Apple

Pro tip: Use VPP with a 3rd-party MDM suite

Jesus Vigo walks through the steps of setting up Apple's Volume Purchase Program (VPP) with a 3rd-party Mobile Device Management (MDM) suite.

In a recent article, I wrote about how to enroll in Apple's Volume Purchase Program (VPP). While going through the steps to enroll in VPP was a key part of the article, so was providing an overview of the program's offerings for both business and education customers.

After enrolling in VPP and purchasing some apps, one might ask, "Okay, now what?" Luckily, both Apple and 3rd-party Mobile Device Management (MDM) vendors have an answer to that question. Apple allows for users of OS X Server to deploy apps using VPP natively using the Profile Manager service. Those using an alternate MDM platform can still leverage the benefits of VPP simply by configuring their MDM suite* to communicate with Apple's VPP servers for software management.

* Note: While the basics of setting up VPP on a 3rd-party MDM suite will be discussed, it is beyond the scope of this article to cover all MDM suites. I highly recommend reading the technical documentation available for your particular vendor's MDM offering to address any issues specific to your MDM suite.

Before diving in, let's take a moment to review the requirements necessary for using VPP with 3rd-party MDM suites:

  • Apple computer running OS X Server (1.0+)
  • Enrollment in Apple's VPP
  • 3rd-party MDM application
  • Broadband internet access (Ethernet or Wi-Fi)
  • Mobile devices running iOS (7.0+)
  • Each mobile device user must have an individual Apple ID as content is assigned to the device, but the user accepts the license through his or her Apple ID

Let's take a further look at setting up VPP on the MDM suite:

  1. Login to the VPP website. Choose the link to the Business or Education store, whichever your organization is enrolled in (Figure A).
    Figure A
    Figure A
  2. Select Account Summary from the drop-down under the Apple ID (Figure B).
    Figure B
    Figure B
  3. Click the Download Token link next to Managed Distribution under the Account Summary section. This will download the VPP token necessary to establish a link between Apple's VPP servers and your MDM server (Figure C).
    Figure C
    Figure C
  4. Once the token is downloaded, store it in a safe place , because this file contains information that correlates directly with your VPP account and the purchases associated with said account (Figure D).
    Figure D
    Figure D
  5. Next, login to your 3rd-party MDM server. For the purposes of illustrating the setup process, I'm using the Meraki MDM from Cisco (Figure E).
    Figure E
    Figure E
  6. After authenticating, navigate to Organization | MDM to find the Apple VPP Managed Distribution section. Click the link titled Add an Apple VPP account (Figure F).
    Figure F
    Figure F
  7. Enter the VPP account information and upload your VPP token (Figure G).
    Figure G
    Figure G
  8. To verify that the token upload completed successfully and the account is properly linked between your MDM and VPP accounts, navigate to MDM | VPP. Any purchases that have occurred using your VPP account will now show up in this listing, along with the application name, total licenses for the app, and total available licenses not currently assigned (Figure H).
    Figure H
    Figure H

While certain MDM vendors may require an additional step or two to complete the process, these are the essential steps to link your VPP token to a 3rd-party MDM server. From this point on, all device management features can be managed exclusively from your MDM server's console -- except purchasing new apps or books, which must still occur from the VPP Business or Education stores respectively.

Additionally, new purchases may be made at any time using the VPP account, and purchases will automatically appear within the context of the MDM server console for rapid deployment. No additional configuration is required, as all VPP updates are pushed from Apple's servers to the VPP token, and then it's passed on to the MDM suite.

To read a bit more on the Cisco Meraki platform or get an in-depth look at the VPP process from setup to app deployment, review Meraki's KB on how Apple's Managed Distribution model integrates with their MDM suite.

If you have any questions or comments about Apple's VPP or 3rd-party MDM suites, please feel free to chime in the discussion thread below.

About

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 15 years of experience and multiple certifications from seve...

1 comments
tparty9111
tparty9111

Does the MDM have to push the latest updates of Apps (B2B or Public) through to the device?  Does the VPP automatically update the purchases with the latest versions?  Does the VPP or MDM hold a "copy" of the App for redistribution to employees (bulk purchase)? Or if the 3rd party App owner updates their app, does that make the older version unavailable to the purchaser?  I want to make sure my employees don't use updated apps until my technical team has vetted them.... Thanks.

Editor's Picks