behalf.
Please contact your IT helpdesk if you have any questions: email@example.com
Clicking the link will open the App Store (on an iOS device) or the Mac App Store (on a Mac) and ask for an Apple ID and password.
This organization can now assign apps and books to you.
Use VPP to "purchase" apps (even free ones)
Next step -- there are a lot of steps -- is to use Apple's VPP to purchase an app.
The iTunes VPP store used to have only paid apps. Now it has free apps as well. Today let's install Tiny Death Star, a popular enterprise productivity app. So log into the iTunes VPP store, search for "death star", and "purchase" several copies. You can purchase as many as you want, it's free!
A paid app presents a choice for either downloading old-style redemption codes or new-style managed distribution. Free apps don't get a choice; managed distribution for all.
After purchase, Apple takes a few minutes to prepare your order. Wait until you receive email confirmation before continuing to the next step.
Use MDM to deploy the apps to your users
Back in AirWatch, click on Apps & Books > Applications > Purchased. Now you ask AirWatch to check with Apple, so click the "Sync Licenses" button. This part may take a short time, but in my test I just needed to refresh the page.
Once AirWatch is aware of the app, you can assign it to users. Click the twisted-arrow button.
AirWatch assigns these apps via smart groups only. This article is already way too long, so I won't explain how to create these.
Now decide how many licenses you want allocated to the group.
Now save the assignment. The last step is to publish the app.
In my experience, the app isn't quite ready to publish immediately. So if it doesn't work immediately, wait 15 minutes and try to publish again.
On my test supervised iPod, I get the Tiny Death Star app, automatically downloaded and without any prompts. It works! Woo hoo!
My unsupervised iPhone also received the Tiny Death Star app, and it isn't even enrolled into AirWatch. Hmm.
I understand part of this. I used my personal Apple ID for the test; the same Apple ID I used on my iPhone. Managed distribution works by adding the assigned apps to my Apple ID purchase history. And my iPhone has automatic app downloads enabled. But does this imply that unsupervised devices can also receive silent installs?
Looks like more exploration is needed.
Apple Launches "Managed Distribution" for App Store Volume Purchase Program (VPP) for Business and Education
Apple tonight updated its app Volume Purchase Program with several long-anticipated and important additions. The updates introduce a new "managed distribution" of apps to iOS 7 devices, allowing assignment and revocation' through Mobile Device Management. Here are the highlights:
- Works with most apps available in the public app store (both paid and free), custom B2B apps created for your organization by 3rd parties, and books from the iBooks store
- Either download the legacy redeemable codes, or use managed distribution to link your MDM server to have reassignable apps
- Managed distribution allows your institution to maintain ownership of the apps. Revoke apps from users when no longer needed, and reassign the licenses to different users.
- Managed distribution requires iOS 7 and a suitable MDM.
- MDM providers must be updated to work with the new system. Expect announcements over the next days and weeks.
- App assignment does not reveal the individual's Apple ID to the institution.
- Assigned apps are installed automatically on supervised devices. Unsupervised devices show a prompt to install.
- Education customers will be able to purchase by Purchase Order "coming later this fall". The rest of us need a credit card.
- Education customers are able to set up multiple administrators. The rest of us use a single login.
- Available in Australia, Canada, France, Germany, Italy, Japan, New Zealand, Spain, United Kingdom, and United States.
- Unused codes and codes redeemed by Apple Configurator may be migrated to managed distribution.
We'll have more information coming soon.
Forum topic added by taylor 1 day ago
Forum topic added by Mahesh 1 week ago
Story comment by taylor 2 weeks ago
Mobile Management Provider changed by Aaron Freimark 2 weeks ago
Wiki Page changed by Aaron Freimark 2 weeks ago
Story added by Aaron Freimark 2 weeks ago
Mobile Management Provider changed by Aaron Freimark 2 weeks ago
Forum topic comment by Elizabeth Hale 18 weeks ago
Mobile Management Provider changed by Simo Kari 19 weeks ago
Forum topic comment by jpref 19 weeks ago
Forum topic comment by bugfrisch 21 weeks ago
Mobile Management Provider changed by krypted 21 weeks ago
Mobile Management Provider changed by JAMFSoftware 21 weeks ago
Forum topic comment by spurtipreetham 21 weeks ago
Forum topic added by okta 21 weeks ago
Forum topic added by am.imran.ahmed 21 weeks ago
Forum topic comment by Samuelbrown 22 weeks ago
Mobile Management Provider changed by NeerajOR 22 weeks ago
Forum topic comment by Elizabeth Hale 23 weeks ago
Forum topic comment by taylor 23 weeks ago