We're in the process of trying to "fix" all our machines that have either computer shipped MAS apps, or user installed versions. But we're having a hard time thinking of a good way to scope them. Scoping them to all computers results in any machine that already has the app just not installing the VPP version. Scoping to computers that DON'T have the app results in the computer falling out of scope after it has the app... which presents potential future issues (if Jamf ever implements "remove app when no longer in scope" for macOS, the computer would sit there and add/remove the app repeatedly).
The "best" way I can think of is using the API to add computers to a static group that scopes the app... but this is super messy and last time I tried this the static group ended up clobbering itself (I believe jamf fixed this bug where adding/removing any members of a static group would cause the group to be recreated from scratch).
So, how are people doing this in a rational way? Ideally we'd just have a policy that ran that deleted the apps, recon'd, then they reinstalled with VPP licensing. Sorry, I should say, IDEALLY, Apple would provide a way to adopt the apps into VPP licensing. Sadly, this doesn't seem to be possible.
Solved! Go to Solution.