In a typical device enrollment, the Workspace ONE Intelligent Hub must be installed on a device before any other installer packages can be executed. The Bootstrap Package allows installer packages to deploy to a device immediately after the device is enrolled.
Workspace ONE UEM uses the latest Apple MDM commands for deploying Bootstrap Packages. For enrolled devices on macOS 10.13.6 and higher, the
InstallEnterpriseApplication command is used. For macOS 10.13.5 and lower devices the legacy
InstallApplication command is used.
Historically, the Workspace ONE Intelligent Hub handles the download and installation of application files. Bootstrap Packages allow .pkg files to install immediately after enrollment whether or not the Workspace ONE Intelligent Hub is installed.
You may want to use alternative tools for device and application management. Bootstrap package enrollment comprises an enrollment flow paired with a bootstrap package that installs the alternative tooling and configures the device before the end user begins using the device.
Bootstrap Package Use Cases
Bootstrap Packages may be useful in certain deployment scenarios. This list is not exhaustive.
You want to create a custom-branded end user experience, such as launching a window as soon as enrollment completes, to inform the user about the installation process and instruct them to wait to use the device until provisioning and installation complete.
Your deployment does not include the Workspace ONE Intelligent Hub, but you still have critical software to deploy to devices.
You want to use Munki for Application Management, and need the Munki client to install immediately after enrollment so the user can begin installing apps, rather than going through the Workspace ONE Intelligent Hub and AirWatch Catalog.
Your deployment only uses MDM for certificate management and software management, and uses Chef or Puppet for configuration management. In this configuration, Chef or Puppet must be installed as soon as enrollment completes to finish configuring the device.
Bootstrap Package Creation
Bootstrap packages are deployed to the device as soon as enrollment completes. Bootstrap packages deployed from the Console will not deploy to existing enrolled devices unless the devices are specifically queued using the Assigned Devices list for the package.
You must create packages before you deploy them. There are several tools available that can create a package for use in the Bootstrap Package functionality. Created packages must meet two criteria:
- The package must be signed with an Apple Developer ID Installer Certificate. Only the package needs to be signed, not the app, since the Apple Gatekeeper does not check apps installed through MDM.
- The package must be a distribution package (product archive), not a flat component package.
When you have created a bootstrap package, you must deploy the package to your devices. For more information, see Deploy a Bootstrap Package.