This article aims to provide useful pieces of information and troubleshooting steps to ensure your Apple Apps deployments and updates are properly functioning with Addigy.
What are Managed Applications?
Managed Applications are applications deployed with Apple Apps that have the "Managed" toggle enabled. Managed Applications can be uninstalled, updated, and configured with Addigy. This is enabled by default for all applications. For info on Managed App Configurations, see Managed App Configuration
What Happens When My Single Location Apps & Books Token Is Spread across Multiple Policies?
A single Apps & Books Token can be used in multiple policies without issue. Doing so will allow you to use the same Apps & Books assets in multiple policies. The available licenses for those assets will be shared by the policies which use the token.
Note: Tokens should not be used by more than one MDM server. If you have recently migrated your devices over from another MDM solution, it is necessary to create a new token solely for use in Addigy to prevent unexpected behavior (even if the previous token is no longer actively being used).
I’m Unable to Save My Apps & Books Token, What Can I Do?
The "Failed to Save, please check token" warning message indicates that there isn't an Apple Push Certificate assigned to that policy just yet.
To remediate this, navigate to Policy > Integrations & Settings > MDM Enrollment Profile and assign an Apple Push Certificate. Try to upload the token once more, and the warning message should be cleared.
I Can’t Deploy Apps via GoLive, What Can I Do?
If you find that you are unable to deploy an app via GoLive because the "Deploy" button is grayed out, the app may not have any available licenses. See the Licenses section below for more information.
Additionally, if you find that the "Apple Apps" tab is grayed out, you most likely do not have Apps & Books set up in the policy for the device. You can check out our article Configuring Apps & Books for information on how to set it up.
How the Auto-Update Feature Works
The device performs mdm audits (~ 1 hour) in which it performs the "Application List" command. We then check the version of the app to verify if it needs an update. If the app is managed and auto-update is enabled in the policy, we queue up the install application command and the device should respond with the "acknowledged" status and queue the installation locally on the device.
Auto-Update Is Not Working, What Do I Do?
In the case that the auto-update does not occur, there are a few items to initially check. For starters, make sure the device is responding to MDM commands and all of the audits are up-to-date. If it is not, there may be an issue with MDM connectivity. A restart of the device may help or full re-enrollment may be necessary depending on the exact issue.
Also be sure to verify if the Apps & Books token is valid and up to date.
If those items check out, try deploying the app via GoLive to see if it successfully installs the updated version.
Error: Apps & Books token metadata does not match our current records
This occurs when the metadata of the Apps & Books location token is modified by a third party (used outside of the Addigy tenant).
Renewing or creating a new token should remediate this error. To prevent it from occurring, ensure that the location token is not being used outside of your Addigy tenant.
Prompt for App Installation on Non-Supervised Devices
Unsupervised devices will receive the following prompt when an Apple App is deployed:
If the prompt is not accepted, the app will not be installed on the device. Be sure to advise your end-users that these prompts must be accepted if you are working with unsupervised machines.
For more information about device supervision, see: Overview: Device Supervision
Enabling 'Apple Apps Uninstall' (in Account > Integrations)
Expected behavior when the feature is enabled ~
Policy:
- If an Apple App is removed from policy, the app will be uninstalled from devices during their next policy deployment.
- If the device is in multiple policies and the same app is assigned to more than one of those polices, the app will not be removed as more than one app assignment for the device record exists.
- There is a 30 minute grace period on device side app removal if token was just renewed.
Device:
- If a device is removed from a policy the app is being deployed from, the app will be uninstalled from the device.
- If a device license is revoked in Policy > Apple Apps > Assigned (numeric count) the app will be uninstalled from the device.
General Troubleshooting Checklist: Apps Failing to Install/Update
Token
Addigy's Apple Apps integration requires communication with Apple Business Manager. The Location Token facilitates this communication, so make sure you are using a valid .vpp token that is up to date.
Renewing an Apps and Books (VPP) Location Token
Licenses
Apps & Books licenses are consumed on a per-device basis. If you do not have enough licenses, you will receive an error on deployment reporting 'no license found'.
To confirm which devices are using licenses, navigate to Policy > Integrations & Settings > Apple Apps and review the Apple Apps Assets section.
The Total, Assigned, and Available columns report the total number of licenses, number of devices using licenses, and remaining number of licenses for each app, respectively.
Select the number in the Assigned column for any app to verify which devices are consuming licenses.
More info about releasing app licenses can be found here: Releasing Apple Apps (Apps & Books) Licenses
If needed, additional app licenses can be purchased in Apple Business/School Manager.
Compatibility
Not all apps are universal. You can verify if an app is compatible with your devices by checking the "Supported Devices" column in the Apple Apps Assets section mentioned above.
Furthermore, the latest version of an Apple App may not be compatible with a device's current OS version. If you notice that a particular application is repeatedly attempting installation on device(s) but is not actually being installed, check the software's release notes/version compatibility to confirm if a later OS/iOS version is required.
Note: Apple Apps can only deploy the latest available version of an application. It is not possible to deploy earlier releases via Apple Apps.
How to Verify if an Application Was Installed via Apple Apps (macOS)
A common reason an app may be failing to install or update on a macOS device is if a non-Apple Apps (VPP) version of the app is already installed (or is simultaneously being deployed to the device via Smart/Public Software, etc.).
To confirm if this is the case, the following command can be run on devices to determine whether an app was installed via VPP (change nameOfApp to the name of the application):
mdls /Applications/nameOfApp.app/ -name kMDItemAppStoreReceiptIsVPPLicensed
- An output of 1 means the application was installed via Apple Apps.
- An output of 0 means it was not installed via Apple Apps.
If an app was not installed via Apple Apps, it will not be possible to update the app via Apple Apps and/or reinstall the app as an Apple App. The app would need to be uninstalled from the device before the Apple Apps version can be installed successfully.
Restrictions MDM Profile preventing Installation
If Addigy reports that an app has been successfully installed but it does not actually exist on the device, a Restrictions MDM Profile may be preventing deployment. The Restrictions MDM Profile provides the ability to allow-list certain applications for iOS and tvOS devices (Restrictions MDM Profile > Apps > Allow Listed Apps). If a profile that includes this setting is installed on an affected device, and the affected application is not included in this allow-list, this is what is preventing deployment. You can resolve this by adding the app to the allow list in the MDM Profile.
Network Interference
Oftentimes we see that the installation of Apple Apps is prevented by a firewall or other network protection mechanism. Try placing an affected device on a Personal Hotspot and re-deploying Apple Apps to confirm if network interference is preventing installation. If this is the case, ensure the necessary port(s) are whitelisted for Addigy & Apple Apps to function: Complete Port Usage for Addigy
My question isn't here, what do I do?
If you have any further questions, please do not hesitate to reach out to us by contacting support@addigy.com