Deploying iOS Apps from Intune. How can we do that? Well, as always. It’s simple if you know how. Deploying a VPP (Volume Purchased Program) App is not that difficult. The great thing about VPP Apps is that they don’t need an iTunes account configured on the end point device.
I assume u already have an enrollment profile which can (or already does) deploy Microsoft Company Portal. If not, you should create one. The Company Portal is an important app while deploying like this.
Let’s start!
Using Apple Business Manager or Apple School Manager we’re able to purchase iOS store apps or purchase actual apps with a creditcard. The example below shows how I search and purchase (Get) the Microsoft Authenticator app which is free.
While purchasing the app you’re able to assign it to a location. In my case I only use 1 location for the entire organization. In my example the location doesn’t matter but it’s important while using an MDM like Intune. Licenses could be separated by adding another location.
It’s the same for custom apps. Although they can’t be found in the public iOS store. Your organization should share its Organization ID with the developer first. The developer has to authorize you before you’re able to find the custom app! While this is done the application should be available automatically under “Custom Apps”. There is no need to search it in the iOS App store. Just purchase “Get” the amount of licenses u need and assign it to a location like I did before.
We just purchased (get) the Microsoft Authenticator app for our organization and would like to deploy it. Therefore, we have to configure a VPP token in Intune. Download the token from Apple Business Manager or Apple School Manager: Settings -> Apps and Books -> Download legacy library token.
Open a web browser and navigate to https://devicemanagement.microsoft.com. After logging in you should be able to see “Tenant Administration” in the menu. Navigate to “Apple VPP Tokens” and create a new one.
- Skip this step. We’ve already bought Apps and downloaded the token.
- Select the VPP token file u’ve downloaded before.
- Enter the Apple ID who bought the App. Note: The token we’ve just downloaded does only show/integrate applications we’ve purchased with that specific account.
- Fill in the Token Name. In my case it’s the same as my location to where I assigned purchased apps.
- Chose the Country/Region. This should match with Apple Business Manager / Apple School Manager.
- Chose your account type. Business = Apple Business Manager. Education = Apple School Manager.
- Decide if Automatic app updates are allowed.
- Grant Microsoft permission and Create the actual token.
Note: Purchased apps are linked your Apple ID which you used to logon to Apple Business Manager or Apple School Manager. The token downloaded before only provides Apps bought with the logged on Apple ID. If you bought apps with different Apple ID’s in the same company account you still need extra VPP tokens. You simple need a VPP token for every Apple ID that bought applications in ABM / ASM! If not, you won’t see all applications which you do see in ABM / ASM.
So, we’ve setup Apple Business Manager / Apple School Manager and configured our VPP token in Intune. Microsoft and Apple do sync twice a day. We can wait for this but off course we can manually initiate a sync. In my case this was quite fast…
Navigate to Apps -> iOS Apps. If everything went well, you would be able to see the VPP purchased apps in there without adding them manually. At this point you are ready to deploy. Assign the app to your needs and enjoy! 🙂
Note: Assigned apps should have “Device license” instead of “User license”.