Jamf Nation Community

Thanks @reon

You've described what the scenario i have is.
What i'd like to do is find out whether the current application on the Mac was installed using a unique AppleID 'A' or if it was from the Apple ID associted with our VPP 'B'

I wonder if there's a way to pull which Apple ID was used from the application or receipt, i'll have a look now.

Well, you did mentioned 'A' APP is outdated.

Assuming latest version is 5.1
You can make use of computer smart group feature, create a smart group with criteria "application version is not 5.1", then it shall give you a list of Mac with outdated APP.

Hope I helped.

@reon

That was my first thought, though ideally i'd like something that we can use to replace any apps that were not installed with the VPP Apple ID but for this particular application i'll use the older version to locate them, thanks for your input

Another interesting result is how many times the application has been opened

mdls /Applications/SonicWALL Mobile Connect.app/ -name kMDItemUseCount

Anybody better at scripting than me want to turn that into an Extension Attribute? I would be grateful, as would others I'm sure.

@May Thanks May, that mdls command just helped me now. Still a valid way to check VPP status

@erichughes you'd want to do something like like

#!/bin/sh
VPPtest=`mdls /Applications/ApplicationName -name kMDItemAppStoreReceiptIsVPPLicensed | cut -d = -f 2 | xargs`

[[ "$VPPtest" == "1" ]] && echo "<result>VPP Licensed</result>" || echo "<result>Not VPP Licensed</result>"

This assumes you just have 1 application you want to check for. Replaced ApplicationName with your app name, the cut step only prints the field after the = sign, xargs drops any spaces, and then the final line tests if VPPtest is 1 — if it is, the extension attribute will print VPP Licensed; if it's anything else, it prints Not VPP licensed. Hope this helps you get something operational

Thank you very much for that. It will help a lot in transitioning apps to VPP, without just removing them all.

This feature request would help with the deployment of your VPP apps to the computers already utilizing the App via an App Store download in one policy - https://www.jamf.com/jamf-nation/feature-requests/8213/add-script-option-to-vpp-deployment-macos

@erichughes the only thing I would be aware of is that VPP apps don't always receive their license immediately. I found that running the mdls command immediately after an app was installed usually returned (null) because the VPP field doesn't exist at all yet. Within a pretty small amount of time (I didn't test rigorously but let's say 5-10 mins) the license was assigned and I got the expected 1 response.

I'm using the mdls to populate a smart group that then is scoped to a policy to remove the non VPP version of the app. The computer then falls into another smart group that is scoped to receive the VPP version. Works pretty well, we have a lot of computer in the population that use personal Apple IDs to download and install AppStore apps that we are moving to VPP. The biggest issue currently is the lag between app removal and new VPP app push. Sometimes super fast some times not so much.