Since Workspace ONE UEM version 9.3, VMware has included the open-source munki binaries in the Workspace ONE Intelligent Hub for macOS. The intent of this integration was to give macOS admins the ability to distribute 3rd-party non-store macOS apps, without the need to host any backing instrastructure for munki. Because this integration was meant to give admins some of the commonly used functionality, it was not integrated in such a way to include support for ALL munki’s functionality. This has left some confusion in the community, particularly with Workspace ONE UEM administrators with extensive munki knowledge/background.
I frequently see questions about what munki functionality works in Workspace ONE UEM. I’m hoping this post helps lay out some common usage parameters in munki, and how they equate to functionality in Workspace ONE UEM. If you identify a gap (due to new/existing munki functionality), or a new way that workspace ONE handles particular functionality, please leave a comment below!
Converting “munki” Functionality/Terminology to Workspace ONE UEM
First off it’s helpful to understand how some of the common components to munki map to elements inside Workspace ONE UEM.
|Munki Component||Workspace ONE Equivalent|
|Catalogs||Workspace ONE Intelligent Hub dynamically builds this device-side based on assigned Apps|
|Manifests||Workspace ONE Intelligent Hub dynamically builds this device-side based on assigned Apps|
|Managed Software Center||Workspace ONE Intelligent Hub’s App Catalog replaces this tool|
|Repository||Workspace ONE UEM acts as the repository, hosting all installable files securely in Workspace ONE UEM (On-Premises) or Content Delivery Network (SaaS)|
|Autopkg(r)||While not exactly a munki components, many folks use this in conjunction with their munki environment. There’s currently no processor to provide direct integration with Workspace ONE UEM. That said, you can use the “munki” version of many recipes to obtain the binary and pkginfo.plist for upload into Workspace ONE UEM. Additionally, the recent version of Workspace ONE Admin Assistant includes command line functionality to upload binaries and pkginfo files to Workspace ONE UEM (if you’re attempting to script an entire workflow).|
Munki pkginfo Files
Now that you understand the back-end components of Munki and how they equate in Workspace ONE UEM, let’s look at the actual pkginfo file that is used to build the catalogs & manifests.
|Pkginfo Key||Mapping that key to Workspace ONE UEM|
|autoremove||Remove on Unenroll setting in “Restrictions” for App Assignment|
|blocking_applications||Blocking Apps in App Configuration|
|catalogs & manifests||Smart Groups in App Assignments|
|display_name||Modify the name value in the plist generated by Workspace ONE Admin Assistant|
|force_install_after_date||Combine “Auto” deployment with “Installation Begins On” in App Assignment|
|installable_condition & Conditional Items||Smart Groups in App Assignments (or FreeStyle Orchestrator when released)|
|installs, receipts||Modify the plist generated by Workspace ONE Admin Assistant to add this key-value pair/array|
|items_to_copy||Supported if added to the pkginfo plist prior to uploading in Workspace ONE UEM - not currently displayed in UI|
|installer_choices_xml||Supported if added to the pkginfo plist prior to uploading in Workspace ONE UEM - not currently displayed in UI|
|minimum_os_version & maximum_os_version||Smart Groups in App Assignments|
|_script (installcheck, pre/post, etc)||Scripts tab in App Configuration|
|_alert (preinstall, preuninstall, etc)||Use hubcli in the relative “_script” in the Scripts tab in App Configuration|
|requires||Use the upcoming FreeStyle Orchestrator functionality to create a workflow with the required app installation order|
|RestartAction||Deployment tab in App Configuration|
|supported_architectures||Smart Groups in App Assignments|
|uninstall_method||Scripts tab in App Configuration|
In my opinion, I’ve seen this integration help new-to-Workspace ONE UEM administrators quickly get macOS app deployment tamed in their environment. Especially from the perspective of the “accidental MacAdmin,” this integration brings macOS non-store app management into a similarly familiar look and feel to non-store app management on other platforms. If you are looking to do more comparison between the two app deployment systems, you can find more information at the following two resources:
If you find a functionality gap that seems to be a blocker, I encourage you to add it to the Workspace ONE UEM Feature Request Portal.