Apple VPP Apps

Apple VPP stands for Apple Volume Purchase Program. It is a program offered by Apple that allows businesses and educational institutions to purchase, distribute, and manage Apple Store apps and books in bulk for their employees or students. Through this, organizations can distribute Apple Store apps and books directly to managed Apple devices or authorized users, and keep track of what content has been assigned to which user or device.

To participate in the VPP, organizations need to enroll in the program. Once enrolled, they can purchase apps and other content through the Apple Business Manager or Apple School Manager portal.

BigFix MCM and BigFix Mobile are integrated with the Apps and Books (VPP) capabilities in Apple Business Manager to deliver:

  • Custom apps
  • Apple Appstore apps
  • Company licensed Appstore apps
Note: For a user enrollment, the only way to deliver apps to the device through MDM is via the Volume Purchase Program (VPP).

VPP token

A VPP token, also known as a Volume Purchase Program token, is a unique identifier that is used to connect an organization's MDM server to Apple Business Manager or Apple School Manager. The VPP token is required for the MDM Server to communicate with Apple Business Manager for VPP operations to allocate and release licenses when managing VPP app deployment.

The VPP token is used to authenticate the organization's account when purchasing apps and other content through the VPP. When the organization purchases apps or content, the VPP token is used to tie the purchase to the organization's account. This allows the organization to manage and distribute the purchased content to their employees or students.

It is important to keep the VPP token secure, as it provides access to the organization's VPP account and the ability to purchase apps and content in bulk. If the token is lost or compromised, it should be revoked, and a new token should be generated.

A VPP token is required to communicate with Apple Business Manager to exchange information on purchased apps and any custom apps supported by Apple Business Manager. This token must be available in the MDM Server, and used in all communications between MDM server and ABM.

  • Both free and for-fee applications can be assigned/delivered in this way

  • VPP provides an app delivery mechanism for user-enrolled (BYOD) Apple devices.

How to download VPP token from ABM

To obtain a VPP token, an organization needs to enroll in the Apple Volume Purchase Program (VPP) through either the Apple Business Manager or Apple School Manager portal. Here are the steps to obtain a VPP token:
  1. Go to the Apple Business Manager or Apple School Manager portal (depending on whether you are a business or educational institution).
  2. Log in using your Apple ID and password.
  3. Click on "Settings" in the sidebar.
  4. Click on "Apps and Books".
  5. Click on "Volume Purchase Program".
  6. Click on "Enroll" and follow the prompts to complete the enrollment process.
  7. When prompted, create a VPP token. This token will be a unique alphanumeric code that identifies your organization in the VPP program.
  8. Download and store the VPP token securely.

You can then upload the VPP token to WebUI through the “Toggle VPP" option under Enabling the Apple Volume Purchase Program in the MCM Admin menu.

Apple VPP work flow

Following is the work flow to enable VPP functionality and distribute apps to managed Apple devices:
  1. Download VPP token.
    Note: You need to have an Apple Business Manager account to log in and download the VPP token.
  2. Enable Enabling the Apple Volume Purchase Program functionality through WebUI.
  3. Synchronize the VPP apps from App Catalog by clicking VPP Synch Now.
  4. Create an Appstore App Policy including the VPP apps in the policy.
  5. Add the App policy to a Policy Groups and deploy as necessary.

Unassign VPP licenses on unenroll

If a VPP or Custom app has been deployed on an endpoint, when the device is unenrolled from MCM, any licenses that were allocated are automatically freed up by the MDM server for re-use.