Distribute Apple apps

Endpoint Management manages apps deployed to devices. You can organize and deploy the following types of iOS/iPadOS and macOS apps.

  • Public App Store (iOS/iPadOS only): These apps include free or paid apps available in a public app store, such as Apple App Store or Google Play. For example, GoToMeeting.
  • Enterprise (iOS/iPadOS/macOS): Native apps that aren’t wrapped with the MDX Toolkit and don’t contain the policies associated with MDX apps.
  • MDX (iOS/iPadOS only): Apps wrapped with the MDX Service or Toolkit to include app policies. You get MDX apps from internal sources and public stores.
  • Volume purchase (iOS/iPadOS/macOS): Apps with licenses managed through the Apple volume purchase program.
  • iOS custom apps (iOS/iPadOS only): Proprietary business-to-business apps developed in-house or by a third-party.

For more information about different types of apps, see Add apps.

Some deployments require an Apple Business Management (ABM) or Apple School Management (ASM) account. See the following sections for more information.

For each type of app and distribution method, Citrix recommends a set of configuration practices. For information about distributing apps for other platforms, see Add Apps. The following sections provide more in depth information for iOS app configuration.

General steps for app distribution

Scenario Step 1: Link accounts Step 2: Add and configure apps Step 3: Configure delivery groups and deploy apps
Public app store apps, including Citrix mobility apps Not applicable In Endpoint Management: Configure > Apps, add Public App Store apps for iPhone or iPad. Configure the apps and assign them to delivery groups. In Endpoint Management: Configure and deploy apps using delivery groups.
Public app store apps delivered with Apple volume purchase, including Citrix mobility apps Enroll in an Apple deployment program. In Endpoint Management: Go to Settings > Volume purchase to add your volume purchase account. In ABM or ASM: Purchase and add apps from Apps and Books. In Endpoint Management: Go to Configure > Apps, configure the apps, and assign them to delivery groups. In Endpoint Management: Configure and deploy apps using delivery groups.
Enterprise apps Not applicable In Endpoint Management: Go to Configure > Apps. Click Add then click Enterprise. Upload the IPA file. Configure the apps and assign them to delivery groups. In Endpoint Management: Configure and deploy apps using delivery groups.
MDX apps Not applicable In Endpoint Management: Go to Configure > Apps. Click Add then click MDX. Ensure that you select iPad/iPhone for the platform. Upload the MDX file. Configure the apps and assign them to delivery groups. In Endpoint Management: Configure and deploy apps using delivery groups.
MDX apps distributed using Apple volume purchase Enroll in an Apple deployment program. In Endpoint Management: Go to Settings > Volume purchase to add your volume purchase account. In ABM: Purchase and add MDX apps from Apps and Books. Link the app to your ABM account. In Endpoint Management: Go to Configure > Apps, configure the apps, and assign them to delivery groups. In Endpoint Management: Configure and deploy apps using delivery groups.
Custom apps Enroll in an Apple deployment program. In Endpoint Management: Go to Settings > Volume purchase to add your volume purchase account. In ABM: Add your app to the App Store as a private app. Link the app to your ABM account. In Endpoint Management: Go to Configure > Apps, configure the apps, and assign them to delivery groups. In Endpoint Management: Configure and deploy apps using delivery groups.
MDX-enabled custom apps Enroll in an Apple deployment program. In Endpoint Management: Go to Settings > Volume purchase to add your volume purchase account. In ABM: Add your app to the app store as a private app. Link the app to your ABM account. In Endpoint Management: Go to Configure > Apps and upload the MDX file. Configure the apps and assign them to delivery groups. In Endpoint Management: Configure and deploy apps using delivery groups.

Public app store apps

You can add free and paid apps available on the App Store to Citrix Endpoint Management.

Feature availability  
Requires device supervision No
Available for user enrollment mode No
Available on iOS/iPadOS

Step 1: Add and configure apps

  1. In the Endpoint Management console, navigate to Configure > Apps. Click Add.
  2. Click Public App Store. Add public app store app
  3. Select iPhone or iPad for platforms
  4. Type the app name in the search box and click Search. iOS app search
  5. Apps matching the search criteria appear. Click the desired app.
  6. Assign a delivery group to the app and click Save.

