How to install iOS apps silently or without adding an Apple ID? 

Description

Mobile devices are exponentially becoming a primary part of the workforce, apps are fast becoming the foundation of such a mobile workforce. Organizations are utilizing both Store and enterprise apps as a part of their workforce. In case of Store apps, you need to have the Apple ID present on the device and in case of in-house apps, they are not publicly available for download. The former becomes an issue in case of corporate devices/shared devices whereby you wouldn't want the employee's personal Apple ID to be used, which can also enable Activation Lock. With such constraints, you would ideally want the apps to be installed silently without any user intervention as well as no Apple ID on the device.

MDM integrates with Apple Business Manager(formerly known as Apple Volume Purchase Program), which lets you silently install/update/delete apps as well as manage licenses of these apps.  In case of educational institutions, you can integrate MDM with Apple School Manager(ASM).

Pre-requisites

  • Devices must be running iOS 9.0 or later
  • Devices must be Supervised

Steps

Store Apps

  • To integrate Apple Business Manager with MDM, you need to download a server token from the ABM portal. Login to ABM portal and click on Settings.
  • Select Apps and Books and download the token present against the ABM account, which is to be used in MDM.
  • Now, on the MDM server, click on Device Mgmt from the top menu and select App Repository from the left pane.
  • Click on Apple App Distribution and select Configure apps for business.
  • Upload the token downloaded from the ABM portal and also ensure the App Installation Type is set as Without Apple ID.
  • As the uploaded token expires every year, MDM notifies you before the token expiry after which the token needs to be renewed.
  • Once the token has been uploaded, all apps previously purchased gets automatically added to MDM.
  • To purchase an app, go to the ABM portal, click on Settings and select Apps and Books.
  • Search for the app you want to purchase and select it.  Ensure the app is listed as device assignable. This is mandatory for silent app installation.
  • Once done, specify the number of licenses you want to purchase as well as the account to which the licenses must be added to.
  • After purchase, go to MDM server, click on Device Mgmt and select App Repository from the left pane.
  • Click on Sync Apps and select Sync ABM apps, to manually sync the apps. The apps usually are synced every day by the MDM server.
  • Click on the synced app and you can view the licenses purchased as well as those licenses which have been used for installation.

Enterprise Apps

  • On the MDM Server, click on Device Mgmt and select App Repository on the left pane.
  • Click on Add App and select Apple Enterprise App.
  • Provide the Source File(.ipa) and specify the relevant details wherever needed.
  • Click on Save, to add the app to the App Repository.

Distributing and installing apps silently

  • On the MDM server, click on Device Mgmt and select Groups and Devices.
  • Select the devices or groups to which the app(s) need to be distributed. 
  • Click on Action and select Distribute Apps from the dropdown.
  • After selecting the apps, ensure the option App Installation Type is set as Silent Installation.

The apps get installed without any user intervention, irrespective of whether an Apple ID is present in the device or not

Migrating non-ABM apps to ABM apps

In case you want to have apps previously added to the App Repository to be installed silently, follow the steps below:

  • Assume the app has already been distributed to 5 devices, purchasing 5 licenses lets you migrate the apps from Non-ABM to ABM. In case you want to distribute the app to more devices, you can do so by purchasing additional app licenses.
  • Now go to the MDM server, click on Device Mgmt and select App Repository from the left pane.
  • Click on Sync Apps and select the option Sync ABM apps from the dropdown.

These apps can now be installed silently as they've been migrated from non-ABM apps to ABM apps.

Scenarios

This section explains what happens when different apps are distributed by enabling the option Install Automatically.

  • When an app is distributed to devices without integrating with ABM: The user will be prompted to enter his Apple ID and then shown a prompt before the installation is initiated, even if the device is supervised.
  • When an ABM app is distributed to unsupervised devices: The user will be prompted that the organization is distributing apps to the device and they can choose to allow the installation immediately or manually perform it later from the app catalog. They will not be asked to enter their Apple ID to initiate the app installation
  • When an ABM app is distributed to supervised devices: The app will be distributed to the devices without any user interaction