Hey, Mitch!
In order to respect the choices of your partners, you have some solutions with MaaS360 especially at the level of Apple Business Manager in the «policies» section. MaaS360 makes it possible to manage, provisioning, secure and inventory mobile fleets (smartphones, tablets) in SaaS mode regardless of the OS installed on the terminal.
Use federated authentication
Link to your Microsoft Active Directory (Azure AD) domain and use federated authentication for user accounts and authentication.
Learn more about federated authentication
Uploading the Apple VPP token in MaaS360
Upload the Apple VPP token in the MaaS360 portal to manage Apple VPP licenses for specific users, user groups or devices.
Procedure
- In the MaaS360 portal , navigate to the application catalog .
- From the More menu , click Apple VPP Licenses .
- Click Add Token in the upper right corner of the screen.
The Activate License Codes window appears.
- From the Activate License Codes window , provide the following information:
- On the Token Details tab , configure the following options:
- Token Name : Enter a unique token name that helps identify the token.
- VPP token file : From the Apple VPP portal, download the * .vpptoken file .
- Region : Select the region for the token from the drop-down list.
- Automatically add apps : Enable this option if you want to automatically add apps associated with the VPP token to the app catalog. The applications are added to the policies configured in the Policies tab . This setting is not supported for macOS apps.
Note :
- The iTunes and B2B applications associated with the VPP token are uploaded to the Application Catalog.
- Applications that are already in the Application Catalog are not added again.
- Automatically sends new updates for an app that are available in the B2B app store. When an administrator or developer updates the app in Apple Store Connect, these app updates are automatically available for MDM servers configured with a VPP token. It may take up to a day for MaaS360 to receive this update from the B2B app store. Based on the auto-update settings enabled by the administrator on the Portal for iOS, these updates are sent to devices. The custom B2B app update mechanism uses the same rule sets for public store app updates. For more than'Configure application settings on the MaaS360 portal .
- On the Policies tab , configure the following options:
- Remove the app : Choose one of the following scenarios to remove the app:
- MDM control withdrawal
- Selective erasure
- Deletion of the portal or stop of distribution
- Revoke License : Enable this option to revoke the VPP license when the app is removed from the portal or when the app distribution is interrupted.
- Application policies and behavior : Enable this option to restrict data backup to iTunes.
- App Approval : Enable this option to add the app for approval.
- In the Distribution tab , configure the following option:
- Restrict to user groups : The token is available to a specific user group. If you are using a single token, only users in that group receive the applications assigned to the associated Apple VPP. Users in other groups to whom the same apps are sent receive those apps without an associated Apple VPP license. These installations do not reduce the number of licenses.
- Click Submit .
The VPP token is correctly uploaded to the MaaS360 portal and the token status becomes Active .
Note: When the token is revoked, MaaS360 updates the status to Revoked and displays an error message on the Apple VPP (Volume Purchase Program) page. The token can be revoked in the following cases:
- The Apple ID password used to download the sToken token is changed.
- When the VPP license is renewed for thousands of apps at the same time, inventory update requests issued to the Apple Volume Purchase Program (Apple VPP) may mark your account. If your account is revoked this way, you can contact Apple Business Support.
Upgrade Your Organization to Apple Business Manager
Upgrade to Apple Business Manager to continue using the Device Enrollment Program and the Volume Purchase Program. Apple Deployment Programs are no longer available as of December 1, 2019.
If your organization currently uses the Device Enrollment Program (DEP), you need to upgrade to Apple Business Manager . If your organization only uses the Apple Volume Purchase Program (VPP), you can sign up for Apple Business Manager and then invite existing VPP buyers into your new Apple Business Manager account.
Apple Business Manager allows you to purchase content and configure automatic device enrollment in your mobile device management (MDM) solution. Apple Business Manager is accessible on the web, and is designed for technical managers and IT administrators.
Review this information before you upgrade to Apple Business Manager.
Upgrade to Apple Business Manager
To upgrade to Apple Business Manager *, sign in to business.apple.com using your Apple Deployment Programs Agent account, and then follow the instructions. The upgrade process only takes a few minutes.
After you upgrade, Apple Business Manager will have the following information about you:
- Accounts
- Account IDs
- MDM servers
- MDM devices
- Server Tokens
- Device controls
- Other items associated with your account
After you complete the upgrade, access your data from the Apple Business Manager portal . You no longer have access to the Apple Deployment Programs website after you upgrade.
