You are browsing the archive for Apple.

Apple Volume Purchase Program (VPP) expands but changes nothing around supportability for side loading within Configmgr & Intune hybrid or standalone.

10:40 am in Apple, EMM, EMS, intune, Intune Standalone, scc, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, VPP by Kenny Buntinx [MVP]

 

Great news for our customers!

There are a number of ways of deploying apps to iOS devices throughout your enterprise. You can purchase and assign apps with MDM through the Volume Purchase Program (VPP), or create and deploy your own in-house apps by joining the iOS Developer Enterprise Program. Additionally, if you are in a shared-device deployment scenario you can install apps and content locally with Apple Configurator or your MDM solutions such as Windows Intune.

As more than an half year ago, when I wrote about the following SCUG acticle : “CM12 and intune : Deploying Windows *.ipa IOS Applications requires a *.plist file” , regarding that Apple’s Volume Purchase Program (VPP) was only available in limited countries as Germany and UK . That caused challenges for side loading applications thru your MDM solution such as Configmgr 2012 R2 and Intune on the Hybrid model.

Now Apple has expanded the Volume Purchase Program (VPP) (http://www.apple.com/business/vpp/ ) to a lot of more countries as shown below :

Australia, Belgium, Canada, Denmark, Finland, France, Germany, Greece, Hong Kong, Ireland, Italy, Japan, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Switzerland, Taiwan, Turkey, United Arab Emirates, United Kingdom, and United States.

This will make our life certainly much easier as we have a “Licensed way” of deploying volume licensed apps on IOS and OSX.

Distributing the app with your MDM solution such as ConfigMgr with Intune

To distribute an iOS application, you must have a valid .ipa package and a manifest (plist) file. The manifest file is an XML .plist file that is used to find, download and install any iOS applications that are located outside the App Store. The manifest file cannot exceed 10 KB. For more information, see the relevant Apple documentation.

· The .ipa package must be valid. This means that the package was signed by Apple and the expiration date indicated in the provisioning profile is still valid.

· For iOS applications, Windows Intune can distribute enterprise certificate iOS applications. Not all Apple developer certificate applications are supported.

· Your enterprise must be registered for the iOS Developer Enterprise Program.

· Make sure that your organization’s firewall allows access to the iOS provisioning and certification web sites.

I saw many people having difficulty to upload and deploy the IOS application in the forums and internet. Mainly because they do not have access to a VPP program from Apple, but that is now more or less history. I managed to upload the IOS (*.ipa) application into Configuration Manager 2012 R2, and also manage to download and install the uploaded IOS application to the IPad from the Company Portal however :

GOTCHA: Not all applications have a plist file, it also depends on the MAC OSX (they have been changing the locations in 10.6 and again in 10.9.1. – checkout this thread http://hints.macworld.com/article.php?story=20121101064200135

Currently Configuration Manager 2012 R2 with Intune hybrid is not supporting the whole VPP Program yet. Hopefully they will change that soon!

Hope it Helps,

Kenny Buntinx

CM12 and intune : Deploying Windows *.ipa IOS Applications requires a *.plist file

7:18 am in Apple, CM12, CM12 R2, CM12 SP1, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, deployment types, intune, iOS, ipa, Ipad, plist by Kenny Buntinx [MVP]

 

To side load an application *.ipa you need either to have developed it in-house or bought it from a developer who allows you to side load it and have a correct Apple developer account as well. https://developer.apple.com/programs/ios/

You cannot side load an app that you have downloaded and paid for in ITunes, that would be wrong in terms of license agreements. For those applications ,you can create a link to the application in Appstore and distribute that link.

So if you want to side load an application that you bought from Appstore, I would suggest that you Contact that Company/developer and see if they are interested in selling the application to you that way instead of through the Appstore.

There are a number of ways of deploying apps to iOS devices throughout your enterprise. You can purchase and assign apps with MDM through the Volume Purchase Program (VPP), or create and deploy your own in-house apps by joining the iOS Developer Enterprise Program. Additionally, if you are in a shared-device deployment scenario you can install apps and content locally with Apple Configurator or your MDM solutions such as Windows Intune.

