Skip to main content
Skip table of contents

Jamf Pro: Mac App Store Apps

Overview

Jamf Pro offers a great way to deploy Mac App Store Apps to a user's device. There are two types of Mac App Store apps that can be managed through Jamf Pro:

  • VPP licensed apps: Come with an assigned license from Apple's Volume Purchase Program and can be installed automatically for the user

  • Non-VPP licensed apps: Have no licensing information and therefore require the user to install the app themselves from the mac app store

Whether you are wanting to push out VPP licensed apps or just direct user to the right place in the Mac App Store to get the app they need, you can do this using the Jamf Pro: Mac App Store App delivery method.

Before You Start

The remainder of this article assumes that you have an Mac App Store App deployment already configured in your Jamf Pro environment. It will need to be set up to be available through the Self Service app before it can be delivered through AppsAnywhere and we strongly recommend that you test the deployment of the Mac App Store App through Self Service before bringing it into AppsAnywhere to help rule out any problems with Jamf Pro itself before adding the additional deployment workflows that AppsAnywhere adds to the process, which can make it more difficult to resolve any issues that may exist. 

Pre-requisites

In summary, you must ensure that your Jamf Pro Mac App Store App meets the following requirements to import it into AppsAnywhere

  1. You have setup the Mac App Store App and it can be found in Jamf Pro under Computers > Computer Management > Mac App Store Apps

  2. The Mac App Store App is set to Enabled

  3. If the Mac App Store App has no associated VPP licenses:

    1. You have set the Scope such that it will be available to the devices you want to deploy it to through AppsAnywhere (see note on scope in the 'How It Works' section)

    2. The Distribution Method is set to Make Available in Self Service

  4. If the Mac App Store App does have associated VPP licenses:

    1. You have set the Scope such that it will be available to the Specific Computers and All Users (this will then be managed by AppsAnywhere)

    2. Ideally, there will be no other Limitations or Exclusions applied to the Scope (though it doesn't matter if there are)

    3. There are VPP licenses available (i.e on the VPP tab, the value for Total Content is greater than that for In Use)

    4. The Distribution Method is set to Install Automatically/Prompt Users to Install

Deploying VPP-Enabled Apps

VPP-enabled apps are deployed slightly differently to everything else in our Jamf Pro integration workflow. This is because there is no way for the AppsAnywhere Client to actually trigger the deployment of a VPP-enabled app from the user's device. When someone triggers the deployment of a VPP-enabled app from Self Service, it uses a special workflow that requires access to APIs in Jamf Pro that are not accessible to anything other than the Self Service app itself. 

In order to replicate this functionality and still allow the deployment of VPP-enabled apps from within AppsAnywhere, we had to take a slightly different approach. Luckily Jamf Pro allow for the automatic deployment of Mac App Store Apps to devices that are specified in scope, so we can utilize this option to provide the same functionality to the user. 

As specified in the pre-requisites above, if you want to deploy a VPP-enabled app via AppsAnywhere then you need to set it up a little differently in Jamf Pro. By setting the Scope as restricted to Specific Computers and the Distribution Method to Install Automatically, you provide AppsAnywhere the ability to add devices to the scope when users click launch (and therefore request the deployment of an app to their device). When AppsAnywhere adds the device to the scope of a Mac App Store App that is set to Install Automatically, Jamf Pro automatically manages the deployment of the app to the user's device using MDM without us having to do much at all. 

Obviously there is a risk of this not happening as expected, so we still launch the AppsAnywhere Client on the user's device to check that everything is set up properly to allow MDM deployments before requesting the deployment through AppsAnywhere. It optionally then stays open and waits to check that the deployment begins and keeps the user updated with progress. 

Adding A Delivery Method

Start by adding a new Jamf Pro: Mac App Store App delivery method to your chosen application, as described in the Jamf Delivery Methods article. 

A lot of the fields you will need to configure are common to all delivery methods in AppsAnywhere, such as the Operating System Compatibility, Display Name, Launch Button Text and the Restrictions. For more information on configuring these values, see the Common Delivery Method Settings article. This section focuses on the settings specific to the Jamf Pro: Mac App Store App delivery method. 

The following table describes each field and setting available when creating this type of delivery method, it's intended value and an example for each.


Field Name

Description

Intended Value

Example

Jamf Pro Server Environment

The environment from which the Mac App Store App will be delivered, as defined in the Manage Jamf Pro Environments section

The name of the Jamf Pro environment that the Mac App Store App is defined in, selected from the list of options

Jamf Pro Production

Select Mac App Store Application

The Mac App Store App that you wish to deploy through AppsAnywhere

The name of the Mac App Store App, as defined in Jamf Pro, selected from the list of options

Shazam

Resource URL

The URL from which the Mac App Store App will be deployed, as specified in Jamf Pro

This is a non-editable field, intended to help you determine you have selected the correct Mac App Store App

https://....

