Frequently asked questions about using the new Volume Purchase Program with Sophos Mobile Control 3.6

  • Article ID: 120033
  • Updated: 02 Feb 2016
This article provides answers to frequently asked questions regarding Apples Volume Purchase Program and its usage with Sophos Mobile Control 3.6.

Applies to the following Sophos product(s) and version(s)
Sophos Mobile Control 4.0

Operating systems

Frequently asked questions about the usage of the new Volume Purchase Program and Sophos Mobile Control

Can I still use the spreadsheets containing the redemption codes I used before?
Yes, you can still upload these spreadsheets to Sophos Mobile Control 3.6.

What is the sToken?
The sToken is used to authenticate you against the Apple Volume Purchase Program service.
This way it is checked which apps you have purchased and which users are authorized to download your purchased apps.

Where do I get the sToken which I enter in the Sophos Mobile Control (SMC) web console?
Login at using your VPP enabled Apple-ID.
Click on the 'Download' button on the bottom next to 'Generate a VPP service token and download it in a text file'.

Does Sophos Mobile Control require an additional connection to use the new VPP process?
Yes. The SMC server must be able to connect to
But as it is recommended to open the whole 17.*.*.* network this should already be possible.

How do I invite users to participate in the VPP?
You can send out invitation emails to your users using the built-in functionality of Sophos Mobile Control.
The users will receive an email with an activation link. After clicking on the link, they have to sign in with their Apple ID.
For further information, please check the Sophos Mobile Control administrator guide.

When is a user authorized to use the VPP?
A user is authorized as soon as he clicked on the activation link and logged in with his Apple ID.

How do I assign purchased applications to an authorized VPP user?
Once a user is authorized you can add him to the application package within the Sophos Mobile Control web console.

How does the SMC server check if a user is authorized?
Every time a user is edited or an VPP application package is touched by the server the user status is checked first before processing. To check this the SMC server connects to the VPP portal and uses the sToken for authentication.

Is there anything to consider when deploying apps purchased via VPP?
Yes. We recommend to deactivate the automatic download of apps within the iOS settings ('General | iTunes & App Store | Automatic Downloads')
Otherwise, VPP apps which are deployed using Sophos Mobile Control are not listed as managed apps. In case of removing the Sophos Mobile Control enrollment profile the app will not be uninstalled.
Deactivating the background download of apps has to be done manually on each device by the user. There is no possibility to do this with Sophos Mobile Control.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent