Skip to main content
Matrix42 Self-Service Help Center

Apple Deployment Programs II: Configure Deployment Programs

Configure Business Manager Basics

Before you start here you should have completed the chapter Apple Deployment Programs I: Sign up for Apple Business Manager

Add Admin Accounts

  • Login to your Apple Business Manager 
  • Navigate to Users
  • Click +Add
  • Add the following information
    • First Name
    • Middle Name (optional)
    • Last Name
    • Username for Managed Apple ID
    • Choose a Role (The Organization will be filled automatically with your Master Location)
    • Email Address 
  • Click Save

Add Reseller Numbers

  • Click on the bottom left on your account
  • Select Preferences
  • Select MDM Server Assignment
  • Next to Customer Numbers press Edit
  • Add a DEP Reseller ID or Apple Customer Number
  • Add additional DEP Reseller IDs or Apple Customer Numbers if necessary
  • Click Done

Add Device Enrollment & Volume Purchase Program

Apple Business Manager combines Device Enrollment Program and Volume Purchase Program in one console. Depending on your preferences configure either Device Enrollment Program or Volume Purchase Program or both. Both has a part that needs to be done in Business Manager and a part for Silverback. 

Device Enrollment Program

Apple's Device Enrollment Profile (DEP) program automates mobile device management (MDM) enrollment. Using DEP, you can configure enterprise devices without touching them. To configure the Device Enrollment Program we will need to create a public key, add your Silverback Server in Apple Business Manager and import the trusted server token into Silverback. For the connection and usage to the Device Enrollment Program, an Apple Push Notification Certificate is required. 

Create your DEP Token

With Silverback 21.0 Update 1 the token creation process has been simplified and is displayed in the following guidance. For older Silverback Versions please refer to the following Knowledge Base Articles: Device Enrollment Program Token creation on Windows or macOS

  • Open your Silverback Management Console
  • Login as Administrator
  • Navigate to Admin
  • Navigate to Device Enrollment Program
  • Click Enabled
  • Click Download Public Key
  • A download of the Public Key File will start: SB_MDM_Public_Key.pem

Upload Public Key

  • Login to Apple Business Manager
  • Click on the bottom left on your account
  • Select Preferences
  • Press +Add next to Your MDM Servers
  • Enter as Server name e.g. Silverback
  • Select Choose File
  • Select the your previously downloaded Public Key: SB_MDM_Public_Key.pem
  • Press Save

Download Token

  • Click Download Token
  • Confirm Download Server Token
  • You downloaded now a file named like Silverback_Token_2020-01-14T17-08-52Z_smime.p7m

Import Token

  • Navigate back to your Silverback Management Console
  • Click Choose File 
  • Upload now the previously downloaded Token from Apple file: Silverback_Token_2020-01-14T17-08-52Z_smime.p7m
  • Click Save
  • Click Ok
  • Wait a few moment for the system to connect and update with Apple
  • Refresh the Browser Page or navigate to another section and switch back to Device Enrollment Program
  • Congratulations. Silverback is now linked with Apple Device Enrollment Program

Review Logs

Next Steps

Volume Purchase Program

Volume Purchase Program provides IT Administrators an easy way to find, purchase, and distribute Apps and Books in volume for the entire organization.

Before your start

Before you start please note the following criteria:

  • If you previously used a VPP token with a different product, you must generate a new one 
  • A VPP token is only supported for use in one MDM System at time. Do not reuse the same VPP token for multiple MDM Systems
  • Tokens are valid for one year
  • Before you start to use Apple VPP with Silverback, remove any existing VPP user accounts created with other mobile device management (MDM) vendors. 
  • We recommend to use the Device only as VPP Operation mode.  When you assign VPP apps using the user licensing model to users or devices (with user affinity), each user needs to be associated with a unique Apple ID or an email address when they accept the Apple terms and conditions on their device. Ensure that when you set up a device for a new Silverback user, you configure it with that user's unique Apple ID or email address. The Apple ID or email address and Silverback user form a unique pair and can be used on up to five devices.
  • By default, Silverback synchronizes with the Apple VPP service in a given period to refresh.  A manual sync is possible at any time.

Get Token

Depending of where you started and on which Apple Business Manager version you are running, you may face a different user experience

  • Open Apple Business Manager
  • Login with your Apple Business Manager Apple ID
  • Enter your Two-Factor Authentication Code
  • Click Trust this browser
  • Navigate to Apps and Books
    • Choose Tax-Status 
    • Proceed with Continue 
    • Click Get Started
    • Accept Terms and Conditions
  • Click on the bottom left on your account
    • Select Preferences
    • Click Payments and Billing
    • Under Apps and Books and Server Tokens, locate and click on your Server
    • A new file will be downloaded: sToken_for_Silverback.vpptoken

If you do not find your server, add first a new Location under Locations

Import Token

With Silverback 20.0 Update 1 a simplified process has been established for uploading the Token. In case your are running on an older Silverback Version, you need to open the downloaded Token with any Text Editor and copy and paste the content into the Company Token field. 

  • Navigate to Silverback
  • Login as Administrator
  • Navigate to Admin
  • Navigate to Volume Purchase Program
  • Enable the Volume Purchase Program chebox
  • Click Choose File
  • Select your previously downloaded Token: sToken_for_Silverback.vpptoken
  • Press Save token
  • Wait a couple of seconds
  • Click Refresh

Change VPP Operation Mode

  • Change VPP Operation Mode to Device Preferred

Enable and Review Logs

It may take a while until Volume Purchase Program Logs are visible.

After the Volume Purchase Program process is established and working, you might consider to disable the detailed logging again and only enable it in case of synchronization issues. 

Next Steps

  • Was this article helpful?