The Apple Volume Purchase Program (VPP) has been incorporated into Apple Business Manager, a platform created for deploying Apple devices and purchasing content such as apps and books in bulk. Consequently, we will now refer to this as Location Token, with VPP considered as legacy. This allows administrators to utilize their Apple Business Manager (ABM) to buy apps and books and distribute them across Apple devices within the organization. In this blog, we will discuss how to generate a token for the VPP program token or Location Token in Apple Business Manager and link it with Microsoft Intune.
Do we need and ABM to deploy apps to Apple devices ?
Technically no, because admins can still deploy apps from the App Store, and LOB apps can be deployed directly using MDM. However, for certain use cases, such as corporate-owned devices with federated accounts, this type of enrollment would require apps to be purchased or added using ABM. This is because when a federated account is used on Apple devices, users will see the option to download apps from the App Store, and these accounts do not have permission to purchase apps from the App Store. Therefore, this is beneficial for admins looking for such use cases.
How does this Work?
Administrators have the ability to add or purchase apps in Apple Business Manager and synchronize the Location token integrated into the MDM tool. This process will seamlessly sync the apps and books acquired through ABM. It also includes the capability to distribute proprietary apps for internal use within your organization.
Microsoft Intune assists in managing apps acquired through this program by:
Downloading and synchronizing location tokens from Apple Business Manager.
Monitoring the number of available and utilized licenses for purchased applications.
Assisting admin with app installations based on the number of licenses you possess.
What is Location Tokens
Location tokens, previously referred to as Volume Purchase Program (VPP) tokens, are volume purchase licenses utilized in Apple Business Manager for license management. Administrators can purchase and link licenses to their authorized location tokens. These tokens are downloaded from Apple Business Manager and uploaded to Microsoft Intune, which allows multiple tokens per tenant. Each token remains valid for one year.
Store apps: Content Managers can purchase both free and paid apps available in the App Store through Apple Business Manager.
Custom Apps: Content Managers can also obtain through Apple Business Manager Custom Apps designed exclusively for your organization. These applications are specifically crafted to meet your organization's unique requirements by developers you collaborate with directly.
Prerequisites
An Apple Business Manager or Apple School Manager account for your organization.
Purchased app licenses assigned to one or more location tokens.
Downloaded location tokens.
Remarks:
A location token can only be used with one device management solution at a time. To use purchased apps with Intune, revoke and remove existing location tokens from other MDM vendors.A location token supports only one Intune tenant at a time; do not reuse it for multiple tenants.Intune syncs location tokens with Apple daily by default, but you can manually sync anytime.After importing the location token to Intune, avoid importing it to other device management solutions to prevent losing license assignments and user records.Let's go through the steps to set up a Location token in Apple Business Manager.
Step 1: Log into Apple Business Manager, navigate to Locations, tap the + sign, enter the required information, and tap on Save.
Step 2: Choose Apps and Books, navigate to Payments and Billing, and click on the Download option located on the right side of your designated location. In my situation, I named the location Intune App Token, and save that on your device as the token will be needed in the following steps.
Step 3: Log in to the Microsoft Intune Admin Center at https://intune.microsoft.com. Navigate to Tenant administration and select Apple VPP token under Connectors and tokens, then click on Create. Enter a name for the token and use the Apple ID used to sign in to Apple Business Manager. Select the token stored in the previous step and choose the other options according to your requirements.
Take Control of token from another MDM : Setting this option to yes allows the token to be moved to Intune from a different MDM solution.
Contry/Region: Choose the VPP country/region. Intune synchronizes VPP apps for all locales from the selected VPP country/region.
Type of VPP account - Choose from Business or Education.
Automatic app updates - Choose between 'Yes' and 'No' to enable automatic updates. When enabled, Intune detects VPP app updates in the app store and automatically pushes them to the device when the device checks in.
Step 4: Verify the selected settings and tap on create. You can check the token status under iOS Volume-Purchased Program Token, and if the status is Active, it means the connection is established.
Conclusion
In summary, establishing a Volume Purchase Program (VPP) or Location Token in Apple Business Manager and integrating it with Microsoft Intune is essential for effective app management within an organization. By adhering to the specified steps, administrators can ensure the smooth deployment and distribution of apps on Apple devices. This integration not only streamlines license management but also boosts the overall productivity and security of the organization's mobile ecosystem. Remain proactive in managing your tokens and regularly check their status to ensure smooth operations. To learn how to renew the token, read How to Renew Apple VPP Token in Intune