Create and Deploy a VPP Software Package to a macOS or iOS Device

Creating and deploying a VPP software package to either a macOS or iOS device is a very simple process within LANDESK Management Suite 2016.3.  See the instructions below or watch the short video vignettes to be off and racing down the VPP software distribution track.

macOS VPP Package Creation and Deployment

  1. Open the LANDESK Management Suite Console
  2. Navigate to the top menu bar, select Tools > Distribution > Distribution Packages.
  3. In the lower left menu tree, highlight My Packages or Public Packages from within the Distribution Packages window
  4. On the Distribution menu bar, press the New Package button and select Macintosh > Macintosh MDM macmdmbutton
  5. Give the package a name
  6. Press the arrow button surrounded by the blue circle next to your Token alias mdmpackagecreation
  7. Highlight the desired VPP app and hit the Select button – note only macOS apps will display in this window mdmpackage
  8. Save the package
  9. Right click on the resultant package and select Create Scheduled Task(s)…
  10. Add one or more macOS devices that have been enrolled with MDM
  11. Start the task


iOS VPP Package Creation and Deployment

The iOS package creation is nearly identical, so I won’t include screenshots in these steps.

  1. Open the LANDESK Management Suite Console
  2. Navigate to the top menu bar, select Tools > Distribution > Distribution Packages.
  3. In the lower left menu tree, highlight My Packages or Public Packages from within the Distribution Packages window
  4. On the Distribution menu bar, press the New Package button and select Mobile > iOS
  5. Give the package a name
  6. Select the VPP radio button in the right hand pane, select the appropriate token alias if you have more than one VPP token and then click the arrow within the blue circle
  7. Press the arrow button surrounded by the blue circle next to your Token alias
  8. Highlight the desired VPP app and hit the Select button – note only iOS apps will display in this window
  9. Save the package
  10. Right click on the resultant package and select Create Scheduled Task(s)…
  11. Add one or more iOS devices that have been enrolled with MDM
  12. Start the task

How To Enroll into LANDESK Management Suite’s MDM for both iOS and macOS

As mentioned in my previous post, LANDESK announced their 2016.3 release for Management Suite and with it comes the ability to completely manage macOS and iOS via via an MDM profile.  If you’re lucky enough to have all of your macOS and iOS devices participating in Apple’s DEP, getting the devices enrolled into the LANDESK Management Suite server will be pretty straight forward.  In a later blog post, I’ll cover how to configure DEP within LANDESK

If you’re asking how you place your devices into Apple’s DEP, it may be too late.  As discussed in Apple’s DEP FAQ, in order for a device to be enrolled into the DEP program, it’ll need to be purchased directly from Apple or from an authorized DEP reseller. Which means it’s likely that ship has already sailed for you.

Alas, all is not lost.  You can manually enroll any device into LANDESK, whether or not it’s participating in Apple’s DEP program.

Before you get started, make sure you have all of the architecture pieces in place as outlined here.  Also, if your Macs already have a LANDESK agent installed, at this time, do not place an additional MDM profile on it as well.

macOS Enrollment Steps

  1. Download the enrollment app here or get the latest and greatest version from the LANDESK Community and install it on the desired Macs.  In the future, we will place the enrollment app in the ldlogon/mac directory and possibly even have it available on the Mac App Store if Apple permits it.
  2. Enter a valid Active Directory user account and password.  If you’ve properly configured the DNS TXT entry, it should automatically discover the server URL.  If the enrollment app prompts for a server, enter “fully.qualified.cloudserviceappliancename/coreservername” enrollment-screen
  3. Enter an administrative username and password on the local Mac

iOS Enrollment Steps

  1. Download the LANDESK enrollment app from the iTunes store
  2. Enter a valid Active Directory user account and password.  If you’ve properly configured the DNS TXT entry, it should automatically discover the server URL.  If the enrollment app prompts for a server, enter “fully.qualified.cloudserviceappliancename/coreservername” img_0002



How to Add Apps to Launchpad inside of iOS Workspaces


The Launchpad feature inside of Workspaces for iOS can handle much more than just URL links, however, this process has not been documented and is a bit rough around the edges when it comes to the usability. Nevertheless, by adding the deep link path or URI information into the launch path of an app, once installed on the mobile device, Launchpad will display a tile for the app and if you’re lucky (dependent on the app vendor) an icon associated to the app.

In the screenshot of Workspaces below, I have created a deep link to the app Evernote, Hootsuite, LetMobile, iOS Mail, Salesforce1 and Twitter. I also have standard links to the LANDESK Community and one other site. If I were to click on Salesforce1, it would initially prompt me to allow (this only takes place the first time), and then open up into Salesforce1. However, because it was launched from Workspaces, you’ll see at the top left of Salesforce1 there is a link back to LANDESK.
As such, using this method, one could theoretically create a whitelist of approved apps and links, put an iOS device in supervised mode and only allow Workspaces to run. So doing would allow the admin complete control over the device and what is allowable to execute.