Step 2: Configure app deployment

  1. In the Endpoint Management console, navigate to Configure > Apps.
  2. Select the app you want to configure and click Edit.
  3. Citrix recommends enabling the Force app to be managed feature.
  4. Assign any delivery groups and click Save.
  5. Navigate to Configure > Delivery Groups > Apps.
  6. Mark the desired apps as Required. Mark the app as required
  7. Navigate back up to Configure > Delivery Groups.
  8. Select the delivery group and click Deploy.
  9. Users receive a request to install the app and the app installs in the background after they accept. Message asking to install the app

Public app store apps delivered with Apple volume purchase

You can manage iOS/iPadOS app licenses through the Apple volume purchase program. Follow these steps to add volume purchase apps to Endpoint Management.

Feature availability  
Requires device supervision No
Available for user enrollment mode Yes
Available on iOS/iPadOS/macOS
  1. Set up and enroll in Apple Business Manager (ABM) or Apple School Manager (ASM). For more information about these programs, see Apple documentation.
  2. Link your ABM/ASM account with Endpoint Management. For more information on linking volume purchase accounts, see Apple Volume Purchase.
  3. When you add your volume purchase account, enable App Auto Update. This setting ensures that apps on user devices automatically update when an update appears in the Apple store.

Step 2: Get apps and licenses from Apple

Add apps on your ABM/ASM account. You can add purchases from the Apple App Store or Apple Books (for iOS/iPadOS only). Keep in mind that you must purchase all apps, even if they are free.

For information about how to make apps available to your business, see Apple documentation.

Step 3: Configure app deployment

  1. In the Endpoint Management console, navigate to Configure > Apps.
  2. Select the volume purchase app you want to configure and click Edit.
  3. Select the platforms: iPhone, iPad, or macOS.
  4. Citrix recommends enabling the Force app to be managed feature (iOS/iPadOS only).
  5. Assign any delivery groups and click Save.
  6. Navigate to Configure > Delivery Groups > Apps.
  7. Mark the desired apps as Required. Mark the app as required
  8. Navigate back to Configure > Delivery Groups.
  9. Select the delivery group and click Deploy.
  10. Users receive a request to install the app and the app installs in the background after they accept. Message asking to install the app

Enterprise apps

You can also add native apps that aren’t wrapped with the MDX Toolkit. These apps don’t have any MDX policies associated with them. Follow these steps to add apps that don’t exist on the App Store.

Feature availability  
Requires device supervision No
Available for user enrollment mode Yes
OS iOS/iPadOS/macOS

Step 1: Add and configure apps

  1. In the Endpoint Management console, navigate to Configure > Apps. Click Add.
  2. Click Enterprise. Add enterprise app
  3. On the App information page, configure the following:
    • Name: Type a descriptive name for the app. The name appears under App Name on the Apps table.
    • Description: Type an optional description of the app.
    • App category: Optionally, in the list, click the category to which you want to add the app.
  4. Click Next. The App Platforms page appears.
  5. Select the platforms: iPhone, iPad, or macOS.
  6. Upload the IPA file (iOS/iPadOS) or upload the PKG file (macOS)
  7. Click Next. The App details page appears.
  8. Configure these settings:
    • File name: Optionally, type a new name for the app.
    • App description: Optionally, type a new description for the app.
    • App version: You can’t change this field.
    • Minimum OS version: Optionally, type the oldest operating system version that the device can run to use the app.
    • Maximum OS version: Optionally, type the most recent operating system that the device must run to use the app.
    • Excluded devices: Optionally, type the manufacturer or models of devices that cannot run the app.
    • Remove app if MDM profile is removed: Select whether to remove the app from a device when the MDM profile is removed. The default is ON. (iOS/iPadOS only)
    • Prevent app data backup: Select whether to prevent the app from backing up data. The default is ON. (iOS/iPadOS only)
    • Force app to be managed: If you install an unmanaged app, select ON if you want users on unsupervised devices see a prompt to allow management of the app. If they accept the prompt, the app is managed. (iOS/iPadOS only) Enterprise app settings
  9. Assign a delivery group to the app and click Save.

