Jamf Pro: Mac App Store Apps
Overview
Jamf Pro offers a great way to deploy Mac App Store Apps to a user's device. There are two types of Mac App Store apps that can be managed through Jamf Pro:
VPP licensed apps: Come with an assigned license from Apple's Volume Purchase Program and can be installed automatically for the user
Non-VPP licensed apps: Have no licensing information and therefore require the user to install the app themselves from the mac app store
Whether you are wanting to push out VPP licensed apps or just direct user to the right place in the Mac App Store to get the app they need, you can do this using the Jamf Pro: Mac App Store App delivery method.
Before You Start
The remainder of this article assumes that you have an Mac App Store App deployment already configured in your Jamf Pro environment. It will need to be set up to be available through the Self Service app before it can be delivered through AppsAnywhere and we strongly recommend that you test the deployment of the Mac App Store App through Self Service before bringing it into AppsAnywhere to help rule out any problems with Jamf Pro itself before adding the additional deployment workflows that AppsAnywhere adds to the process, which can make it more difficult to resolve any issues that may exist.
Pre-requisites
In summary, you must ensure that your Jamf Pro Mac App Store App meets the following requirements to import it into AppsAnywhere
You have setup the Mac App Store App and it can be found in Jamf Pro under Computers > Computer Management > Mac App Store Apps
The Mac App Store App is set to Enabled
If the Mac App Store App has no associated VPP licenses:
You have set the Scope such that it will be available to the devices you want to deploy it to through AppsAnywhere (see note on scope in the 'How It Works' section)
The Distribution Method is set to Make Available in Self Service
If the Mac App Store App does have associated VPP licenses:
You have set the Scope such that it will be available to the Specific Computers and All Users (this will then be managed by AppsAnywhere)
Ideally, there will be no other Limitations or Exclusions applied to the Scope (though it doesn't matter if there are)
There are VPP licenses available (i.e on the VPP tab, the value for Total Content is greater than that for In Use)
The Distribution Method is set to Install Automatically/Prompt Users to Install
Deploying VPP-Enabled Apps
VPP-enabled apps are deployed slightly differently to everything else in our Jamf Pro integration workflow. This is because there is no way for the AppsAnywhere Client to actually trigger the deployment of a VPP-enabled app from the user's device. When someone triggers the deployment of a VPP-enabled app from Self Service, it uses a special workflow that requires access to APIs in Jamf Pro that are not accessible to anything other than the Self Service app itself.
In order to replicate this functionality and still allow the deployment of VPP-enabled apps from within AppsAnywhere, we had to take a slightly different approach. Luckily Jamf Pro allow for the automatic deployment of Mac App Store Apps to devices that are specified in scope, so we can utilize this option to provide the same functionality to the user.
As specified in the pre-requisites above, if you want to deploy a VPP-enabled app via AppsAnywhere then you need to set it up a little differently in Jamf Pro. By setting the Scope as restricted to Specific Computers and the Distribution Method to Install Automatically, you provide AppsAnywhere the ability to add devices to the scope when users click launch (and therefore request the deployment of an app to their device). When AppsAnywhere adds the device to the scope of a Mac App Store App that is set to Install Automatically, Jamf Pro automatically manages the deployment of the app to the user's device using MDM without us having to do much at all.
Obviously there is a risk of this not happening as expected, so we still launch the AppsAnywhere Client on the user's device to check that everything is set up properly to allow MDM deployments before requesting the deployment through AppsAnywhere. It optionally then stays open and waits to check that the deployment begins and keeps the user updated with progress.
Adding A Delivery Method
Start by adding a new Jamf Pro: Mac App Store App delivery method to your chosen application, as described in the Jamf Delivery Methods article.
A lot of the fields you will need to configure are common to all delivery methods in AppsAnywhere, such as the Operating System Compatibility, Display Name, Launch Button Text and the Restrictions. For more information on configuring these values, see the Common Delivery Method Settings article. This section focuses on the settings specific to the Jamf Pro: Mac App Store App delivery method.
The following table describes each field and setting available when creating this type of delivery method, it's intended value and an example for each.
