I've been toying around in 9.81 on an iPad Mini on 9.0.1. One thing I've noticed is that while paid apps install without an Apple ID just fine, free apps like Self Service or VLC Player do not. They keep prompting every three minutes or so for you to sign into the App Store. This is fine 90% of the time, but since we have some general use iPads we have situations where we really don't want to have an Apple ID associated.
Does anyone know if there is a way to push Self Service or other free apps out without an Apple ID? Could you "buy" a bunch of licenses for the free app and push it through the VPP similar to how paid apps can now be pushed?
I think you have to have iPad restrictions deployed to the devices with "Require iTunes password for all purchases" unchecked. We were having issues the other day and I realized the restrictions policy wasn't scoped to our lower school iPads, so they were prompting for passwords for each install. Once I scoped the restrictions policy to those iPads, the apps installed without passwords.
Granted this was the other day on JSS 9.8, so it may or may not help you with your 9.81 app deployments without iTunes accounts.
Here's a screenshot of the relevant restriction settings we send to our lower school iPads:
You will also need to "purchase" all of your free apps through your AVPP account now if you want to distribute them that way. It is how Apple does the licensing for it. You don't actually pay anything you are buying a free app to add to the catalog, this is the only way they can require you not to use an AppleID though.
We're actually having the issue with our paid apps - it is prompting to be logged in with an iTunes account. We don't have any restrictions set to require a password, so we're not sure where this is coming from. Is there some other setting we're missing?
Sadly, it looks like that isn't the answer either. I haven't checked all apps, but Notability says VPP licensing is enabled, as does Minecraft. Thanks for the link to that thread.
I also tried adding a specific device serial number thinking perhaps it was a group issue. No luck there either.
For apps to be installed without an account, is it a requirement that they have been purchased with the MDM method from VPP? And not purchased via the spreadsheet method?
It seems to work for some of our Notability apps (though giving fits on other ipads). For Notability we have 500 licenses for MDM plus another 1000+ previously purchased via spreadsheets. Most of our other apps have previously only been purchased with spreadsheets that have since been uploaded to JSS.
@david.yenzer it's my understanding that in order to use device based assignment of apps, the app must first support it and then you have to purchase the app as a managed license rather than VPP codes. I believe it's possible to convert any VPP codes that have not been redeemed into managed licenses. But if the 1000+ VPP codes you purchased for Notability have been redeemed then you cannot convert them to managed licenses.
@david.yenzer I am seeing the same issue on my end. So, right out of the gate, I went to VPP and purchased 10 free copies of Evernote. I added the app in JAMF and deployed it to my test iPad (ios 9.0.2) and it worked beautifully. So, I wanted to test a few more apps. The next 2 apps, OneNote and iTunes U, I followed the same method I did with Evernote but when I deployed them to my test iPad, I was prompted with the message, “ Sign in to Itunes to allow “jamf….” To manage and install apps”. It was very similar to App assignment by user instead of device.
I then tested the same method on a different iPad. I was again able to deploy Evernote without needing to login. Onenote and iTunes U prompted me to login to iTunes on this iPad as well.
But, here is the kicker, I tried one more app, Angry Birds Start Wars II. On my iPad I was prompted to login. On the second ipad, the app installed without requiring a user to login.
So, there appears to be some inconsistency with the product.
Quick update. My account rep pointed out to me that if a device is assigned to a user, the app deployment by device will not work. After I unassigned the device from a user, I was then able to deploy apps to devices without being prompted to login with an Apple ID. I'll need to make a few changes in my environment to accommodate this requirement. I like to assign those iPads to a user for inventory and so that I also have an extra attribute in the JSS to key off of.
We are also having an issue with Self Service installing. It continually prompts for an itunes account which defeats the purpose of setting up a device without one. The device was not set up with a user. We set up a new prestage enrollment without requiring authentication. There is no way to "install" self service except to have it pushed from the JSS. Otherwise it is not connected to the database properly. Pushing a paid app to the device without the Apple ID worked great though.
We got a response from Apple, and I have a point I'd like clarified if some of you folks might be able to chime in...
