Differentiate between a Mac app store app installed via the app store or VPP ?

Hi Andy,

Please correct me if I got you wrong.

First of all, please understand that an APP must be tied with an Apple ID. No Apple ID = no download.

Mac APP Store will prompt end users to key in, download and install the APP by using users' Apple ID.
Because at current moment, the APP has yet been tied with any Apple ID.
Different users will be using different Apple ID to download the APP in same organization. Let's call this Apple ID as 'A'.

VPP, to bulk buy an APP in volumes by using 1 Apple ID(usually created by organization), scoped users are not required to key in any Apple ID. Because the APP has already tied with organization's Apple ID.
Let's call this Apple ID as 'B'.

Now, an APP downloaded by 'A' is outdated, you can't user 'B' to update 'A' APP right?
and 'B' APP can't be installed on the Mac because 'A' APP is still existing, logically you can't install 2 same APP in 1 Mac.

Under VPP Content, there are informations of quantity of APP purchased and number of in use.
If you purchased 30 contents because you have 30 Macs, but in used only 28, which means remaining 2 are still using 'A' APP.

I hope I answered to your question. Cheers.

Thanks @reon

You've described what the scenario i have is.
What i'd like to do is find out whether the current application on the Mac was installed using a unique AppleID 'A' or if it was from the Apple ID associted with our VPP 'B'

I wonder if there's a way to pull which Apple ID was used from the application or receipt, i'll have a look now.

Well, you did mentioned 'A' APP is outdated.

Assuming latest version is 5.1
You can make use of computer smart group feature, create a smart group with criteria "application version is not 5.1", then it shall give you a list of Mac with outdated APP.

Hope I helped.

@reon

That was my first thought, though ideally i'd like something that we can use to replace any apps that were not installed with the VPP Apple ID but for this particular application i'll use the older version to locate them, thanks for your input

Another interesting result is how many times the application has been opened

mdls /Applications/SonicWALL Mobile Connect.app/ -name kMDItemUseCount

Anybody better at scripting than me want to turn that into an Extension Attribute? I would be grateful, as would others I'm sure.

@May Thanks May, that mdls command just helped me now. Still a valid way to check VPP status

@erichughes you'd want to do something like like

#!/bin/sh
VPPtest=`mdls /Applications/ApplicationName -name kMDItemAppStoreReceiptIsVPPLicensed | cut -d = -f 2 | xargs`

[[ "$VPPtest" == "1" ]] && echo "<result>VPP Licensed</result>" || echo "<result>Not VPP Licensed</result>"

This assumes you just have 1 application you want to check for. Replaced ApplicationName with your app name, the cut step only prints the field after the = sign, xargs drops any spaces, and then the final line tests if VPPtest is 1 — if it is, the extension attribute will print VPP Licensed; if it's anything else, it prints Not VPP licensed. Hope this helps you get something operational

Thank you very much for that. It will help a lot in transitioning apps to VPP, without just removing them all.

This feature request would help with the deployment of your VPP apps to the computers already utilizing the App via an App Store download in one policy - https://www.jamf.com/jamf-nation/feature-requests/8213/add-script-option-to-vpp-deployment-macos

@erichughes the only thing I would be aware of is that VPP apps don't always receive their license immediately. I found that running the mdls command immediately after an app was installed usually returned (null) because the VPP field doesn't exist at all yet. Within a pretty small amount of time (I didn't test rigorously but let's say 5-10 mins) the license was assigned and I got the expected 1 response.

I'm using the mdls to populate a smart group that then is scoped to a policy to remove the non VPP version of the app. The computer then falls into another smart group that is scoped to receive the VPP version. Works pretty well, we have a lot of computer in the population that use personal Apple IDs to download and install AppStore apps that we are moving to VPP. The biggest issue currently is the lag between app removal and new VPP app push. Sometimes super fast some times not so much.