Sign up for Apple Business Manager
To sign up for Apple Business Manager, go to business.apple.com and click Sign up now. You will need to provide information about your business, including your DUNS number, as well as an email address that has not been used as an Apple ID, on any Apple service or website.
Choose a domain for Managed Apple IDs
After signing up or upgrading to Apple Business Manager, you will be prompted to enter your organization's website. Apple Business Manager will create a reserved domain from this address, which will be the default domain for your Managed Apple IDs. For example, if your organization's website is www.mycompany.com, your Managed Apple IDs would look like this: responsable@mycompany.com.appleid.com.
Your Apple Business Manager administrator will be able to change the default domain after the upgrade and add additional domains. All domains added after registration must be verified before they can be used for Managed Apple IDs.
Invite Volume Purchase Program (VPP) buyers to Apple Business Manager
Your organization may have one or more separate VPP accounts. After signing up or upgrading to Apple Business Manager, you can invite them to your new Apple Business Manager account. Learn how to invite Volume Purchase Program (VPP) buyers to Apple Business Manager .
Changes to roles in Apple Business Manager
Apple Business Manager makes some changes to the roles you assign to your users.
Agents are now administrators
The Agent role was the highest level of administrative access for Apple Deployment Programs. Agents were empowered to agree to the terms and conditions of Apple Deployment Programs on behalf of your institution.
In Apple Business Manager, this role is now called Administrator. Your organization can have up to five admins in Apple Business Manager.
Admins are now managers
In the Apple Deployment Programs, admins were responsible for the DEP and VPP programs. When upgrading to Apple Business Manager, existing admins are converted to managers. The table below shows how admin roles are converted to manager roles:
|
Role in Apple Deployment Programs
|
Role in Apple Business Manager
|
|
Admin DEP
|
Device Manager
|
|
Admin VPP
|
Content manager
|
|
Admin who can create and modify other admins
|
People manager
|
|
No
|
Staff
|
Multiple roles can be assigned to a single user in Apple Business Manager. If a user had the admin role in multiple programs, they are assigned all equivalent roles in Apple Business Manager, if applicable. The administrator or people manager can add, remove, or change manager roles after upgrade.
Managed Apple IDs for all roles
When your agent and admins sign in to Apple Business Manager for the first time, their Apple ID becomes a Managed Apple ID. They must then activate two-factor authentication if it has not already been configured on their account.
Additional Information
Find out how to set up and use Apple Business Manager .
* To upgrade to Apple Business Manager, you need a Mac with Safari version 8 or later or a PC with Microsoft Edge version 25.10 or later.
For further information you can see these useful links below :
https://docs.microsoft.com/fr-fr/mem/intune/apps/vpp-apps-ios
https://www.securitylearningacademy.com/pluginfile.php/255415/mod_resource/content/3/iOS%20Guide.pdf------------------------------
Elimane NDOYE
------------------------------
Original Message:
Sent: Sat April 10, 2021 09:35 AM
From: Mitch Lauer
Subject: Broken Auto Update for Apple App Store Apps functionality
I am seeing a consistent issue with Apple App updates and MaaS360 configured with the Apple Business Manager and VPP. Effectively when a given app is updated in the App Store, two things are NOT arbitrary:
1. Seeing the new app version in the MaaS App catalogue in the MaaS dashboard
2. Updated version of the given app on devices for apps configured to auto update in the MaaS dashboard.
I am finding that doing both a hard and soft sync of the VPP token and updating the token does not address this. The only success I have had is to delete the APP from the MaaS app catalogue, ensuring nothing is configured to remove the app from devices by removing distribution etc. and then adding it back into the catalogue.
This solution is not feasible nor easy to address when a customer has a complex configuration involving app distributions to multiple user groups, app bundles or device groups.
I work with a partner who requires setting their APP to not auto-update. When they deliver a new version, I enable auto update until all devices have the most current version of the app and then disable auto update for the app. Having to go through all of this every time for 18+ customers and thousands of devices is untenable.
All communication with tech support has been fruitless in terms of finding a better fix. It seems to me the connector from MaaS360 to the App store is broken.
Anybody have any ideas here?
Thanks,
Mitch Lauer
connecTel Wireless
159 Perry Highway, Suite 200
Pittsburgh, PA 15229
216-970-6981 | Cell
412-339-5775 | Help Desk
412-339-5765 | Direct Dial
