Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Caleb_IT
Caleb_IT Author
User level: Level 1
5 points

Setting up and managing apple devices with Intune

We are trying to figure out the best solution for setting up our company owned apples devices so that we can not only manage the settings and configuration of the devices but also, when needed, install or remove apps from the devices from Intune. Previously we were using one apple account across all devices that only we had access to which allowed us to get the device setup initially before deploying it. Having the same account on all devices also allowed us to deploy apple devices that were actively shared by certain departments and not used by just one person. The problem we would run into is when needing to add or remove apps from the device it would pop up a message to the user of the device that the app was trying to install and then ask for the password to that single apple account.


We recently tried to switch over to using federated apple accounts but didn't find out until after that federated accounts cannot purchase apps from the app store. So is there a way to set up an apple device to be managed by Intune that doesn't require the user to sign in to an account or click any prompts when we try to make a change to the device?


Again, we are using Microsoft Intune to manage all of our devices, IOS/iPadOS and Windows, and the only part of Apple Business Manager that we use is the assigning of devices we purchase to our business. All other settings we deploy to apple devices works including being able to lock and wipe the device. The only functionality that has not worked is being able to control installed apps on the devices without user intervention.

iPad (9th generation)

Posted on Aug 24, 2023 10:16 AM

Reply
Question marked as Top-ranking reply
User profile for user: Strontium90
Strontium90
User level: Level 5
5,319 points

Posted on Aug 24, 2023 11:43 AM

Yes. You are missing a huge part of Apple Business Manager (ABM)... Volume Purchasing Program (VPP). You can volume license or purchase apps from the App Store through ABM. Then install your VPP token into Intune. This will allow you to assign the apps to your devices through device licensing. NO APPLE ID required.


You really want to move away from the one Apple ID approach. This is frustrating manual process, violates software licensing, negatively impacts software developers who charge for their apps, and creates a problem of access on the devices since a common Apple ID can potentially be used by many people.


Log into ABM and start licensing your required apps. Here is a pro tip. $0 x 10 is the same as $0 x 100. If you have 10 units currently, don't license 10 copies. License 100. The reason is that at some point there will likely be an 11th, 12th, etc device. You don't want to go back into ABM to add 1 seat to a free app license. It is a waste of time and it the more commonly overlooked step. Just license more than you need to ensure you can grow without adding more licenses each time a new device appears.


From the sidebar, choose Apps and Books. To help narrow the results, use the filter in the center column to choose platform.



Search for the apps you want to volume license.


In the right panel, choose a location (most business have one) and set the number of seats that you want to license. Again, for free apps, get more than your need to accommodate for future growth. Press the Get button and wait for the right panel to refresh.


Repeat for all the apps that you can from the App Store. Once you have them all in place, then click on your name in the lower left corner and choose Preferences. In the middle column, choose Payments and Billing. When the right pane displays look to the bottom in the Content Tokens section. Click the download link associated with the location with all the licenses.


Once you have the token, import it into Intune. This can be found by choosing Tenant administration > Connectors and tokens > Apple VPP Token.


Import the token and allow up to 15 minutes for Intune to sync the app list from ABM. Once the app list is read, you can manage the deployment of the apps from Intune. Apps > macOS. The type column will show macOS volume purchase program. These are the apps from ABM. Select them so you can scope them to your devices.


And finally, remember that not all apps are available in the App Store. Google Chrome, Acrobat Reader, and Zoom are some common ones to consider. Likewise, if you are deploying the Microsoft apps via the App Store then you do not have access to Microsoft Auto Update (MAU) or support for volume license enabler (if you are business it is unlikely you need to support this).


Hope this is helpful. You can make you like so much easier by embracing the VPP.


Reid


View in context

Similar questions

1 reply
Sort By: 
Question marked as Top-ranking reply
User profile for user: Strontium90
Strontium90
User level: Level 5
5,319 points

Aug 24, 2023 11:43 AM in response to Caleb_IT

Yes. You are missing a huge part of Apple Business Manager (ABM)... Volume Purchasing Program (VPP). You can volume license or purchase apps from the App Store through ABM. Then install your VPP token into Intune. This will allow you to assign the apps to your devices through device licensing. NO APPLE ID required.


You really want to move away from the one Apple ID approach. This is frustrating manual process, violates software licensing, negatively impacts software developers who charge for their apps, and creates a problem of access on the devices since a common Apple ID can potentially be used by many people.


Log into ABM and start licensing your required apps. Here is a pro tip. $0 x 10 is the same as $0 x 100. If you have 10 units currently, don't license 10 copies. License 100. The reason is that at some point there will likely be an 11th, 12th, etc device. You don't want to go back into ABM to add 1 seat to a free app license. It is a waste of time and it the more commonly overlooked step. Just license more than you need to ensure you can grow without adding more licenses each time a new device appears.


From the sidebar, choose Apps and Books. To help narrow the results, use the filter in the center column to choose platform.



Search for the apps you want to volume license.


In the right panel, choose a location (most business have one) and set the number of seats that you want to license. Again, for free apps, get more than your need to accommodate for future growth. Press the Get button and wait for the right panel to refresh.


Repeat for all the apps that you can from the App Store. Once you have them all in place, then click on your name in the lower left corner and choose Preferences. In the middle column, choose Payments and Billing. When the right pane displays look to the bottom in the Content Tokens section. Click the download link associated with the location with all the licenses.


Once you have the token, import it into Intune. This can be found by choosing Tenant administration > Connectors and tokens > Apple VPP Token.


Import the token and allow up to 15 minutes for Intune to sync the app list from ABM. Once the app list is read, you can manage the deployment of the apps from Intune. Apps > macOS. The type column will show macOS volume purchase program. These are the apps from ABM. Select them so you can scope them to your devices.


And finally, remember that not all apps are available in the App Store. Google Chrome, Acrobat Reader, and Zoom are some common ones to consider. Likewise, if you are deploying the Microsoft apps via the App Store then you do not have access to Microsoft Auto Update (MAU) or support for volume license enabler (if you are business it is unlikely you need to support this).


Hope this is helpful. You can make you like so much easier by embracing the VPP.


Reid


Reply

Setting up and managing apple devices with Intune

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up