Bundle ID

The Bundle ID for the app, which will be used to launch it once it is deployed

This is a non-editable field, intended to help you determine you have selected the correct Mac App Store App

com.xxxx.yyyy.zzzz

Is VPP Licensed?

Indicates whether or not the app has VPP licenses assigned to it

This is a non-editable field, intended to help you determine you have selected the correct Mac App Store App

Checked

Distribution Method

Indicates how the Mac App Store App will be deployed to the target device

Must be set according to whether or not the app is VPP licensed (see notes above)

Install Automatically

Wait For Install

Whether the AppsAnywhere Client splash screen should remain visible to keep the user updated of progress while the app is deploying

If you want the AppsAnywhere Client to remain open and wait to launch the app once it is deployed, this should be Checked.

Checked




Due to a defect recorded in Jamf Pro, we are unable to determine from the API what the value for Distribution Method is set to for your Mac App Store App. You must set this field to the same value that it is set to in Jamf Pro itself. Failure to match this value to the equivalent setting for your Mac App Store App in Jamf Pro will result in unexpected behavior.

So, to configure your new Jamf Pro: Mac App Store App delivery method:

  1. Setup the basic details, operating system compatibility and restrictions as you would with any other delivery method

  2. Choose the Jamf Pro Server Environment from which the Mac App Store App will be deployed

  3. Choose the Mac App Store App you wish to deploy from the Select Mac App Store Application dropdown box

  4. Confirm that you have selected the correct entry by verifying the resource URL, bundle ID and VPP license status

  5. Set the Distribution Method as required and ensure that it matches the value set in Jamf Pro

  6. Choose whether or not you want the AppsAnywhere Client to remain open on the user's device while the deployment is in progress

  7. Click Save

If the save was successful, you will see the form replaced with the following message and your new delivery method will be added to the bottom of the list on the left-hand side

If there were any errors with the data you entered, you will be prompted to correct these before you can continue. 

Only valid Mac App Store Apps will be made available to the AppsAnywhere admin interface. If you were expecting to see an app in the Select Mac App Store Application list but it is not there, check the Mac App Store App in Jamf Pro to ensure that it meets all of the pre-requisites defined in the 'Before You Start' section above.

How It Works

Delivery Method Availability

In order to determine whether or not a Jamf Pro: E-book delivery method is available to the user, the following conditions will be checked on validation:

  • Is the device running macOS 10.11 or higher?

  • Is the Jamf binary installed on the device?

  • Is the device enrolled with a Jamf Pro Server?

  • Can the device connect to the Jamf Pro Server?

  • Is the device classed as "managed" in Jamf Pro?

  • Is the device connected to the same Jamf Pro instance as is referenced in the delivery method?

  • Is the Distribution Method set to the value required based on the VPP licensing status?

  • Is the user's device joined to the domain?

    • If not, is user-level MDM enabled and is it correctly set up on the target device?

Only if all of these criteria are met will the delivery method be available to the user. Keep in mind that it still not be the preferred delivery method for that user environment if there are others defined with higher priorities for that app. 

Mac App Store App Deployment

Non-VPP-Enabled 

Non-VPP-enabled are not deployed to the user's device using Jamf Pro as this functionality is handled by the Self Service app itself, which we are trying to remove as a requirement for the user. 

When a user clicks Launch on a Jamf Pro: Mac App Store App delivery method (assuming it is available to them), a message is sent to the AppsAnywhere Client indicating that the user needs to be directed to the app in the mac app store. The AppsAnywhere Client then launches the mac app store and navigates to the particular app URL that is referenced in the delivery method. 

If Wait For Install is enabled, then the AppsAnywhere Client will prompt the user to install the app from the mac app store and start waiting for the app to be installed, at which point it will launch it. 

VPP-Enabled

The following workflow is followed if the user requests to launch a VPP-enabled Mac App Store App:

  1. A message is sent to the AppsAnywhere Client with the details of the app that needs to be launched

  2. If the app is already installed on the device (as indicated by the bundle ID being registered), the AppsAnywhere Client will just launch it

  3. The AppsAnywhere Client then sees whether user-level MDM is required to deploy the app

    1. If it is, the following command will be run to enable user-level MDM: sudo jamf mdm -userLevelMdm 

  4. When the device is ready to accept MDM deployments, the AppsAnywhere Client will send a request to AppsAnywhere to begin deployment

  5. AppsAnywhere will contact Jamf Pro and add the device to the scope of the Mac App Store App

  6. AppsAnywhere will then contact Jamf Pro to confirm that the app is now in scope for the given device and user

  7. If everything is ok, a success status will be returned to the AppsAnywhere Client

  8. The AppsAnywhere Client will then run the following command: sudo jamf recon

  9. The recon command ensures that Jamf is aware that the app is not currently installed on the device (by running inventory) and triggers it to deploy it immediately if it is not

  10. The AppsAnywhere Client waits for the recon command to complete and then prompts the user to expect the app to be deployed shortly, or starts a timer to wait for the deployment, depending on the value of the Wait For Install setting.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.