• All previously purchased redemption codes that were redeemed with Apple Configurator will be converted to managed distribution.
Does that mean exactly what it says? We had been using the old method of distributing apps, which was redeemable codes via Apple Configurator (and sometimes iTunes). The general usage for a classroom of 30 was that 1 license would be burned for the app and the other 29 were recovered and loaded into the JSS. It sounds like this point is saying that the 1 burned app would be invalidated for use with Apple Configurator? Is that accurate? What happens on the user's end? Does the app just go away or become unusable until the license is reassigned and the app is downloaded again via Self Service?
We do plan on moving all iPads over to this method, but the plan wasn't to do them all right now at once, which would involve a lot of resetting and erasing of user data.
Thanks Chris. I also confirmed with our Apple rep, in person, and he explained that while all the codes are invalidated, it will not prohibit continued use of already redeemed licenses. Except that it will not work to push apps to new (previously unassigned) devices, so if you try to push out an app with configurator to a device that previously didn't have that app, it shouldn't work.
I believe that takes care of our concerns and we will proceed with this conversion to MDM licenses.
I, too, am seeing some inconsistencies with pushing managed VPP apps to devices on 9.0.2. All of our shared devices have a unique apple ID for them since they've been out in the wild for a year or two. Here's my workflow:
1) purchase VPP app
2) scope app to vpp assignment for a given set of users
3) scope the app in the app catalog to the user's devices (VPP is NOT checked in the app catalog for this app).
The app gets pushed to the ipads, but they all get stuck at "prompting" and waiting for the apple ID's password. I really need to be able to push apps to devices and NOT need to go around to every ipad I've pushed it to for the password input......
As of today I think we've got it mostly working. We had an issue with our JSS that required support help, but after renewing my hatred for java I think we've got us mostly back up and running.
So we proceeded and had Apple convert our redeemable codes to MDM. Then we went to Global Management > VPP Accounts > and had to Update Purchased Content for each individual app (FUN!)...because apparently it's too difficult to have a seamless integration. (Note: The new app didn't appear in the list for me until after you hit edit/save. You could do multiple apps, probably all of them, but it didn't seem like the app would even appear into the list until you hit edit/save. Maybe it would it you were more patient than me, but I found you could kind of give it a push with the edit/save process.)
Then you get to go back to Mobile Devices > Apps > and update each app to Assign VPP Content (FUN!)
Then you get to figure out that the prior issue with the JSS somehow blew up one of the certificates and none of it works at all! So you go update your cert...or all of them...in that process...
Then try again and you get a message stating you "must login" to download the app. Cancel...and it installs anyway. I then poked the 12 other bears and they all installed. Did not have to enter a user/pw but did see that message pop up a few times. All of these were free apps that we purchased. Will test some paid apps tomorrow, but they worked in the first round so I suspect will work similarly now.
So I think we're mostly rolling now. Probably a few kinks to work out somewhere, either in a JSS update (to get rid of that message when it isn't needed) or something else we need to fix in our settings.
@david.yenzer The issue with VPP MD apps not showing up in the JSS automatically has been a problem for several months now. Last winter, it was working great when we were buying VPP MD apps and assigning to our 1-to-1 users. You'd buy an app in the VPP store and a few minutes later it would be available in the JSS automatically, ready to assign to a user. But sometime last spring, it stopped working and required going in to the JSS and clicking Update Purchased Content on each app as you outlined above. Hopefully this issue will be resolved soon. It is filed with JAMF support under D-009059.
I started deploying shared student carts using AC2 last week. I summarized and posed the workflow here.
If you have an app that is in your JSS and it isn't recognizing the Device-based assignment in the VPP options of the app even through in VPP it shows as device assignable, you may need to force an app refresh
We had an issue where Self Service iOS in the JSS was not picked up the device-assignable option even through it is there through VPP and refreshing the app pulled in the option.
