How to install iOS apps silently or without the Apple ID?

Description

As mobile devices are exponentially becoming a primary part of the workforce, apps are fast becoming the foundation of such a mobile workforce. Organizations are utilizing both Store and enterprise apps as a part of their workforce. In the case of Store apps, you need to have the Apple ID present on the device whereas enterprise apps are in-house apps that are not available for public download. The former becomes an issue in the case of corporate devices/shared devices whereby you wouldn't want the employee's (personal) Apple ID to be used, which can also enable Activation Lock. With such constraints, you would ideally want the apps to be installed without the Apple ID or user dependency of any sort. Apps with a size greater than 200 MB are silently installed only when the devices are connected to a Wi-Fi and not Cellular Data.

MDM integrates with Apple Business Manager (formerly known as Apple Volume Purchase Program), which lets you silently install/update/delete apps as well as manage licenses of these apps. In the case of educational institutions, you can integrate MDM with Apple School Manager (ASM).

Note: Click here for the steps to migrate from VPP to ABM.

Pre-requisites

  • Devices must be running iOS 9.0 or later
  • Devices must be Supervised

Steps

To install App Store apps without Apple ID:

  • To integrate Apple Business Manager with MDM, you need to download a server token from the ABM portal. Login to the ABM portal and click on Settings.
  • Select Apps and Books and download the token present against the ABM account, which is to be used in MDM.
  • Now, on the MDM server, click on Device Mgmt from the top menu and select App Repository from the left pane.
  • Click on Apple App Distribution and select Configure apps for business.
  • Upload the token downloaded from the ABM portal and also ensure the App Installation Type is set as Without Apple ID.
  • As the uploaded token expires every year, MDM notifies you before the token expiry after which the token needs to be renewed.
  • Once the token has been uploaded, all apps previously purchased gets automatically added to MDM.
  • To purchase an app, go to the ABM portal, click on Settings and select Apps and Books.
  • Search for the app you want to purchase and select it. Ensure the app is listed as device assignable. This is mandatory for silent app installation.
  • Once done, specify the number of licenses you want to purchase as well as the account to which the licenses must be added to.
  • After purchase, go to MDM server, click on Device Mgmt and select App Repository from the left pane.
  • Click on Sync Apps and select Sync ABM apps, to manually sync the apps. The apps usually are synced every day by the MDM server.
  • Click on the synced app and you can view the licenses purchased as well as those licenses which have been used for installation.

To install Enterprise Apps:

Note: As you do not require an ABM account to install enterprise apps, you can install them without an Apple ID.

  • On the MDM Server, click on Device Mgmt and select App Repository on the left pane.
  • Click on Add App and select Apple Enterprise App.
  • Provide the Source File(.ipa) and specify the relevant details wherever needed.
  • Click on Save, to add the app to the App Repository.

Distributing and installing apps without the Apple ID

  • On the MDM server, click on Device Mgmt and select Groups and Devices.
  • Select the devices or groups to which the app(s) need to be distributed.
  • Click on Action and select Distribute Apps from the dropdown.
  • After selecting the apps, ensure the Installation Type is set to Silent Installation.

The apps get installed without any user intervention, irrespective of whether an Apple ID is present in the device or not.

Migrating non-ABM apps to ABM apps

If you want to have apps previously added to the App Repository to be installed silently (without Apple ID), follow the steps below:

  • Assume the app has already been distributed to 5 devices, purchasing 5 licenses lets you migrate the apps from Non-ABM to ABM. If you want to distribute the app to more devices, you can do so by purchasing additional app licenses.
  • Now go to the MDM server, click on Device Mgmt and select App Repository from the left pane.
  • Click on Sync Apps and select the option Sync ABM apps from the dropdown.

These apps can now be installed without using Apple ID as they've been migrated from non-ABM apps to ABM apps.

Scenarios

This section explains what happens when different apps are distributed by enabling the option Install Automatically.

  • When an app is distributed to devices without integrating with ABM: The user will be prompted to enter his Apple ID and then shown a prompt before the installation is initiated, even if the device is supervised.
  • When an ABM app is distributed to unsupervised devices: The user will be prompted that the organization is distributing apps to the device and they can choose to allow the installation. immediately or manually perform it later from the app catalog. They will not be asked to enter their Apple ID to initiate the app installation.
  • When an ABM app is distributed to supervised devices: The app will be distributed to the devices without the Apple ID or app installation prompts.