Step 2: Configure app deployment

  1. In the Endpoint Management console, navigate to Configure > Delivery Groups. Select the delivery group to configure and click the Apps page.
  2. Mark the desired apps as Required. Required apps
  3. Navigate to Configure > Delivery Groups.
  4. Select the delivery group and click Deploy.
  5. Users receive a request to install the app and the app installs in the background after they accept. Message asking to install the app

MDX apps

Add MDX wrapped apps to use MDX policies and security features. You can deploy MDX apps using volume purchase or without it.

Feature availability  
Requires device supervision No
Available for user enrollment mode Yes
Available On iOS/iPadOS

Step 1: Add and configure apps

  1. In the Endpoint Management console, navigate to Configure > Apps. Click Add.
  2. Click MDX. Add MDX app
  3. Select iPhone or iPad for platforms.
  4. Upload the MDX file.
  5. Configure the app details. Set App deployed via Volume purchase to Off. Citrix also recommends enabling the Force app to be managed feature. MDX volume purchase off
  6. Configure the MDX policies. Set Disable required upgrade to On. MDX disable required upgrade on
  7. Assign a delivery group to the app and click Save.

Step 2: Configure app deployment

  1. In the Endpoint Management console, navigate to Configure > Delivery Groups > Apps.
  2. Mark the desired apps as Required. Mark the app as required
  3. Navigate to Configure > Delivery Groups.
  4. Select the delivery group and click Deploy.
  5. Users receive a request to install the app and the app installs in the background after they accept. Message asking to install the app

MDX apps distributed using Apple volume purchase

Add MDX wrapped apps to use MDX policies and security features. To deploy apps using volume purchase, the apps must exist on the app store.

Feature availability  
Requires device supervision No
Available for user enrollment mode Yes
Available on iOS/iPadOS
  1. Set up and enroll in Apple Business Manager (ABM) or Apple School Manager (ASM). For more information about these programs, see Apple documentation.
  2. Link your ABM/ASM account with Endpoint Management. For more information on linking volume purchase accounts, see Apple Volume Purchase.
  3. When you add your volume purchase account, enable App Auto Update. This setting ensures that apps on user devices automatically update when an update appears in the Apple store.

Step 2: Add and configure apps

  1. In the Endpoint Management console, navigate to Configure > Apps. Click Add.
  2. Click MDX. Add MDX app
  3. Select iPhone or iPad for platforms.
  4. Upload the MDX file.
  5. Configure the app details. Set App deployed via Volume purchase to On. Citrix also recommends enabling the Force app to be managed feature. MDX volume purchase on
  6. Configure the MDX policies. Set Disable required upgrade to On. MDX disable required upgrade on
  7. Assign a delivery group to the app for each platform and click Save.

This configuration results in two entries listed for this app in the apps list. When you select an app to configure, select the app with Type MDX.

Step 3: Configure app deployment

  1. In the Endpoint Management console, navigate to Configure > Delivery Groups > Apps.
  2. Mark the desired volume purchase apps as Required. Mark the app as required
  3. Navigate to Configure > Delivery Groups.
  4. Select the delivery group and click Deploy.
  5. Users receive a request to install the app and the app installs in the background after they accept. Message asking to install the app

Custom apps

Custom apps are proprietary business-to-business apps. You can use Endpoint Management and Apple volume purchase to distribute proprietary apps privately and securely. You can distribute the apps to specific partners, clients, franchisees, and internal employees.

Feature availability  
Requires device supervision No
Available for user enrollment mode Yes
Available on iOS/iPadOS

Requirements for custom apps

  • Apple Business Manager or Apple School Manager account
  • Apple volume purchase account (requires devices with iOS 7 or later)
  • Enroll devices in Endpoint Management, using one of the following Apple enrollment modes:
    • Automated Device Enrollment
    • Device enrollment
    • User enrollment

To deploy custom apps using volume purchase, link your volume purchase account to Endpoint Management.

