Fix for VPP Apps Not Deploying in Big Sur

dtmille2
Contributor III

I was having trouble getting ANY VPP apps to deploy on Big Sur machines. I discovered that in Big Sur, in the "Restrictions" configuration profile, I had to UNtick "Require admin password to install or update apps". This was not needed in Catalina, but VPP apps will not deploy on our Big Sure Macs unless this box is unticked. See attached screenshot.

Hope this helps someone!

a449ee389d9841e8ae76256a4569febd

18 REPLIES 18

fabienconus
New Contributor

THANK YOU !!!!

I've been pulling my hair out for weeks over this one ! You made my day !

By the way, your text is correct, but you screen capture is not, you circled the wrong line.

alessio_tedesco
New Contributor III

Hi @dtmille2 ,
is this happening for every machine? I've been enrolling a couple bigsur macs with prestage and got no issues installing apps from self service that are VPP managed.

dtmille2
Contributor III

@alessio.tedesco it occurred on every machine I tested. It does not occur with the above restriction unchecked.

dtmille2
Contributor III

Thanks @fabienconus , I corrected that screenshot.

alessio_tedesco
New Contributor III

Hi @dtmille2 I actually fell in this, unchecked the option and it installed only powerpoint , nothing else won't work now. any idea? removing and re-adding the macbook to the scope might help?

dtmille2
Contributor III

@alessio.tedesco I usually cancel any failed command for the device in Jamf Pro. Sometimes I run a recon command on the device via terminal, or force an inventory. Other times I have clicked "Edit" for the App in question, and then "Save" again, and that seems to kick it off. In the end sometimes I delete the device record in Jamf Pro, and erase and reinstall the OS, then reenroll. That final option usually does the trick if all else fails.

thadmin
New Contributor II

Great to know why this was happening, but not a great fix. I originally had to check this item to prevent users from installing apps at will, so turning it off is a problem. Hopefully Jamf fixes this issue before we start deploying Big Sur. We are still testing it now.

fabienconus
New Contributor

@allessio.tedesco: as @dtmille2 mentions you need to clear the failed commands.

Rich Trouton has a script to automate clearing failed mdm commands. I run this once per day:

https://derflounder.wordpress.com/2020/09/25/clearing-failed-mdm-commands-on-jamf-pro/

dstranathan
Valued Contributor II

This does not fix the "error 72" issues with VPP apps and Jamf Self Service.

spowell01
Contributor

This setting also does not appear to be related to the "Bag Load Failed" error message that we are receiving with self service VPP installs on Big Sur. We use Securly and their engineer just tried pointing me to this article but we have not had that setting checked in our environment.
Securly & Big Sur VPP Bag Load Failed error

Musicmaker
Contributor

It's a pity that this setting doesn't apply to the OS install of macOS Big Sur.
When making the Big Sur VPP install available on e.g. macOS 10.15 in Self Service it asks for admin credentials.

dbrady
New Contributor

How can this "fix" to allow users admin access to install apps be the solution from JAMF? They seriously need to fix this. As it is now with this bug, I can't deploy Big Sur in my school with that admin setting.

Has anyone got any word if this has been properly fixed yet? this is crazy giving users rights to install just to get a core component of jamf working!?

thadmin
New Contributor II

We ended up just turning off user access to the App Store completely by checking "Restrict App Store to MDM installed apps and software updates". Generally, we don't allow any software that isn't licensed by the company, so users should have no need to access the App Store.

For Big Sur, it's still necessary to turn off "Require admin password to install or update apps", but not an issue because users can't access the App Store in the first place.

TBenolkin
New Contributor III

I never had that setting checked and I'm getting bag load failed errors.... anyone have tips on this?

Steven_Xu
Contributor
Contributor

PI103070 - PI-009302
Mac App Store apps fail to install on computers with macOS 11.0.1 when Require admin password to install or update apps is selected in the Restrictions payload of a computer configuration profile.

not fix yet 😂

bfrench
Contributor III

The appstore is childs play for a devious student that can download applications from sites and/or use a flash drive.  How can Jamf Protect help out here? We are just diving into how we can manage settings in Jamf Protect.

malevy
New Contributor II

THANK YOU for this. Was working with jamf support for the last week and they were as clueless as I was lol.