.mobileconfig with Managed App Configuration on enrolled devices for Public Unlisted App

Question

Shebuka OP

Created 1d

Replies 1

Boosts 0

Participants 2

Hello,

We are working with an iOS app that is distributed as a Public Unlisted App Store app. Our MDM allows us to import the app by URL, but when added this way, the app is marked as unmanaged in the inventory. Because of that, we cannot assign a Managed App Configuration payload to it in the normal way.

What we are trying to achieve:

Deliver a configuration profile to all enrolled devices before the app is installed.
When the user installs the app from the MDM catalog, the app should immediately see the configuration values.

Questions we’re hoping to clarify:

Is it technically feasible to pre-provision a Managed App Configuration for an app in this scenario, by pushing a .mobileconfig profile to all devices?
If yes, what would be the correct payload format and content of such a .mobileconfig file?

We’ve tested a profile format we found here that uses com.apple.managed-app-config PayloadType and a ManagedAppConfiguration key with the bundle ID nested inside, but iOS reports this as “payload not recognized.” From what we understand, that may not be part of Apple’s schema.

Any guidance from Apple or the community on whether this use case is possible (and, if so, what the valid profile format should look like) would be very helpful.

Note: For a complicated company policy, at the moment we are not able to participate in ABM.

Thanks in advance!

Boost

Answer 1

Device Management Engineer OP

Apple

21h

There's three systems for configuring a managed app: The new declarative app configuration, the legacy managed app config, and managed preferences (macOS only). The first two cannot be set by a configuration profile (a .mobileconfig file). All three systems can ensure the app has admin-specified configuration available before it is launched for the first time. It's up to the app developer to tell you which system(s) the app supports and how to configure the app.

Our MDM allows us to import the app by URL, but when added this way, the app is marked as unmanaged in the inventory.

On first impression that seems like an issue with your device management service. If it is triggering installation of the app, the app should be managed. I think you need to resolve that issue first.

what the valid profile format should look like

Most device management services support the legacy managed app config, and some of them are adding support for declarative app configuration. They should provide an admin interface for specifying the configuration for the app and format the MDM command or DDM declarations appropriately. The format of the configuration itself is up to the app developer, so they need to document what keys and values to put in the configuration.

Note: For a complicated company policy, at the moment we are not able to participate in ABM.

You do not need an Apple Business Manager account in order to configure managed apps. All the methods of configuring managed apps are available for all device management enrollment types.

0