Showing results for 
Search instead for 
Did you mean: 

Apple VPP Software Update

Novitiate I

So I found out today that some of the applications pushed to our org Macs were out of date between 6 months to a year. I first tried to do a manual update on my Mac and encountered an error due to the Apple ID used in my Mac and the Apple ID used in getting the software through Apple VPP is not the same. 

I tried looking at the Software Management and policies, and there isn't anything I can do. I also tried to update through command lines but it seems like it cannot detect apps that is installed through MDM. 

How is software update for software purchased through Apple VPP handled in JumpCloud?

Note: I also have got a support ticket open with JumpCloud, waiting for their response. 


Novitiate I

Update: In order to update the software in the scenario, just go to software management and under status, click on retry. It will push out the latest update to the managed devices. Kinda manual way. 

Novitiate I

Hey GuangMing, bummer to hear about your software update hassle. Dealing with Apple VPP quirks can be a headache. I've been down that road, and here's a workaround that might help in JumpCloud.

So, the snag with mismatched Apple IDs can be a pain, but one trick is to sign out and back in with the correct Apple ID on your Mac. It sometimes kicks the update process into gear.

For the MDM, the command line struggle is real. I usually use 'software update' combined with '--ignore' and '--reset-ignored' flags to nudge things along. But yeah, it can be hit or miss. You may need help here: 

Now, for JumpCloud – good move with the support ticket. Those folks are usually on the ball. Meanwhile, keep an eye on your Software Policies in JumpCloud, and sometimes just toggling things there can jolt the system into recognizing updates.

Rising Star I

The way the JC team has explained to me in the past, is that the best way to update VPP apps is to go one by one and remove each app from the device or device group(s) and then re-bind the app to these devices/device groups.  If you only have a few groups then it's not too hard if you have 5-10 VPP apps, but can definitely be clunky with more apps, device groups, and solo devices.

Hoping there is a more fluid way to do this with software management/patch management in the near future which it looks like it is on the roadmap but the question is how far out is it?  Having this set to auto update would be great or have something like jamf with it defaulting to auto update but having the manual "approved by admin" option too.

Also hoping there is a better way for custom apps/packages and updating via patch management in the future for Macs.  Currently anytime we have someone auth/enroll in Zero Touch during first time setup, it binds that device to zero touch device group but we have to make sure that all the custom packages if it's a dynamic link (aka url doesn't change but the app version that downloads does change but is the same download/url filename) then chrome for example won't install on the zero touch device until an admin goes to software management and the custom package/app and cuts the url and pastes it and clicks save/re-validate and then it works.  I wish the validation could have a schedule option to re-validate etc.  Of course you could self host packages and per app version so it's static and always works but why not automate this process if you want things like chrome that aren't in the app store or zoom, etc to "auto update/validate" since it's the same URL regardless of new version(s).