Field Name | Description | Intended Value | Example |
|---|---|---|---|
Jamf Pro Server Environment | The environment from which the Mac App Store App will be delivered, as defined in the Manage Jamf Pro Environments section | The name of the Jamf Pro environment that the Mac App Store App is defined in, selected from the list of options | Jamf Pro Production |
Select Mac App Store Application | The Mac App Store App that you wish to deploy through AppsAnywhere | The name of the Mac App Store App, as defined in Jamf Pro, selected from the list of options | Shazam |
Resource URL | The URL from which the Mac App Store App will be deployed, as specified in Jamf Pro | This is a non-editable field, intended to help you determine you have selected the correct Mac App Store App | https://.... |
Bundle ID | The Bundle ID for the app, which will be used to launch it once it is deployed | This is a non-editable field, intended to help you determine you have selected the correct Mac App Store App | com.xxxx.yyyy.zzzz |
Is VPP Licensed? | Indicates whether or not the app has VPP licenses assigned to it | This is a non-editable field, intended to help you determine you have selected the correct Mac App Store App | Checked |
Distribution Method | Indicates how the Mac App Store App will be deployed to the target device | Must be set according to whether or not the app is VPP licensed (see notes above) | Install Automatically |
Wait For Install | Whether the AppsAnywhere Client splash screen should remain visible to keep the user updated of progress while the app is deploying | If you want the AppsAnywhere Client to remain open and wait to launch the app once it is deployed, this should be Checked. | Checked |
Due to a defect recorded in Jamf Pro, we are unable to determine from the API what the value for Distribution Method is set to for your Mac App Store App. You must set this field to the same value that it is set to in Jamf Pro itself. Failure to match this value to the equivalent setting for your Mac App Store App in Jamf Pro will result in unexpected behavior.
So, to configure your new Jamf Pro: Mac App Store App delivery method:
Setup the basic details, operating system compatibility and restrictions as you would with any other delivery method
Choose the Jamf Pro Server Environment from which the Mac App Store App will be deployed
Choose the Mac App Store App you wish to deploy from the Select Mac App Store Application dropdown box
Confirm that you have selected the correct entry by verifying the resource URL, bundle ID and VPP license status
Set the Distribution Method as required and ensure that it matches the value set in Jamf Pro
Choose whether or not you want the AppsAnywhere Client to remain open on the user's device while the deployment is in progress
Click Save
If the save was successful, you will see the form replaced with the following message and your new delivery method will be added to the bottom of the list on the left-hand side
If there were any errors with the data you entered, you will be prompted to correct these before you can continue.
Only valid Mac App Store Apps will be made available to the AppsAnywhere admin interface. If you were expecting to see an app in the Select Mac App Store Application list but it is not there, check the Mac App Store App in Jamf Pro to ensure that it meets all of the pre-requisites defined in the 'Before You Start' section above.
How It Works
Delivery Method Availability
In order to determine whether or not a Jamf Pro: E-book delivery method is available to the user, the following conditions will be checked on validation:
Is the device running macOS 10.11 or higher?
Is the Jamf binary installed on the device?
Is the device enrolled with a Jamf Pro Server?
Can the device connect to the Jamf Pro Server?
Is the device classed as "managed" in Jamf Pro?
Is the device connected to the same Jamf Pro instance as is referenced in the delivery method?
Is the Distribution Method set to the value required based on the VPP licensing status?
Is the user's device joined to the domain?
If not, is user-level MDM enabled and is it correctly set up on the target device?
Only if all of these criteria are met will the delivery method be available to the user. Keep in mind that it still not be the preferred delivery method for that user environment if there are others defined with higher priorities for that app.
Mac App Store App Deployment
Non-VPP-Enabled
Non-VPP-enabled are not deployed to the user's device using Jamf Pro as this functionality is handled by the Self Service app itself, which we are trying to remove as a requirement for the user.
When a user clicks Launch on a Jamf Pro: Mac App Store App delivery method (assuming it is available to them), a message is sent to the AppsAnywhere Client indicating that the user needs to be directed to the app in the mac app store. The AppsAnywhere Client then launches the mac app store and navigates to the particular app URL that is referenced in the delivery method.
If Wait For Install is enabled, then the AppsAnywhere Client will prompt the user to install the app from the mac app store and start waiting for the app to be installed, at which point it will launch it.
VPP-Enabled
The following workflow is followed if the user requests to launch a VPP-enabled Mac App Store App:
A message is sent to the AppsAnywhere Client with the details of the app that needs to be launched
If the app is already installed on the device (as indicated by the bundle ID being registered), the AppsAnywhere Client will just launch it
The AppsAnywhere Client then sees whether user-level MDM is required to deploy the app
If it is, the following command will be run to enable user-level MDM: sudo jamf mdm -userLevelMdm
When the device is ready to accept MDM deployments, the AppsAnywhere Client will send a request to AppsAnywhere to begin deployment
AppsAnywhere will contact Jamf Pro and add the device to the scope of the Mac App Store App
AppsAnywhere will then contact Jamf Pro to confirm that the app is now in scope for the given device and user
If everything is ok, a success status will be returned to the AppsAnywhere Client
The AppsAnywhere Client will then run the following command: sudo jamf recon
The recon command ensures that Jamf is aware that the app is not currently installed on the device (by running inventory) and triggers it to deploy it immediately if it is not
The AppsAnywhere Client waits for the recon command to complete and then prompts the user to expect the app to be deployed shortly, or starts a timer to wait for the deployment, depending on the value of the Wait For Install setting.