Why is Apple DEP and VPP migrating to ASM and ABM ?

Jayden Traoré

Mar 22, 2020

8 min read

Apple’s Device Enrolment Program (DEP) and Volume Purchase Program (VPP) are the management programs by the company to assist enterprises in managing their devices, apps and their functionalities with ease. They are mostly used in conjunction with Mobile Device Management (MDM) software packages to effortlessly enrol iOS, macOS and tvOS devices, manage app licenses, distribute and purchase apps etc. Here let’s delve a little deeper into these programs and learn why they got replaced by ASM (Apple School Manager) and ABM (Apple Business Manager).

What is Apple Volume Purchase Program (VPP)?

The Volume Purchase Program was launched by Apple in the year 2011. VPP is a specialized service that aids business firms and other organizations, small and large alike, to purchase iOS/macOS app licenses en mass and then allocate the apps to multiple users or specific devices. Most enterprise apps can thus be managed using VPP. When used in conjunction with an MDM software, VPP makes the distribution of apps effortless and serves as an easier way for businesses to procure apps. Any enterprise is free to join Apple VPP, save the licensing fee required. Basically, VPP is a custom app store that grants approved users the provision to purchase, manage and distribute apps as well as books.

What VPP has to offer?

Features inherent to VPP include the following:

  • Volume purchase and management of Apple IDs: VPP makes the purchase and management of a huge number of apps in bulk seem quite simple. After an organization’s VPP enrolment request is approved, it can create multiple admin accounts. These approved administrators can purchase app licenses as and when required, on behalf of the organization. Thus, it is ensured that none of these purchases are linked to a specific employee’s ID but under a single master account which is the VPP account.
  • Managed distribution: Using managed distribution, organizations can distribute licenses using VPP, either to users or iOS and macOS devices. These licenses can also be revoked and redistributed if needed. A Mobile Device Management solution is required for implementing this method. The two types of Managed Distribution are as follows:
    • Device-based assignment: Here, app licenses are distributed to each device separately by making use of serial numbers. Since a separate license is given to each device, it is made sure that the app remains on the device irrespective of the Apple ID being used.
    • User-based assignment: Here, app licenses are allocated to specific users based on their Apple IDs. The licenses thus issued can be used on all devices on which, the user’s Apple ID is being used. This method is primarily useful in the context of one-to-one computing.
  • Redeemable codes: Licenses can also be distributed using redeemable codes. Here, users can claim the license when they redeem these codes. A code can only be retrieved once using an Apple ID. The ID which redeems the code gets assigned as the permanent owner of the content being distributed, be it apps/licenses/books.
  • Customization and distribution of B2B (business to business) apps for iOS: The VPP store lets users acquire custom apps from the VPP store. Third-party developers can be approached to develop apps tailor-made for specific requirements of the organizations and after having been approved by Apple, these apps could be made available to specific customers enrolled in VPP.
  • Multiple payment options: Multiple payment options are available for the apps purchased from the VPP store. A purchase order can be used to acquire VPP credits which can be redeemed on the VPP store. A credit card can also be used to complete the transaction.
  • Multinational Distribution: VPP apps can be distributed to users/devices in any of the countries in which the apps are made available by developers. The list of countries in which the Volume Purchase Program is available can be found here.

What is Apple Device Enrolment Program (DEP)?

The Device Enrolment Program was launched in 2014. It is an online service to help enterprises to mitigate the complexities encountered while using and configuring newly purchased corporate-owned iOS/macOS/tvOS devices. Using DEP, the number of steps required to configure new devices could be reduced thereby simplifying the whole process of device enrolment. This program is typically used in unison with Mobile Device Management solutions and it ensures that bulk and zero-touch enrolment of devices alongside device supervision are efficiently carried out. While setting up devices, certain setup screens can also be skipped and these prompts for the fast utilization of devices as soon as they are unboxed.

What DEP has to offer?

The primary features of the program include:

  • Lockable and pre-programmed enrolment using MDM: All Apple devices added to Device Enrolment Program are computerized to get enrolled in MDM. The devices also get locked in MDM. This sees to it that devices are configured as per the requirements of the organization.
  • Wireless supervision: Supervision of Apple devices permits the use of advanced restrictions and policies which are otherwise inaccessible. While using DEP, supervised device administration is wirelessly enabled during the initial device setup process.
  • Zero-touch enrolment: With DEP, bulk enrolment and subsequent configurations of Apple devices have become facile. Once the newly purchased devices are unboxed and activated, they are ready to be configured and used. This happens over the air and hence eliminates the need for any manual contact with devices.
  • Efficient setup assistant: While using DEP and an MDM solution during the device activation phase, the built-in setup assistant comes into play in order to make the process easier. It allows users to choose only those setup tabs which they need to configure and lets users to skip the remaining tabs.
  • Manual device enrolment: A provision to manually enrol the devices is also made available in DEP. Once the device gets enrolled and activated, a provisional period of 30 days commences and within the period, users are free to remove their devices from the MDM.

Farewell Apple VPP and DEP!

In the present-day scenario, “change” has become a constant in the realm of technology. As the old saying goes, ‘All good things must come to an end’. After having served umpteen organizations for a long time, VPP and DEP bid adieu and have now become a thing of the past. Apple had announced superior replacements for these device management programs not long ago.
It is to be noted that during the DEP registration and MDM enrolment process, devices are identified solely based on their serial numbers and this could prove to be a security issue if attackers find a way around this authentication.

Welcome aboard ASM and ABM

As time progressed, all purposes served separately by Apple VPP and DEP could be found under a unified platform. Apple School Manager (ASM) came into the picture first in the year 2016, followed closely by Apple Business Manager (ABM) in 2018.

Apple School Manager (ASM)

Apple School Manager is an online portal that combines features of both Apple VPP and DEP alongside some novel features of its own. As the name suggests, it is an educational service platform mostly made use of by schools and educational institutions. It is a handy tool for the IT administrators since it aids in the remote deployment of Apple devices in schools. It comes with provisions to configure device settings and, also makes it possible for the administrators to buy and distribute apps/books.

ASM is integrated with Student Information System (SIS) and Secure File Transfer Protocol (SFTP) and this facilitates the ease with which schools can create accounts for users (students, teachers, staff) based on their registers. When combined with any of the MDM solutions, ASM is capable of automating device enrolment, goes hand in hand with Apple’s Classroom app and, also gets enabled to share data with the Apple TV platform.

Apple Business Manager (ABM)

Apple Business Manager is a centralized dashboard analogous to ASM and primarily finds its use in the business arena. This web portal works effectively with an MDM solution and makes enrolment of devices quite easy. Features of both DEP and VPP are integrated into ABM thereby making deployment of content and allocation of administrative rights totally straightforward. An in-depth explanation regarding the features of ABM can be found here.

Though ABM and ASM are equipped with features to make device management a plain sailing, they alone are not enough. They need to be integrated with an MDM solution in order to implement their proper functionalities. Apart from having inherited features from both Apple VPP and DEP, one important trait of ASM and ABM is the implementation of Managed Apple ID.

The use of Managed Apple IDs redeems the shortcomings of using a personal ID for business-related purposes. These IDs can be managed either by ASM/ABM. Users with administrative rights can handle these managed IDs and hence this feature makes content sharing and app purchases wholly hassle-free. This service also grants shared access to company accounts and supports user-based enrolments. Business owned iCloud services can also be accessed using Managed IDs.

Jayden Traoré

Product Evangelist @ Hexnode. Sometimes, I have the feeling I live in a story: a magnificent story written by a mediocre writer living off coffee and technology.

Share your thoughts