Volume Purchase Program

The Volume Purchase Program (VPP) allows businesses to purchase iOS apps and books in volume and distribute them to employees. You can also get custom B2B apps for iOS that are built uniquely for you by third-party developers and procured privately through the VPP store. MDM solutions integrate with VPP and can be used to assign apps and books to users. When apps are no longer needed, MDM can be used to revoke and reassign them to a different user. Each app is automatically available for download on all the user’s devices, with no additional effort or cost to you. Redemption codes can also be purchased through VPP for use with Apple Configurator, or in situations where MDM is not applicable. To learn more about the Volume Purchase Program at http://www.apple.com/business/vpp

 

GOTCHA: The Volume Purchase Program (VPP) isn’t available in Belgium or Benelux. Up till now, European companies can only subscribe to the VPP program if they are resident in the UK or Germany. This isn’t really helping with our MDM solution, but later in this blog post we show you that we found an alternate solution (unfortunately NOT supported).

Enterprise in-house apps

Develop iOS apps for use by your company using the iOS Developer Enterprise Program. This program offers a complete and integrated process for developing,testing, and distributing your iOS apps to employees within your organization. Distributing in-house apps can be done either by hosting your app on a simple web-server you create internally, or by using a third-party MDM or app management solution. The benefits of managing in-house apps with MDM include the ability to configure apps remotely, manage versions, configure single sign on, set policies for network access such as per app VPN, and control which apps can export documents.

Distributing the app with your MDM solution such as Intune

To distribute an iOS application, you must have a valid .ipa package and a manifest (plist) file. The manifest file is an XML .plist file that is used to find, download and install any iOS applications that are located outside the App Store. The manifest file cannot exceed 10 KB. For more information, see the relevant Apple documentation.

· The .ipa package must be valid. This means that the package was signed by Apple and the expiration date indicated in the provisioning profile is still valid.

· For iOS applications, Windows Intune can distribute enterprise certificate iOS applications. Not all Apple developer certificate applications are supported.

· Your enterprise must be registered for the iOS Developer Enterprise Program.

· Make sure that your organization’s firewall allows access to the iOS provisioning and certification web sites.

I saw many people having difficulty to upload and deploy the IOS application in the forums and internet. Mainly because they do not have access to a VPP program from Apple. I managed to upload the IOS (*.ipa) application into Configuration Manager 2012 R2, and also manage to download and install the uploaded IOS application to the IPad from the Company Portal.

 

Creating a Manifest (plist) File from just an App File

All you need to do is find out the bundle-identifier and bundle-version for your app, then fill in in the template below.

GOTCHA: Not all applications have a plist file, it also depends on the MAC OSX (they have been changing the locations in 10.6 and again in 10.9.1. – checkout this thread http://hints.macworld.com/article.php?story=20121101064200135 and currently CM12 with Intune is not supporting it !

Getting the bundle-identifier and bundle-version from IPCU (iPhone Configuration Utility).

Unfortunately, the app’s bundle-identifier and bundle-version will not be directly readable because an .ipa file is usually signed. However, the data you need is made available through Apple’s iPhone Configuration Utility.

First, download and install the iPhone Configuration Utility (IPCU).

clip_image002

After opening IPCU, click the "Applications" library item, and drag your .ipa file into the list. You should see the following page. The "Identifier" and "Version" columns are the bundle-identifier and bundle-version values respectively.

Now you can create the manifest file. Just copy manifest file contents below and replace the three highlighted values in the metadata dictionary with your own.

1. Replace the bundle-identifier to your identifier..

2. Replace the bundle-version to your version.

3. Replace the app’s name with your custom display name. This will be displayed to the user in an alert asking for permission to install the app.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>items</key>

<array>

<dict>

<key>assets</key>

<array>

<dict>

<key>kind</key>

<string>software-package</string>

<key>url</key>

<string>http://placeholder/url/for/app.ipa</string>

</dict>

</array>

<key>metadata</key>

<dict>

<key>bundle-identifier</key>

<string>com.citrix.RecieverIpad</string>

<key>bundle-version</key>

<string>166</string>

<key>kind</key>

<string>software</string>

<key>title</key>

<string>Citrix Reciever</string>

</dict>

</dict>

</array>

</dict>

</plist>

 

Save the *.Plist file with the same name as the *.Ipa file in the same source folder and you would be able to import your Ipa DT (Deployment type) without any errors. However, I am not taking any responsibility here and this post is AS-IS with no liability what so ever.

Hope it Helps ,

Kenny Buntinx

Enterprise Client Management MVP