Mapping Concepts from Munki to WS1 UEM


What happens where for non-store macOS apps

Since Workspace ONE UEM version 9.3, VMware has included the open-source munki binaries in the Workspace ONE Intelligent Hub for macOS. The intent of this integration was to give macOS admins the ability to distribute 3rd-party non-store macOS apps, without the need to host any backing instrastructure for munki. Because this integration was meant to give admins some of the commonly used functionality, it was not integrated in such a way to include support for ALL munki’s functionality. This has left some confusion in the community, particularly with Workspace ONE UEM administrators with extensive munki knowledge/background.

Purpose

I frequently see questions about what munki functionality works in Workspace ONE UEM. I’m hoping this post helps lay out some common usage parameters in munki, and how they equate to functionality in Workspace ONE UEM. If you identify a gap (due to new/existing munki functionality), or a new way that workspace ONE handles particular functionality, please leave a comment below!

Converting “munki” Functionality/Terminology to Workspace ONE UEM

First off it’s helpful to understand how some of the common components to munki map to elements inside Workspace ONE UEM.

Munki “Infrastructure”

Munki Component Workspace ONE Equivalent
Catalogs Workspace ONE Intelligent Hub dynamically builds this device-side based on assigned Apps
Manifests Workspace ONE Intelligent Hub dynamically builds this device-side based on assigned Apps
Managed Software Center Workspace ONE Intelligent Hub’s App Catalog replaces this tool
Repository Workspace ONE UEM acts as the repository, hosting all installable files securely in Workspace ONE UEM (On-Premises) or Content Delivery Network (SaaS)
Autopkg(r) While not exactly a munki components, many folks use this in conjunction with their munki environment. There’s currently no processor to provide direct integration with Workspace ONE UEM. That said, you can use the “munki” version of many recipes to obtain the binary and pkginfo.plist for upload into Workspace ONE UEM. Additionally, the recent version of Workspace ONE Admin Assistant includes command line functionality to upload binaries and pkginfo files to Workspace ONE UEM (if you’re attempting to script an entire workflow).

Munki pkginfo Files

Now that you understand the back-end components of Munki and how they equate in Workspace ONE UEM, let’s look at the actual pkginfo file that is used to build the catalogs & manifests.

Pkginfo Key Mapping that key to Workspace ONE UEM
autoremove Remove on Unenroll setting in “Restrictions” for App Assignment
blocking_applications Blocking Apps in App Configuration
catalogs & manifests Smart Groups in App Assignments
display_name Modify the name value in the plist generated by Workspace ONE Admin Assistant
force_install_after_date Combine “Auto” deployment with “Installation Begins On” in App Assignment
installable_condition & Conditional Items Smart Groups in App Assignments (or FreeStyle Orchestrator when released)
installs, receipts Modify the plist generated by Workspace ONE Admin Assistant to add this key-value pair/array
items_to_copy Supported if added to the pkginfo plist prior to uploading in Workspace ONE UEM - not currently displayed in UI
installer_choices_xml Supported if added to the pkginfo plist prior to uploading in Workspace ONE UEM - not currently displayed in UI
minimum_os_version & maximum_os_version Smart Groups in App Assignments
_script (installcheck, pre/post, etc) Scripts tab in App Configuration
_alert (preinstall, preuninstall, etc) Use hubcli in the relative “_script” in the Scripts tab in App Configuration
requires Use the upcoming FreeStyle Orchestrator functionality to create a workflow with the required app installation order
RestartAction Deployment tab in App Configuration
supported_architectures Smart Groups in App Assignments
uninstall_method Scripts tab in App Configuration

Closing Commentary

In my opinion, I’ve seen this integration help new-to-Workspace ONE UEM administrators quickly get macOS app deployment tamed in their environment. Especially from the perspective of the “accidental MacAdmin,” this integration brings macOS non-store app management into a similarly familiar look and feel to non-store app management on other platforms. If you are looking to do more comparison between the two app deployment systems, you can find more information at the following two resources:

If you find a functionality gap that seems to be a blocker, I encourage you to add it to the Workspace ONE UEM Feature Request Portal.

Comments welcome!

macOS  munki 

See also