Support Home > Devices > Software Management: macOS and iOS

Software Management: macOS and iOS

You can easily manage software applications for your macOS and iOS Mobile Device Management (MDM)-enrolled devices with JumpCloud’s Software Management. Managing software apps saves you time and ensures that your users can access the apps they need. You can also reclaim licenses that are no longer used to control software costs.

You can remotely add and assign purchased Volume Purchase Plan (VPP) applications from Apple Business Manager (ABM) and preconfigured custom app packages to devices or device groups:

VPP Apps – Available through an account with ABM or Apple School Manager (ASM). VPP lets you install software applications and third-party preconfigured custom app packages on macOS and iOS devices that run version 10.15, 11.x, or 12.x or later. See Set Up Apple’s VPP. Using the App Store Restrictions Policy can prevent VPP and Custom App deployments from installing.

Preconfigured Custom App Package – Developed by you or a third-party to meet a specific business need for your organization. The installation is facilitated by JumpCloud MDM, rather than by ABM or ASM. Preconfigured custom app packages can be hosted at these types of publicly-accessible, secure repositories:
- A customer repository
- A third-party repository
- A self-hosted repository (such as an Amazon Web Services S3 Bucket)

Note:

This article uses the term iOS devices to include iPhones and iPads.

You should carefully investigate the apps you are providing to your users. A preconfigured custom app package must be a product archive that is a developer-signed distribution package. These non-ABM app packages must be accessible from a URL that points to the package location that you enter in the JumpCloud Admin Portal. The app package is validated before it is added to the software inventory list.

Prerequisites

An account with ABM or ASM is required, with the role of Administrator or Content Manager.
MDM is configured for your organization. Each macOS or iOS device must be enrolled in MDM. See Set Up MDM.
VPP is configured. See Set Up Apple’s VPP.
All packages must be hosted with Transport Layer Security (TLS).
Determine the preconfigured custom app packages that you want to deploy.
Devices must be in a supervised or device-enrolled state.

Installing macOS and iOS Apps

You can use Apple’s VPP to purchase and manage bulk licenses for apps from the Apple Store. JumpCloud lets you assign those licenses to your macOS and iOS managed devices.

You can also install preconfigured custom app packages that are validated by JumpCloud.

Installing VPP Apps

To install VPP apps:

Locate the macOS or iOS app you want to install:
1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
2. Go to DEVICE MANAGEMENT > Software Management.
3. Select Apple.
4. Click refresh list to see the list of purchased macOS/iOS apps available for your organization. The list displays Supported Devices, Location Name, and Command Status for each app. If needed, you can search for an app.
  
  The Command Status column shows the number of successful results out of the total number of pending actions. A status may not register as successful yet if it is still queued or if there was a communication interruption. See Installation Status for further details.This search is for the Xcode app:
5. You can also filter your search by supported device families or location name..
6. Select the app you want to install. Learn more about the app by clicking view in app store in the Details tab.
7. Verify that there are enough available licenses. The Details tab displays the available number of licenses and the total number of purchased licenses.
8. To supply a managed configuration for an app, select Supply Configuration and enter the AppConfig (AppConfig Community ) XML file for the app. The XML is not validated but needs to be a valid SML property list in AppConfig format.
To deploy the app to all devices in a device group, you can bind the app to a group. A license is linked to each device’s serial number:
1. Select the Apple app you want to install.
2. Select Device Groups.
3. Select the checkbox for each device group that will access the app.
4. Click save, then click save again. The app is now available on the devices that belong to the device group.
To deploy the app to a specific device:
1. Select the VPP app you want to install.
2. Select Devices.
3. Select the checkbox for each device that will access the app.
4. Click save, then click save again. The app is now available on those devices.
Check the installation status:
1. Select the app and select Status.
2. View the Status column to see the installation status:
  - Install Pending – The app is queued for installation.
  - Command Sent – The install command was received by the device.
  - License Failed – There are not enough available licenses.
  - Command Failed – The installation command was sent but the installation might have been interrupted due to communication issues.
  - Uninstall Pending – This device has not responded to the request to remove the device and reclaim the license. The task will be completed at next check-in.
  - Uninstall Success – The device has been removed and the license reclaimed.
3. Click view to see more details about the status of the installation:
If needed, you can retry Retry for these statuses: Command Sent, License Failed, and Command Failed.
1. Retrying an installation will send the install command a second time, which may result in errors if the command was recently sent.
2. If an installation fails, you might need to purchase more licenses. Verify that you purchased enough licenses. See Set Up Apple’s VPP to purchase licenses for your apps.
The Command Timestamp column shows the last action time, which will help determine if you should retry for a more recent version.
If needed, a bulk Retry Commands action is available on the Status tab.
1. Select devices with the checkboxes or select all by selecting the top checkbox.
2. Any devices with the status of Command Sent or Command Failed will be resent.
3. View available license counts:
  - Select the Apple app.
  - Select Details. The available number of purchased licenses displays, as does the total number of available licenses.

