Help

Multiple MDM Environment - Best Practice

wangl2
Contributor

Posted on ‎07-12-2017 09:51 PM

Hi Guys,
Here is the current situation:

1. Already running AirWatch with iPads, implemented VPP and DEP.

2. Already running JAMF with iMacs, going to implement VPP and DEP.

3. Evaluating Microsoft InTunes, going to test with iPads and iMacs with VPP and DEP
So how many different VPP and DEP accounts do we need?

Here is what I did so far:

1. I created another Admin account under the same Apple Deployment Program account.

2. I added in JSS for iMacs with no errors. I haven't used it yet.

3. AirWatch reminded me the sToken is being used by another environment.

4. I need the fund to purchase iPad Apps goes to AirWatch VPP account and the fund to purchase iMac Apps goes to JSS VPP account

Anyone have the similar situation?
Thanks in advance!

Labels:
0 Kudos
3 REPLIES 3

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎07-13-2017 02:53 AM

For DEP, you just need one account. You can add multiple MDM servers into the DEP portal and assign devices as needed.

For VPP, you need different accounts per MDM server as they can't share the VPP tokens.

0 Kudos

mjsanders
New Contributor III

Posted on ‎07-13-2017 03:06 AM

For DEP you need (technically) only 1 account, but for practical reasons you better make secondary admins (agents). All admins in DEP are equal (they can assign devices to all servers). (see it like this: admin accounts work parallel, adminB can change settings made by adminC and vice-versa)

For VPP it is different; your organisation owns a VPP account, with several VPP 'agents' Each VPP agent buys their own set of licences (but are owned by the VPP company name) and each Agent has a VPP Token.
This token is configured on an MDM, and as far as I know can only be used by one MDM server at the same time. (the thing Airwatch reminded you about)
The other way round (one MDM has more than one VPP token configured) depends on the MDM vendor. Jamf support this, Profile Manager not. The other vendors I don't know.

So if you plan to use 3 MDM's, you need (at least) 3 VPP agents, and could work with just 1 DEP agent.

read details here: https://help.apple.com/deployment/business/#/
specifically start here: https://help.apple.com/deployment/business/#/adp4692df4bf

Edit: I see David answered before I typed my responce.

0 Kudos

wangl2
Contributor

Posted on ‎07-20-2017 09:10 PM

Thanks Guys. Just to clarify, to set up multiple VPP account for different MDMs, I need to set up separate Apple Deployment Programs account, not just adding another admin account under the same Apple Deployment Programs account.
Thanks.

0 Kudos