macOS MDM Does NOT Support VPP App Removal
| Originator: | richard.uurazzle.glaser | ||
| Number: | rdar://33055788 | Date Originated: | 29-Jun-2017 10:25 AM |
| Status: | Open | Resolved: | |
| Product: | Mac App Store | Product Version: | n/a |
| Classification: | Feature (New) | Reproducible: | Always |
Summary: We have come into a situation where we are limited by MDM on MacOS not allowing us to remove VPP software from client machines. I know that this feature is supported on iOS, but is specifically not supported on MacOS as stated in MDM Protocol Reference > MDM Protocol > Requests Types > Managed Applications > paragraph 6 “The macOS MDM client does not support managed applications. However, it does support the parts of the InstallApplication, InstallMedia, and InviteToProgram MDM commands related to VPP enrollment and installation.” Steps to Reproduce: Tested on Mac OS X 10.11, macOS 10.12 and macOS 10.13. Expected Results: Since this supported on iOS and we need to support BYOD of our university population for managed application for macOS like students, staff and faculty. Were we can use criteria defined in the MDM to remove managed VPP applications based on if they no longer a university students, staff or faculty or other options like a application checkout period (i.e. 2 weeks) and then they applications could be legitimately distributed to other users and not breaking assigned VPP licensing. Actual Results: Currently, we can distribute VPP software via MDM and retrieve license, but VPP software is NOT removed on the mac client. Version: n/a Notes: This impacts our university population around 53,000.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Note, the recent WWDC 2017 presentation on "What's New in Device Configuration, Deployment, and Management"...
https://developer.apple.com/videos/play/wwdc2017/304/
Has a slide that appears to be removing MDM capabilities on BYOD devices, but the slide can be interrupted multiple ways. We have confirmed, that Apple is not taking away the ability to install or remove enterprise applications on BYOD devices, but the ability of a MDM to prevent a user of an BYOD device to install or remove software. That is two different things. So, if you are interested macOS support 'managed apps" where you can install AND REMOVE VPP apps please contact Apple and send them feedback.