Viewing App Status

To view App Status in the Device Details tab:

Use the Device panel’s Apps tab to see the Apps installed on the device (for macOS or iOS devices only).

Log in to the JumpCloud Admin Portal: JumpCloud Login .
Go to DEVICE MANAGEMENT > Devices.
Select the device, then select Apps to see the installed apps, location, device family, and app status.

Installing Custom App Packages

Tip:

If a third-party package URL does not indicate the application version (for example, https://host.com/path/application.pkg), consider hosting these packages yourself to control the package version you provide to your users.

You should carefully choose third-party hosted app packages that are hosted on a site that uses the TLS protocol. This is especially important if the package URL does not indicate an application version, such as https://host.com/path/application.pkg. If the third-party updates the package served by the URL, new installations of the package will silently fail. You must then revalidate the package from the Software App aside to update the package details. Instead of using a package URL hosted by the third-party, consider hosting these packages yourself to have full control of the package version.

To install preconfigured custom app packages:

Locate the installer package for the app you want to install:
1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
2. Go to DEVICE MANAGEMENT > Software Management.
3. Select Apple, then click (+).
4. On the Details tab, enter a unique display name in Software Description.
5. Add the app’s URL location to Software Package URL. Generally, you’ll paste this here as the URL can be long. The app package size must be smaller than 500 MB.
Click Validate to check that the app package URL meets these requirements and can be installed:
- Valid and accessible from anywhere
- Resolves to a signed distribution-style .pkg package file
- Response size is greater than 0
- Package will be read to calculate the file checksum
- Package will be opened to read app details
  After the URL is validated, the Software Name and Software Version fields are automatically populated. If a third-party package URL does not indicate the application version (for example, https://host.com/path/application.pkg), consider hosting these packages yourself to control the package version you provide to your users.

Warning:

JumpCloud does not support dynamic links where versions of the linked .pkg file could change over time. Validation will fail if the linked .pkg file is updated from the original version that was used when it was validated.

To deploy the application immediately to an MDM-managed device:
1. Select Devices.
2. Select the devices where this app will be deployed. To select all devices, select the checkbox next to Type.
To deploy the application immediately to an MDM-managed device group:
1. Select Device Groups.
2. Select the groups where this app will be deployed. To select all device groups, select the checkbox next to Type.
After you select a device or device group where you’ll deploy this app, click save to install the app.

Warning: If you do not select a device or device group after you validate the URL, clicking save creates the app instance but does not install the app anywhere.

Click save again to confirm that you want to deploy the app to the selected devices or device groups. The new app appears in the software inventory list in the Apple tab.
Verify that the app was installed by selecting the app and selecting Status.

Removing Preconfigured App Packages

If you no longer want to deploy a preconfigured custom app package or if you don’t want to manage the app through JumpCloud, you can delete it. Deleting a preconfigured custom app package removes it from the software inventory of Apple apps. Deleting the app does not uninstall it.

Warning:

Removing a VPP package from a device or a device group uninstalls that package from the associated endpoint .

To remove preconfigured custom app packages:

Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
Go to DEVICE MANAGEMENT > Software Management.
Select Apple.
Locate the preconfigured custom app package you want to remove and select the checkbox next to the app. You can also select more than one app to remove.
Click delete.
Type 1 if you’re removing one app package. If you’re removing more than one, type the total number of app packages.
Click delete. The preconfigured custom app package is removed from the software inventory list, but is not uninstalled.

Reclaiming Licenses

JumpCloud binds a macOS device to an app. If you unbind the device from the app, JumpCloud automatically reclaims the license. If you remove the device that is bound to an app, JumpCloud can reclaim the license from that device and from other unknown devices. After you reclaim a license you can apply it to another managed device.

Users can continue to use free apps even if the license gets reclaimed from a device. When using a paid app, the user can use the app until it updates and then be asked to repurchase the app.

To reclaim macOS licenses:

Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
Go to DEVICE MANAGEMENT > Software Management.
Select Apple.
Select the desired Apple app.
Review the number of available and used software licenses in the Details tab.
Click reclaim licenses to get licenses that were released by Apple and other licenses used by unknown serial numbers.
View the number of available and used licenses. If the available and used license count stays the same, you might need to buy more licenses from ABM or ASM. See Set Up Apple’s VPP to purchase licenses for your apps.

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case

Build the Foundation for a Unified Stack