Mobile Deep Linking

Mobile deep linking consists of using a hyperlink that links to a specific piece of content within an app or to just the app itself. For example, the deep link for Twitter is twitter://. Putting twitter:// into the launch path will open the app Twitter to it’s default home page. However, if you add twitter://timeline it will open up the app to the timeline feature. This deep link needs to be added to the Launch path section of the iOS software payload. For more in deep linking, see: Mobile deep linking – Wikipedia, the free encyclopedia

Configuring AOD for Deep Linking

Setting up a software package to be deep linked is quite simple. All you need to do is put the deep link into the Launch path on the software payload for the app. See the screenshot below for Hootsuite. However, if the app you’re trying to deep link is included within iOS, such as iOS Mail, you’ll need to use a Link Payload inside of AOD under the iOS and Android section.

Figuring out what the deep link is for a given app is going to require some patience as they’re not always published and not exactly obvious. You’ll need to employ a “try and see” approach or maybe even contact the vendor. In my limited testing, I was not able to discover Cisco AnyConnect or Cisco WebEx. As a tip, I would attempt to find the URI by searching for the name of the app combined with iOS to pull up the itunes web link. That web link will contain the app’s full name as well as the ID. I would take that full name and attempt to combine words to discover what the URI might be. This helped me figure out that 1Password’s URI is onepassword:// and not 1password://.

The deep links I’m aware of are:

  • 1Password – onepassword://
  • Audible – audible://
  • Apple Mail – message:// (this needs to be created as a Link package inside of AOD for iOS and Android and not a software package)
  • Ebay – ebay://
  • Evernote – evernote://
  • Facebook – fb://
  • Hootsuite – hootsuite://
  • LetMobile – letmobile://
  • Twitter – twitter://
  • Salesforce 1 – salesforce1://
  • Strava – strava://
  • YouTube – YouTube://

Frustrations in the Sky…Why So Many Plugins and Restrictions to Watch a Movie?

Flying is something I do a lot.  Having spent as much time on the road as I have, I’m accustomed to the frustrations that take place with all of the questions one goes through in order to prepare for travel.   Thankfully, I have the “rituals” in place to be able to travel without frustrations…at least for the frustrations that are in my control.  No longer do I have to mentally spend effort and time on:

  • When do I need to leave for the airport?
  • Which route should I take to avoid traffic?
  • Long term or short term parking?
  • Will the security line make me miss my flight? (Thanks TSA Pre√ )
  • Will the liquids in my bag flag me for an inspection?
  • Will this belt set off the metal detector?
  • What pre-flight food should I purchase that won’t cause indigestion?
  • Will my carryon bag fit in the overhead bins?
  • Will my seat offer adequate leg room?
  • How do I get to the rental car agency?

So while I fly often, 95% of the time it is for business travel.  When flying for business, while in the air traversing the skies, I’m typically working and preparing for the upcoming meeting or I’ll spend my time catching up from being out of the office.  This week, however, I took a personal flight after standard business hours and due to the craziness leading up to the flight, I was looking forward to pulling out my iPad to relax and watch a movie on Delta Studios. 

As soon as the airplane beeped indicating we’d reached 10,000 feet, I grabbed my iPad Mini 2 ready to browse my movie option list.  Unfortunately, I forgot to install Fly Delta prior to take off, a rookie mistake I think.  Not a huge deal, but on flights that are less than 3 hours, I know that timing is important as you don’t want to be in the last 10 minutes of movie during landing when the flight entertainment is shut off.  It is frustrating, I know.  GoGo did reimburse me on that occasion though, so props to their customer service. 

Knowing I can download it Fly Delta for free, without having to pay for Internet, I launch Safari and browse to I’m quickly whisked away to a page letting me know that my browser is not supported. 

What, why I ask?  I’m using Safari on iOS.  Why would it not be supported?  I look through the supported browser list and the only supported browser for iOS is Safari 5.0 and up.  Well, the perils of being an early adopter bit me.  Apparently in inflight entertainment provided by GoGo or Delta Studios checks for a minimum and maximum version of the browser.  My iPad is on iOS 9 beta, and because of the coding restriction, it’s therefore not supported.

My frustration begins, however, I can see the logic in the decision.  Early adopters for Operating Systems could be purchasing movies and then complaining about their experience when using a browser the vendor has not yet been able to properly evaluate.  Refunds and support costs go up, service experience goes down, etc.  Whatever, I get it. I have options, no big deal. 

I then pull out my phone.  Not exactly the ideal video experience, but I don’t want to use my laptop.  Unfortunately for me, my phone battery was at 36%.  It had been a long day with a lot of phone use, not leaving me with enough battery to watch a movie, so outcomes my MacBook Pro.

Oh no!  Adobe Flash player required. 

