Wednesday, October 22, 2014

#jnuc #jamf 10/22 - Simplifying VPP

Comparing VPP to a public library


Why I chose this:

VPP is a key component to any Apple-related mass rollout and management system. I am hoping to grab some tips and hints to help me handle our VPP better.

What I learned (These are loose notes and will be missing actual steps):

JSS Framework
Users, VPP Invitations VPP Assignments, VPP Content Deployment

Compared VPP to being at the public library - what do you want? Get a card. Check it out from the library. Take book home, etc.

VPP Service Token
Purchase content via VPP
SMTP integration active

Use the fields in the JSS with VPP accounts (which email address, etc)
Modify JSS User Accounts and Group Permissions

Users:
Users vs JSS User Accounts and Groups - reframe our thinking, different than users logging into jss.
Assigned to a device
User-Initiated Enrollment
Manual Creation (non-LDAP)
LDAP

Find the computer, Computer/User info, fill in LDAP info
Could use Devices and find user-initiated users
Manually create users (or for testing purposes)

Use LDAP if possible
Enroll with user-initiated enrollment if possible

Fill in various screens (send email to user).

Use Smart Group (Not associated and Not Sent)
Use email invitation
Do not block app store for mobile devices

VPP Assignment
What are you assigning? iOS Apps and/or Mac Apps
Who are you assigning these to?

Create a smart group (VPP invitation is associated - that is, user accepted token)
Select the EDU account
Select user group that have completed process
Limited group to actual staff group
App shows in purchase history

Same thing for Mac or iOS apps. Must be done for each app on each platform

Use a Smart User Group (IS associated)
Be modular and try not to bundle
Content appears in Users' Purchase History

VPP Content Deployment
Computer or mobile device?

Make it available in self-service
Limit to LDAP group who should get the app (Staff, etc)
Save config

Keep your network infrastructure in mind - use self service
Install automatically - conditions that MUST be met
Automatic Downloads - does not need to be enabled

Self service allows users to install the app(s) when THEY want/need them

Revoking apps:
iOS Apps/Mac Apps - yes
eBooks - cannot be revoked

How to revoke (choose one - do not use all of these, though circumstance governs):
Remove user from LDAP Group
Change scope
Change app selection
Delete VPP assignment
Revoke All

Review:
1. JSS Framework in place, configured, VPP token
2. Users
3. VPP Invitations
4. VPP Assignments
5. VPP Content Deployment

Q&A -
For free apps: Nice thing about VPP is updating apps with their apple id.
Other q&a ensued, but I was talking with a colleague about LDAP integration and true SSO for local domain, Google Apps, and JSS


No comments:

Post a Comment