  1. Set up and enroll in Apple Business Manager (ABM). For more information about these programs, see Apple documentation.
  2. Link your ABM account with Endpoint Management. For more information on linking volume purchase accounts, see Apple Volume Purchase.
  3. When you add your volume purchase account, enable App Auto Update. This setting ensures that apps on user devices automatically update when an update appears in the Apple store.

Step 2: Configure apps on ABM

Add apps on your ABM account. You can upload and distribute your own custom apps or buy licenses for custom apps from other organizations. For more information on adding and enabling custom apps on ABM, see Apple documentation.

Step 3: Add and configure apps in Endpoint Management

  1. In the Endpoint Management console, navigate to Configure > Apps. Volume purchase apps appear in the list of apps.
  2. Select them app you want to configure. Click Edit.
  3. Select the platforms: iPhone, iPad, or macOS.
  4. Choose the delivery groups to which you want the app distributed. Click Save.

Step 4: Configure app deployment

  1. In the Endpoint Management console, navigate to Configure > Delivery Groups > Apps.
  2. Mark the apps you want distributed as Required. Mark the app as required
  3. Navigate back to Configure > Delivery Groups.
  4. Select the delivery group you want deployed and click Deploy.
  5. Users receive a request to deploy apps and the apps install in the background after they accept. Message asking to install the app

MDX enabled custom apps

You can also wrap custom apps using the MDX Toolkit to add policies and other security features.

Feature availability  
Requires device supervision No
Available for user enrollment mode Yes
Available on iOS/iPadOS

To deploy custom apps using volume purchase, link your volume purchase account to Endpoint Management.

  1. Set up and enroll in Apple Business Manager (ABM). For more information about these programs, see Apple documentation.
  2. Link your ABM account with Endpoint Management. For more information on linking volume purchase accounts, see Apple Volume Purchase.
  3. When you add your volume purchase account, enable App Auto Update. This setting ensures that apps on user devices automatically update when an update appears in the Apple store.

Step 2: Configure apps on ABM

Add apps on your ABM account. You can upload and distribute your own custom apps or buy licenses for custom apps from other organizations. For more information on adding and enabling custom apps on ABM, see Apple documentation.

Step 3: Add and configure apps in Endpoint Management

  1. In the Endpoint Management console, navigate to Configure > Apps. Click Add.
  2. Click MDX. Add MDX app
  3. Select the iPhone or iPad platforms.
  4. Upload the MDX file for the app you want to add.
  5. Configure the app details. Set App deployed via Volume purchase to On. Citrix also recommends enabling the Force app to be managed feature. MDX volume purchase on
  6. Configure the MDX policies. Set Disable required upgrade to On. MDX disable required upgrade on
  7. Assign a delivery group to the app and click Save.

This configuration results in two entries listed for this app in the apps list. When you select an app to configure, select the app with Type MDX.

Step 4: Configure app deployment

  1. In the Endpoint Management console, navigate to Configure > Apps. Volume purchase apps appear in the list of apps.
  2. Select the app you want to configure. Click Edit.
  3. Choose the delivery groups to which you want the app distributed on each platform. Click Save.
  4. Navigate back to Configure > Delivery Groups > Apps.
  5. Mark the apps you want distributed as Required. Mark the app as required
  6. Navigate back to Configure > Delivery Groups.
  7. Select the delivery group you want deployed and click Deploy.
  8. Users receive a request to deploy apps and the apps install in the background after they accept. Message asking to install the app

Optional apps (iOS/iPadOS only)

Citrix recommends deploying apps as Required. On the users end, required apps install silently, minimizing interaction. Having this feature enabled also allows apps to update automatically.

Optional apps allow users to choose what apps to install, but users must initiate the installation manually through Secure Hub.

To install optional apps, users must launch Secure Hub, go to Store, select Details for the desired app, and click Add.

Install an optional app