My System has been working quite flawless just need to make sure your smart groups do not have alot of criteria of 10 or more sometime at 5-6 it causes issues as well. So i changed it all over again and my criteria changed from 10 items down to 1 and it has worked great to enroll and deploy and remove and re-deploy so far no hiccups and I'm so glad in moving toward JSS it has helped greatly -
iOS 9.1 - 700+ JSS 9.81.1 Hosted
This is frustrating beyond belief.
1) DEP --> VPP --> JSS is set up correctly with APNS cert, etc.
2) Apps, free and not-free, are "purchased" via the VPP portal at deploy.apple.com
3) PreStage enrollment is happening for OOB iPads. Names are being assigned properly. Supervision set. Configuration profile being applied successfully.
4) VPP user is set up in JSS without issue.
5) Apps, in JSS, are set to be installed automatically upon enrollment.
6) Some Apps do not support device-assgnement yet. For testing, I'm working only with Apps that I've verified to support this in iOS 9 and above.
1) Even Self Service Mobile App is asking for AppleID login and password on the enrolled device.
2) One prompt for every App that is asking to be installed.
The goal is to distribute iPads with DEP --> JSS --> VPP-purchased Apps but without an AppleID. This is supposed to be possible. Apple's documentation says it's possible. JAMF's documentation says it's possible. My reality is that it doesn't work.
If I put in any AppleID on the iPad, the apps then install, but that defeats what I'm trying to do. I don't want to distribute iPads with an institutional AppleID on them.
JSS is at 9.81
Yes, I see the non-free apps in Global Management --> VPP Accounts --> Content. The free ones do not show up there.
On Free App Store apps, In Mobile Devices --> Apps --> Select the App --> VPP Tab, I see a "button" for "Device Assignments" but when I click on it, nothing happens. Yes, the Edit button is checked in bottom right.
On Purchased VPP App Store apps, I see the same "button" for "Device Assignments" and when I click on it, it gives me options for assigning to a mobile device. However, on the iOS side, it's still prompting for an Apple ID.
For the "google classroom" app which is free, I had to go into apple's vpp and basically purchase it again with the amount of licenses I wanted. The content it supposed to refresh in jamf, but doesn't always so I had to manually add it with update purchased content. It was very tedious to have go back and do this for all the free apps already setup in jamf.
The steps I did to ultimately get this to work were as follows:
1. Purchase an app through vpp, didn't matter if it was free or not.
2. Go into jamf>global management>vpp>ensure the app is listed in content. If it isn't then update purchased content.
3. Ipads have to be iOS 9
4. I have had better success if they are enrolled through DEP pre-stage enrollment
5. Assign the app as you have for "Coach's Eye" with the vpp account.
PS: I was able to have all my redeemable codes transfered to managed distribution licenses.
Ah ha! I think it's because I didn't actually "purchase" the free Apps in the VPP portal. Doh! That would explain why the one app shows up as device-assignable but the free ones don't. I'll test this and report back. Thanks for the walkthrough and steps.
I noticed in your screenshot for Coach's Eye that you also have VPP Codes available for that app. I ran into an issue when testing Device Assignments, if there were any VPP Codes assigned to the app I was attempting to deploy, then the device would prompt for Apple ID credentials. As soon as I deleted the VPP codes from the app, then the Device Assignment worked correctly. So keep an eye out for that too!
This is a long shot but it has worked for me ....
In Section Global Management / VPP Accounts / Contents if the REPORTED amount of free apps ordered was in RED writing therefore not equal to TOTAL the pushed apps would ask to log into the iTunes store. I hit refresh couple of times and when both were equal and push the app all went through correctly ....
Now ALL my apps PAID and FREE are opening without asking a iTunes login
Daniel Potvin, CS des Navigateurs
CCT in April -- Toronto Canada
Well the issue has now returned .... we had a major JSS server crash .... we reinstalled all including new JAVA and now on deploying the apps ALL devices ask for an AppleID ... this is getting a little frustrating ... and why doesn't JAMF put a GLOBAL APPS sync refresh to VPP server ?? an alphabetical listing would also be logical !!! Seems JAMF aren't reading this forum anymore....
So, what we figured out is this:
So the solution is, to unassign the app from users and assign it ONLY to devices. Works like a charm for us. Good luck :)