By Product Technical Guides

[Feature Spotlight] Bootstrap Packages for macOS in VMware AirWatch 9.2

DIVE, DIVE, DIVE! Much like Jack Ryan in the movie “The Hunt for Red October,” today’s post dives deep into the topic of bootstrap packages for macOS. First, we tackle some of the common questions and points of confusion related to this feature. Then, the video at the end of the post dives into the technical content.

[button link=”” newwindow=”yes”] Share on LinkedIn[/button]

Bootstrap Packages for macOS Technical Deep Dive

[tabs slidertype=”simple”] [tab]

What’s covered in the video:

  • Creating a custom bootstrap package using popular open source tool sets.
  • Enrolling a “bootstrapped” macOS device using the Device Enrollment Program (DEP).
  • SNEAK PEEK at bootstrapped enrollment with additional modifications.

[/tab] [/tabs]

FAQs for macOS Bootstrap Packages

[tabs slidertype=”simple”] [tab]

What Are Bootstrap Packages for macOS?

Bootstrap packages are non-Apple installer packages that are deployed to a device using mobile device management (MDM) commands immediately after a device enrolls.


Are Bootstrap Packages in the MDM Protocol Reference?

Yes, but not in the way you might think. If you go searching in Apple’s MDM protocol reference, you won’t find any references to “bootstrap.” Instead, you’ll find a section covering “Managed Applications” which documents the InstallApplication command.

A unique feature of this command is the ManifestURL key. VMware AirWatch unified endpoint management (UEM) technology uses this key to get devices to install non-App Store software. Another unique feature of this command is that we can send it during the “AwaitConfiguration” phase of a DEP enrollment. Basically, this means the software defined in the manifest gets sent and installed (silently) while the device is still in the Setup Assistant.

Prior to AirWatch 9.2, AirWatch utilized this command/manifest combination to automatically install the AirWatch agent onto DEP-enrolled macOS devices. Starting in 9.2 and moving forward, we opened up the ability for macOS administrators to deliver a signed package of their choice (e.g. a bootstrap package).

[/tab] [tab]

Who Needs a Custom Bootstrap Package?

Whether or not you use a custom bootstrap package depends on your environment. Yes, it sounds cliché, but community demand to tweak the enrollment process created this feature. Who would need to change the default behavior and deliver a different package? Use cases include:

  • Organizations using AirWatch as a management framework in orchestration with other tool sets (Munki, Chef, Puppet, etc.). In these cases, landing the additional agents earlier in the enrollment process speeds up the overall provisioning timeframe.
  • Organizations utilizing out-of-box enrollment and wanting to deliver a “splash screen” that keeps users informed about the machine’s enrollment and configuration progress.
  • Others wanting to deploy a basic set of security and authentication utilities as quickly as possible (such as Santa, Nomad or Enterprise Connect).


How Do I Learn More About Bootstrap Packages for macOS?

The following list highlights a few key items and web resources to help you explore this in more depth:

  • Bootstrap Package ReadMe (GitHub): Click here for additional details on how this process works, including flowcharts and troubleshooting tips.
  • InstallApplications (GitHub): Use this open source utility to facilitate bootstrap installation of multiple packages (agents, apps, etc).
  • DEPNotify (GitLab): This open source application provides UI notifications during a bootstrap process.
  • Maintaining Your Signing Identities and Certificates (Apple): Get details on how to request your Developer ID Installer certificate for macOS.

[/tab] [/tabs]

AirWatch 9.2 Bootstrap Packages for macOS Deep Dive