VMware AirWatch 9.2 Feature Spotlight: Bootstrap Packages for macOS

VMware AirWatch 9.2 Feature Spotlight: Bootstrap Packages for macOS

This post was originally published on this site ---

DIVE, DIVE, DIVE! Much like Jack Ryan in the movie “The Hunt for Red October,” today’s post dives deep into the topic of bootstrap packages for macOS. First, we tackle some of the common questions and points of confusion related to this feature. Then, the video at the end of the post dives into the technical content.

Bootstrap Packages for macOS Technical Deep Dive

What’s covered in the video:

  • Creating a custom bootstrap package using popular open source tool sets.
  • Enrolling a “bootstrapped” macOS device using the Device Enrollment Program (DEP).
  • SNEAK PEEK at bootstrapped enrollment with additional modifications.

FAQs for macOS Bootstrap Packages

What Are Bootstrap Packages for macOS?

Bootstrap packages are non-Apple installer packages that are deployed to a device using mobile device management (MDM) commands immediately after a device enrolls.


Are Bootstrap Packages in the MDM Protocol Reference?

Yes, but not in the way you might think. If you go searching in Apple’s MDM protocol reference, you won’t find any references to “bootstrap.” Instead, you’ll find a section covering “Managed Applications” which documents the InstallApplication command.

A unique feature of this command is the ManifestURL key. VMware AirWatch unified endpoint management (UEM) technology uses this key to get devices to install non-App Store software. Another unique feature of this command is that we can send it during the “AwaitConfiguration” phase of a DEP enrollment. Basically, this means the software defined in the manifest gets sent and installed (silently) while the device is still in the Setup Assistant.

Prior to AirWatch 9.2, AirWatch utilized this command/manifest combination to automatically install the AirWatch agent onto DEP-enrolled macOS devices. Starting in 9.2 and moving forward, we opened up the ability for macOS administrators to deliver a signed package of their choice (e.g. a bootstrap package).

Who Needs a Custom Bootstrap Package?

Whether or not you use a custom bootstrap package depends on your environment. Yes, it sounds cliché, but community demand to tweak the enrollment process created this feature. Who would need to change the default behavior and deliver a different package? Use cases include:

  • Organizations using AirWatch as a macOS management framework in orchestration with other tool sets (Munki, Chef, Puppet, etc.). In these cases, admins want to speed up the overall provisioning timeframe by landing the additional agents earlier in the enrollment process.
  • Organizations utilizing out-of-box enrollment and wanting to deliver a “splash screen” that keeps users informed about the machine’s enrollment and configuration progress.
  • Others wanting to deploy a basic set of security and authentication utilities as quickly as possible (such as Santa, Nomad or Enterprise Connect).

How Do I Learn More About Bootstrap Packages for macOS?

The following list highlights a few key items and web resources to help you explore this in more depth:

  • Bootstrap Package ReadMe (GitHub): Click here for additional details on how this process works, including flowcharts and troubleshooting tips.
  • InstallApplications (GitHub): Use this open source utility to facilitate bootstrap installation of multiple packages (agents, apps, etc).
  • DEPNotify (GitLab): This open source application provides UI notifications during a bootstrap process.
  • Maintaining Your Signing Identities and Certificates (Apple): Get details on how to request your Developer ID Installer certificate for macOS.

AirWatch 9.2 Bootstrap Packages for macOS Deep Dive


The post VMware AirWatch 9.2 Feature Spotlight: Bootstrap Packages for macOS appeared first on VMware End-User Computing Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.