Distribute macOS PKGs via MDM
Last updated April 19, 2019
SimpleMDM supports the distribution and installation of product archive packages to macOS devices. This article discusses the functionality, why it’s important, what’s required, and includes a video walkthrough.
How Packages are Distributed
SimpleMDM distributes packages using native Apple MDM commands, including the “InstallApplication” command. This means that no SimpleMDM-related client binary is needed on the macOS device to assist with the installation process. Once SimpleMDM has provided the installation command to the device, internal macOS processes are used to properly install the package and run any included scripts.
Why MDM Distribution Is Important
Since a SimpleMDM client is not required on the device, a new level of streamlined macOS deployment process is possible. For instance, a popular deployment methodology includes utilizing Apple DEP, SimpleMDM, and third party solutions like Munki, Puppet, or Chef. This tool stack can initialize, configure, and install software to macOS computers automatically when they are initially unboxed or wiped. You can read more about this in our previous post: Munki Deployment Using Apple DEP and MDM
This methodology also insulates your business processes from the upcoming changes to the macOS filesystem. Specifically, the macOS filesystem will switch from HFS+ to APFS. These changes will break some current imaging and deployment solutions in use today, and could come into effect as early as mid to late 2017 with the release of macOS High Sierra.
Package Requirements
Not all macOS packages are alike. It’s worth noting that macOS has specific requirements for the packages it receives from MDM. If these conditions are not met, the package will fail to install.
The two primary requirements are:
- The package is a product archive. Product archives are typically built using the macOS productbuild command line utility, with a third party package building application, or by the app developer.
- The package is signed. A package may be signed by the app developer. If not, the package can be signed using the macOS pkgbuild command line utility. Only the product archive needs to be signed. Any contained packages may remain unsigned.
Most problems with binary distributions arise because one of these two requirements are not met.
Video Walkthrough
The video below illustrates the ease of distributing macOS packages with SimpleMDM. In this example, we upload a package file to SimpleMDM and manually push it to our device. In a real world deployment, the package would likely be uploaded ahead of time and the device would receive it automatically during MDM enrollment.
Getting Started
MacOS package management is currently available for all SimpleMDM accounts. If you have any questions during the process, feel free to reach out to our support team.
Comments (2)
Leave a Reply
See Why Apple Admins Prefer SimpleMDM
Start My FREE 30-Day Trial NowSee Why Apple Admins Prefer SimpleMDM No strings. No Spam.
Start My 30-Day Free Trial Now
For EU customers. can you guarantee that customer data never leave the EU? Are there server for SimpleMDM which are located within the EU and who will never move or copy customer data to the US?
Hi Zyhlarz- Please refer to our EU Data page for up-to-date information. Feel free to contact support directly if you have any additional questions.