Best Practice for deploying MacOS App AppStore or PKG?

robbo007
New Contributor II

Hi,
Just wondering what's the best practice to deploy MacOS apps to devices? Is it better if the app exists in the AppStore to deploy it that way or to download the app from the developers site and install it as a pkg via a policy?

Thanks,

7 REPLIES 7

sdamiano
Contributor

It honestly depends on what your needs are as a business. That being said, I am now of the mindset that VPP should be avoided unless it is necessary. The VPP error 72 thing seems like it is still a massive issue. Troubleshooting the installations of VPP installations is also next to impossible. At least with policies, you have logs.

For example, at one org I distributed slack via vpp, and at a current org I use installomator. What's great about distributing slack via it's own pkg and not the app store, is that I can rely on slacks built in software update mechanism. With VPP, I was reliant on the app store, which is a black box of how the hell does it work. Slack is also another good example, because at one point in time the app store flavor of slack couldn't do screen sharing while the pkg one could (although that feature might be deprecated now).

That being said there are some apps that you just have to do via vpp, but those apps are typically apple apps.

I'm trying to use Installomator anywhere I can, and package things that are only necessary via package (like things that require postinstall scripts, for example). A lot of people live and die by auto-pkg, and if the requirements of your org are that you have the utmost control over software versions, than auto-pkg is for sure the way to go.

pvcit
New Contributor III

I like vpp apps as they auto update from the app store and I never have to go back and look. Downside is exactly that, they auto update with no feedback (i know when xcode updates because i have to reinstall the tools). My experience with vpp has been set and forget (until more licenses are needed even for free apps). Packages you can customize the install but often not needed anymore as you can do that with a script after.

robbo007
New Contributor II

Thanks for the feedback. Its tough call then. What I see if Jamf really needs to somehow better the built in patching to make it more automatic. I'll start playing around and see what works best for the company.
Regards,

pete_c
Contributor II

It's also a question of QA - if you use Apple's distribution, you lose visibility but you know their apps have been vetted and tested as part of the App Store approval process.

If you pkg-test-deploy yourself, ie autopkg, that obviously requires more time and attention, but also gives you an early warning if, say, new features might confuse your users or require changes to existing configuration profiles.

Using Installomator etc is undoubtedly the easiest, but leaves you at the mercy of whatever is inside that download, and leave you with little to no consistent versioning.

musat
Contributor II

Is there a silent method for installing Mac Apps via VPP? The last time I tried, all that happened was that the AppStore app opened and the user had to be logged in using an Apple ID. Currently, our students do not have Apple IDs that they know about. We do have our student information syncing with Apple School Manager, but we don't currently have a mechanism in place to let our students know their Apple ID information. We are working with 3rd - 8th grade students, so are not looking to add that set of credentials to what we are working with. Not to mention trying to explain another login to our staff.

mainelysteve
Valued Contributor

@musat Opening the App Store and asking for an Apple ID sounds like the device was never assigned a license to the app. Perhaps check your license count in ASM and also ensure you have Assign Content Purchased in Volume under the Managed Distribution tab checked.

musat
Contributor II

That was it, I had not checked the box to Assign Content Purchased in Volume. All it took was adding that. It's been ages since we looked at this, so thank you for pointing out what should have been obvious to us.