GoGo video entertainment requiring flash

Oh no is right!  After the latest exploits in Flash, I purposely removed it from my MacBook

Turns out to watch a movie, Flash is required.  Ugh!  Furthermore, Chrome is not supported so i can’t use the embedded Flash support available via Google Chrome.  Now the frustrations are really starting to mount.  I’m on my third option and what was supposed to be a relaxing time has turned into a lot of troubleshooting and back and forth between devices. 

Reluctantly I decide I’ll install Flash and remove it when the flight is over. Success is imminent.

Or maybe success is not to be had at all!  I guess it’s a good thing I have not ordered popcorn from the flight attendant yet. In addition to needing to install Flash, I also need to install plugin for the GoGo video player.  Now I’m really reluctant to proceed.  With Flash, I understand the risks and I know how to remove it.  In regards to the Widevine Optimizer, I’m clueless and at 30,000 feet and Internet-less, so I can’t do a proper discovery. Widevine Plugin Required

Motivated now by competition and unwilling to let the situation get the best of me, I install a second plugin onto my machine.  My frustration level is at a peak and I’m ready to call the product manager over the inflight entertainment and ask him/her the below: 

  • Where’s the GoGo app to handle all of this for me? 
  • Is there a way to have a one click install to take care of what is needed? 
  • Why use technology that requires so many plugins when people are trying to use this when flying at 30,000 and may be without the Internet? 
  • What are the goals in the future to make the end-user experience more enjoyable?

Anyways, after one more browser restart, it looks as if I’ll be able to watch a movie.  By this point, I’m an hour into the flight, the flight attendant has come and gone which means know movie popcorn and I know full well I won’t be able to finish the movie. 

Why so many plugins and restrictions to watch a movie?

Apple in the Enterprise

Technology’s ability to enhance life has inspired me since childhood. Merging the humanities, the personal side of why a piece of technology is necessary, with the latest in what technology can offer me, is what draws me to Apple. Technology doesn’t succeed based on its technical merits alone, it needs to speak to you at a very individual, and personal level. When it does, that’s when the magic happens.

Unfortunately for many, that magic remains at home, on their desks, while they go to work using a platform that is not their preferred choice.

I was on the phone with someone from a prominent Midwest, US-based firm this week who made the oft repeated statement that ‘Macs don’t belong in the enterprise.’ I laughed, mentioning that I am an Apple champion in the enterprise. He immediately followed up by telling me that all his personal computers are now Macs.

I’ve heard this statement over and over again while traveling the globe for the last 15 years. It amazes me what people will put up with because ‘that’s just how it is.’

It’s 2015 and time to stop perpetuating the idea that Macs don’t belong. I disagree with the entire notion.

If you personally prefer the Windows platform and want to use it, great, use it.  If you don’t prefer Windows and want to use an alternate platform, it’s time to raise your voice.

If you’re in IT and have the ability to influence direction, look at the guys at the top of the organization latter.  Many of the CxOs are now using Macs. It’s definitely time to see what you can do to bring their Macs into the fold.

Like many things in life, a little bit of education and effort will uncover all sorts of new opportunities. It’s a lot easier for IT to say Macs don’t belong than to invest in the effort of delivering cross-platform services.

Now, not all companies restrict the freedom of platform choice. Intuit is one of those companies that is enabling their employees.  I have a good friend who works in their IT department.  He has mentioned to me on a number of occasions the IT department will spent 10 to 20 times the investment in man power to save their end users minutes of time – and supporting Macs is one of those initiatives.

While it’s not easy for their IT department, nor is it the cheapest option, it leads to better moral and the ability to attract better talent.

You may be asking how Intuit or other companies out their like Inuit justify the additional spend.  They’re looking at the bigger picture.  Intuit’s goals of platform freedom and the mantra of empowering the end user has had a significant impact on their culture. Just look at where Intuit sits on the Fortune 100 Best Places to Work. (It’s the 31st spot in 2015 in case you don’t want to google it  Better talent and happier employees drive results.

I’ve worked at LANDESK for over seven years, all the while I’ve been using a Mac for my day-to-day use and I’ve loved it. Best part is, I don’t have to be the guy that has all Macs at home but a PC at work because “it doesn’t belong.”

I get that there are hurdles to overcome to support Macs in the enterprise. Often, it’s simply a lack of time to learn, knowledge to know how and the right tools to get the job done.

So, to combat the “Apple-doesn’t-belong”-notion, it’s time I start being a producer and helping others succeed in managing their Macs in the enterprise.  My goal is to provide some tips and tricks to decrease the time to learn and empower those with know how to provide platform freedom. I’ll primarily be focusing on how Macs can be managed using LANDESK Management Suite, but at times I may highlight other tools as needed.

I’m starting now to be the counter-culture advocate: Macs do belong in the enterprise.  No longer will I just laugh at the IT admin who says ‘Macs don’t belong.’