diff --git a/server/datastore/mysql/vpp.go b/server/datastore/mysql/vpp.go
index 8552a08fcb..95bb6b3fb3 100644
--- a/server/datastore/mysql/vpp.go
+++ b/server/datastore/mysql/vpp.go
@@ -1746,9 +1746,6 @@ AND hvsi.verification_failed_at IS NULL
 
 	var result []*fleet.HostVPPSoftwareInstall
 	if err := sqlx.SelectContext(ctx, ds.reader(ctx), &result, stmt, hostUUID); err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, notFound("HostVPPSoftwareInstall")
-		}
 		return nil, ctxerr.Wrap(ctx, err, "get unverified VPP installs for host")
 	}
 
diff --git a/server/datastore/mysql/vpp_test.go b/server/datastore/mysql/vpp_test.go
index e4235b3680..b09c6ca83a 100644
--- a/server/datastore/mysql/vpp_test.go
+++ b/server/datastore/mysql/vpp_test.go
@@ -37,6 +37,7 @@ func TestVPP(t *testing.T) {
 		{"DeleteVPPAssignedToPolicy", testDeleteVPPAssignedToPolicy},
 		{"TestVPPTokenTeamAssignment", testVPPTokenTeamAssignment},
 		{"TestGetAllVPPApps", testGetAllVPPApps},
+		{"TestGetUnverifiedVPPInstallsForHost", testGetUnverifiedVPPInstallsForHost},
 	}
 
 	for _, c := range cases {
@@ -1959,3 +1960,73 @@ func testGetAllVPPApps(t *testing.T, ds *Datastore) {
 
 	require.Equal(t, apps, []*fleet.VPPApp{app1, app2, app3})
 }
+
+func testGetUnverifiedVPPInstallsForHost(t *testing.T, ds *Datastore) {
+	ctx := context.Background()
+
+	test.CreateInsertGlobalVPPToken(t, ds)
+
+	va1, err := ds.InsertVPPAppWithTeam(ctx, &fleet.VPPApp{
+		Name: "vpp1", BundleIdentifier: "com.app.vpp1",
+		VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_app_1", Platform: fleet.MacOSPlatform}},
+	}, nil)
+	require.NoError(t, err)
+	vpp1 := va1.VPPAppID
+
+	va2, err := ds.InsertVPPAppWithTeam(ctx, &fleet.VPPApp{
+		Name: "vpp2", BundleIdentifier: "com.app.vpp2",
+		VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_app_2", Platform: fleet.MacOSPlatform}},
+	}, nil)
+	require.NoError(t, err)
+	vpp2 := va2.VPPAppID
+
+	va3, err := ds.InsertVPPAppWithTeam(ctx, &fleet.VPPApp{
+		Name: "vpp3", BundleIdentifier: "com.app.vpp3",
+		VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_app_3", Platform: fleet.MacOSPlatform}},
+	}, nil)
+	require.NoError(t, err)
+	vpp3 := va3.VPPAppID
+
+	h1, err := ds.NewHost(ctx, &fleet.Host{
+		Hostname:       "macos-test-1",
+		OsqueryHostID:  ptr.String("osquery-macos-1"),
+		NodeKey:        ptr.String("node-key-macos-1"),
+		UUID:           uuid.NewString(),
+		Platform:       "darwin",
+		HardwareSerial: "654321a",
+	})
+	require.NoError(t, err)
+	nanoEnroll(t, ds, h1, false)
+
+	cmdUUID1 := createVPPAppInstallRequest(t, ds, h1, vpp1.AdamID, nil)
+	createVPPAppInstallResult(t, ds, h1, cmdUUID1, "Acknowledged")
+
+	cmdUUID2 := createVPPAppInstallRequest(t, ds, h1, vpp2.AdamID, nil)
+	createVPPAppInstallResult(t, ds, h1, cmdUUID2, "Acknowledged")
+
+	cmdUUID3 := createVPPAppInstallRequest(t, ds, h1, vpp3.AdamID, nil)
+	createVPPAppInstallResult(t, ds, h1, cmdUUID3, "Acknowledged")
+
+	for _, step := range []struct {
+		installUUID string
+		before      int
+		after       int
+	}{
+		{installUUID: cmdUUID1, before: 3, after: 2},
+		{installUUID: cmdUUID2, before: 2, after: 1},
+		{installUUID: cmdUUID3, before: 1, after: 0},
+	} {
+
+		x, err := ds.GetUnverifiedVPPInstallsForHost(ctx, h1.UUID)
+		require.NoError(t, err)
+		assert.Len(t, x, step.before)
+
+		err = ds.SetVPPInstallAsVerified(ctx, h1.ID, step.installUUID, fleet.VerifySoftwareInstallCommandUUID())
+		require.NoError(t, err)
+
+		x, err = ds.GetUnverifiedVPPInstallsForHost(ctx, h1.UUID)
+		require.NoError(t, err)
+		assert.Len(t, x, step.after)
+	}
+
+}
diff --git a/server/service/apple_mdm.go b/server/service/apple_mdm.go
index c85ac1e10c..cda3d92f54 100644
--- a/server/service/apple_mdm.go
+++ b/server/service/apple_mdm.go
@@ -3978,14 +3978,14 @@ func NewInstalledApplicationListResultsHandler(
 
 		expectedInstalls, err := ds.GetUnverifiedVPPInstallsForHost(ctx, installedAppResult.HostUUID())
 		if err != nil {
-			if fleet.IsNotFound(err) {
-				// Then something weird happened, so log it and exit (we can't do anything here in this case).
-				level.Warn(logger).Log("msg", "no vpp installs found for verification UUID", "command_uuid", installedAppResult.UUID())
-				return nil
-			}
 			return ctxerr.Wrap(ctx, err, "InstalledApplicationList handler: getting install record")
 		}
 
+		if len(expectedInstalls) == 0 {
+			level.Warn(logger).Log("msg", "no vpp installs found for host", "host_uuid", installedAppResult.HostUUID(), "verification_command_uuid", installedAppResult.UUID())
+			return nil
+		}
+
 		installsByBundleID := map[string]fleet.Software{}
 		for _, install := range installedApps {
 			installsByBundleID[install.BundleIdentifier] = install