1a9b8ca6b2
Added managed app configuration section for Android, and included example configuration for Google Chrome. Updated instructions for editing and deleting apps. I believe it doesn't make sense to provide step-by-step instructions since editing and deleting are separate actions that are unlikely to be performed together. --------- Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
6 KiB
Install app store apps
Available in Fleet Premium
In Fleet, you can install Apple App Store apps on your macOS, iOS, and iPadOS hosts, including custom apps.
You can also manage which Google Play Store apps are available for self-service in your end user's Android work profiles. Google only allows free Google Play Store apps. Paid apps aren't supported.
Add an app
Apple (VPP)
Before using Fleet to manage VPP apps, you must first turn on Apple MDM and Apple's Volume Purchasing Program (VPP). Once you've completed that setup, you can follow the directions below for each app.
-
Purchase the relevant app through Apple Business Manager (ABM). You must perform this step even if the app is free, or if it is a custom app you own. Learn how in Apple's documentation.
-
In Fleet, head to the Software page and select a team in the teams dropdown.
-
Select Add software > App store, then select the app you just purchased.
Currently, Fleet only supports Apple App Store apps from the United States (US) region. If the app is listed on the Apple App Store and it has
/usin the URL (e.g. https://apps.apple.com/us/app/slack/id618783545) then it's supported.
Google Play (Android)
Before using Fleet to manage Google Play Store apps, you must first turn on Android MDM. Once you've completed that setup, you can follow the directions below for each app.
-
Head to the Google Play Store, find the app, and copy the ID at the end of the URL (e.g. "com.android.chrome")
-
In Fleet, head to the Software page and select a team in the teams dropdown.
-
Select Add software > App store, choose the Android platform, then enter the application ID.
Edit or delete the app
Go to the Software page, select a team, and select the app you want to edit or delete.
To delete the app, select the Trash icon next to the app details.
To make the app available in self-service or to edit categories, target scope, or configuration, select Actions > Edit software.
To edit the app icon and display name, select Actions > Edit appearance. This applies only to software available for install. The changes will appear on the software list and details pages for the team where the app is added, as well as on self-service. By default, Fleet uses the name provided by osquery.
Install an app
Apple (VPP)
Apps can be installed manually on each host's Host details page. For macOS apps, apps can also be installed via self-service on the end user's Fleet Desktop > My device page or automatically via policy automation.
Currently, Apple App Store (VPP) apps can't be uninstalled via Fleet.
If the install fails with ErrorCode 301 and a LocalizedDescription of "Invalid Status Code The response has an invalid status code" it may be because the app has a minimum OS version higher than what the targeted host is running.
To find the minimum OS version for the app, visit the App Store, find the app, scroll to the bottom, and look for Compatibility under Information.
Google Play (Android)
Android apps can be installed via self-service in the end user's managed Google Play Store (work profile).
Configuration
Currently, editing configuration is only supported for Android apps only. And, currently, only the managedConfiguration and workProfileWidgets options from ApplicationPolicy - Android Management API are supported.
managedConfiguration supports any option provided by the app's developer. Each app supports different options. To find the supported options, check the app documentation.
Example (GlobalProtect)
This configuration makes it so the end user won't have to type the portal hostname the first time they open GlobalProtect. It also disables "always on VPN," meaning GlobalProtect won’t automatically connect when the host is online. The end user has to tap Connect.
{
"managedConfiguration": {
"portal": "example.portal.com",
"connect_method": "on-demand"
}
}
Options for GlobalProtect can be found in their documentation.
Example (Google Calendar)
This configuration allows end users to add widgets from the Google Calendar in their work profile to their home screen.
{
"workProfileWidgets": "WORK_PROFILE_WIDGETS_ALLOWED"
}
API and GitOps
Fleet also provides a REST API for managing app store apps programmatically. Learn more in the API reference docs.
To manage App Store apps using Fleet's best practice GitOps, check out the app_store_apps key in the GitOps reference documentation.