App Deployment to Supervised and Managed iPad

sepiemoini
Contributor III
Contributor III

Greetings, all! I am fairly new to iOS MDM with Jamf Now so apologies in advance.

I am testing iOS deployment using Apple Configurator 2 for all non-DEP enrolled iOS devices for a future MDM rollout. I have created a blueprint for this iPad and have enabled the Apple Configurator 2 setting in my JSS (running v9.92) as well. The details of the blueprint being used are fairly simple. I have it installing a profile with the wireless network settings and being enrolled to the specified JSS as a supervised device with some modified Setup Assistant settings. Please find these details below, for reference.

a4527049f81b460c9d6d4afa8190056a
9e923eb37a5d4814975e9b8a3445dd7a
bcbd80a8293242cab037b9628eaac37c
8d22a4f84d074af1aacd382eda74a3e0

The iOS device is quickly provisioned and enrolled into my JSS as expected. Where I am having an issue is with app deployment. I have tried to deploy Self Service as an application directly from the blueprint and also tried doing this from the JSS as an automatic installation. These applications have been properly purchased (though they are both free) with our VPP account and have been added to the JSS as available VPP apps. Regardless of which deployment method is used, I am unable to install the applications on the iOS device without providing iTunes Store credentials.

fd31ede792074f4d9deccc4e4e4fc828
a52fa8a1967a4900b2ba83a80c17248c

It is my understanding that the basic requirements needed for device-specific app deployment are met with my configuration. Those requirements are provided below and also listed here for reference.

• The JSS v9.82 or later • Computers with macOS v10.11 or later and/or mobile devices with iOS 9 or later • A VPP account set up in the JAMF Software Server (JSS) • App Store apps or VPP store apps (including custom B2B apps) purchased through Apple's Volume Purchase Program (VPP)

Does anyone have any insight as to why this is not working as intended?

1 ACCEPTED SOLUTION

sepiemoini
Contributor III
Contributor III

So I believe this issue was due to a combination of the following: not using JSS 9.96 and a database issue the master node. For the former, a JSS upgrade was performed so I am now running v9.96 in my organization. The latter required some MySQL database updates as well as modifying my ciphers in the server.xml file on my proxy JSS server. Because Apple VPP requires that a master node is identified during app deployment, this is what was causing my apps to stay in a pending state and eventually fail. The above issue with iTunes/Apple ID credentials needing to be passed was likely an issue with running iOS 10 in v9.92. Thank you all for your help :)

View solution in original post

8 REPLIES 8

Stephen_Perry
New Contributor III

For the apps in which you are attempting to deploy, do you have "Assign VPP Content" checked under the VPP tab?d8c92bd932024b42917dccde82bcb50a

sepiemoini
Contributor III
Contributor III

iMatthewCM
Contributor II
Contributor II

Hey @sepiemoini , I think I saw you mentioned you've tried deploying Self Service both through Configurator, and an auto-install from the JSS. I've seen a lot better results when deploying Self Service manually from the JSS. Here's a great Jamf Nation KB article outlining the process: https://www.jamf.com/jamf-nation/articles/370/manually-deploying-self-service-mobile-for-ios

The only two things I want to add to that:
1. We need to go to the VPP store and "buy" licenses for Self Service first, because we need to be assigning VPP content for it. So, grab the licenses, and set up the app as described in the article, but make sure to Assign VPP Content. It sounds like you might already have licenses for Self Service, so if you do, right on. Just assign it :)
2. Make sure, for step 16, that you modify that <string> entry to reflect your JSS URL

Give that a whirl if you like :)

Everything else is looking really good from what I can see, and I'm glad you're having success with Configurator enrollments. I'm a big fan of using Configurator!

sepiemoini
Contributor III
Contributor III

@matthew.mitchell Thanks for the suggestion. I went ahead and checked out the post you provided and made the necessary changes to the app policy but alas, no luck there either. As you had expected, I had already "purchased" the free apps from the VPP site and confirmed that the purchases showed up in my JSS. I went one step further and restarted my Tomcat service this morning to see if that would make any difference.

For reference, I have provided a few screen captures to highlight the steps that I have taken so far. And of course, for security reasons, I have edited the screen capture showing the App Configuration tab of the Self Service Mobile app and removed my organization's JSS url.

750cde0250c442929badd674e9e88fba
fbc265846fb641dea9af711597bd843d
164268f0f01e4c42ae77244865a7c2ce
58e277f167164559a9edc0ce187626e5
568755685b2a4b33b6ee35d79d2ce0f6
0a64c7efdbfc43c895a88b81ab0174d9
4cdcb31173c34f5aa9582c6023d25125
d6e47214e98b4f09a75872c9cdbd66e8
eb28a9a27d394965acd98ae837009cf3
35d6a2a13aa04ea88f67be08941637f3

iMatthewCM
Contributor II
Contributor II

@sepiemoini Ah ha, I should have spotted this earlier, my bad :) Looks like in your original post, you mentioned that we're running 9.92, and the screenshots posted of the devices indicate it's running 10.1.1

Unfortunately, JSS 9.92 isn't fully compatible with iOS 10 or later. We'll want to get on 9.96.

I would imagine if you had an iOS 9.3.5 device sitting around you could test with, this would probably work great as-is.

If you need any assistance upgrading your JSS from 9.92 to 9.96, that'd be a great thing to call the General Line for, or opening a new Support ticket here on Jamf Nation. The general process, though, is this:

  1. Make a backup of your database
  2. Stop Tomcat
  3. Run the installer downloaded from Jamf Nation (under My Assets)
  4. Restart Tomcat

And if you're using a DMZ, make sure to upgrade that as well. All webapps should be on the same version.

Hope that helps!

sepiemoini
Contributor III
Contributor III

@matthew.mitchell Hey! I was having the same issues on an iPad running 9.3.1 as well though I haven't checked again since restarting Tomcat. Give that the device-based app deployment was first introduced with JSS 9.82, I'm positive that it not working on my iPad running 9.3.1 doesn't bode well for the argument for upgrading to 9.96 to fix this issue. With that said, I have a pending change order in place to perform this upgrade in the coming weeks :)

sepiemoini
Contributor III
Contributor III

So I believe this issue was due to a combination of the following: not using JSS 9.96 and a database issue the master node. For the former, a JSS upgrade was performed so I am now running v9.96 in my organization. The latter required some MySQL database updates as well as modifying my ciphers in the server.xml file on my proxy JSS server. Because Apple VPP requires that a master node is identified during app deployment, this is what was causing my apps to stay in a pending state and eventually fail. The above issue with iTunes/Apple ID credentials needing to be passed was likely an issue with running iOS 10 in v9.92. Thank you all for your help :)

sepiemoini
Contributor III
Contributor III

So I believe this issue was due to a combination of the following: not using JSS 9.96 and a database issue the master node. For the former, a JSS upgrade was performed so I am now running v9.96 in my organization. The latter required some MySQL database updates as well as modifying my ciphers in the server.xml file on my proxy JSS server. Because Apple VPP requires that a master node is identified during app deployment, this is what was causing my apps to stay in a pending state and eventually fail. The above issue with iTunes/Apple ID credentials needing to be passed was likely an issue with running iOS 10 in v9.92. Thank you all for your help :)