The safest place to get apps for your Mac is the App Store. Apple reviews each app in the App Store before it’s accepted and signs it to ensure that it hasn’t been tampered with or altered. If there’s ever a problem with an app, Apple can quickly remove it from the store.
Change Allow apps downloaded from: to App Store and identified developers. Note: For Mac High Sierra (10.13.x), you will need to click on Allow too. Click the lock icon again to prevent any further changes. Installing the Zoom application. Visit our Download Center. Under Zoom Client for Meetings, click Download. Double click the downloaded file. You can enable 'Subtitles/CC' in this video Running into issues installing downloaded apps on your Mac in Sierra or High Sierra or Mojave? Is your Mac tell.
If you download and install apps from the internet or directly from a developer, macOS continues to protect your Mac. When you install Mac apps, plug-ins, and installer packages from outside the App Store, macOS checks the Developer ID signature to verify that the software is from an identified developer and that it has not been altered. By default, macOS Catalina also requires software to be notarized, so you can be confident that the software you run on your Mac doesn't contain known malware. Before opening downloaded software for the first time, macOS requests your approval to make sure you aren’t misled into running software you didn’t expect.
Running software that hasn’t been signed and notarized may expose your computer and personal information to malware that can harm your Mac or compromise your privacy.
View the app security settings on your Mac
By default, the security and privacy preferences of your Mac are set to allow apps from the App Store and identified developers. For additional security, you can chose to allow only apps from the App Store.
In System Preferences, click Security & Privacy, then click General. Click the lock and enter your password to make changes. Select App Store under the header “Allow apps downloaded from.”
Open a developer-signed or notarized app
If your Mac is set to allow apps from the App Store and identified developers, the first time that you launch a new app, your Mac asks if you’re sure you want to open it.
An app that has been notarized by Apple indicates that Apple checked it for malicious software and none was detected:
Prior to macOS Catalina, opening an app that hasn't been notarized shows a yellow warning icon and asks if you're sure you want to open it:
If you see a warning message and can’t install an app
If you have set your Mac to allow apps only from the App Store and you try to install an app from elsewhere, your Mac will say that the app can't be opened because it was not downloaded from the App Store.*
If your Mac is set to allow apps from the App Store and identified developers, and you try to install an app that isn’t signed by an identified developer or—in macOS Catalina—notarized by Apple, you also see a warning that the app cannot be opened.
If you see this warning, it means that the app was not notarized, and Apple could not scan the app for known malicious software.
You may want to look for an updated version of the app in the App Store or look for an alternative app.
If macOS detects a malicious app
If macOS detects that an app has malicious content, it will notify you when you try to open it and ask you to move it to the Trash.
How to open an app that hasn’t been notarized or is from an unidentified developer
Running software that hasn’t been signed and notarized may expose your computer and personal information to malware that can harm your Mac or compromise your privacy. If you’re certain that an app you want to install is from a trustworthy source and hasn’t been tampered with, you can temporarily override your Mac security settings to open it.
In macOS Catalina and macOS Mojave, when an app fails to install because it hasn’t been notarized or is from an unidentified developer, it will appear in System Preferences > Security & Privacy, under the General tab. Click Open Anyway to confirm your intent to open or install the app.
The warning prompt reappears, and you can click Open.*
The app is now saved as an exception to your security settings, and you can open it in the future by double-clicking it, just as you can any authorized app.
*If you're prompted to open Finder: control-click the app in Finder, choose Open from the menu, and then click Open in the dialog that appears. Enter your admin name and password to open the app.
Systems Manager can be used to deploy apps to all of your managed devices through the Systems Manager > Manage > Apps page. The Meraki Dashboard integrates directly with Google Play and both the iOS and macOS App Stores, which allows you to quickly and easily configure and deploy apps to your mobile devices.
For information on deploying custom software from installer files for Windows and Mac devices, see this article. For deploying custom enterprise apps for iOS and Android, see this article.
Initial Setup
To deploy Android apps, you will first need an Android Enterprise domain, either Google or Meraki-managed, bound to your Meraki Dashboard.
To deploy iOS or macOS apps, you will first need your APNs token set up to enable communications with Apple's servers. To push out apps silently to devices, and avoid prompting the end user to sign into an Apple ID or to push apps to macOS at all, you will need to set up your Apple Volume Purchase Program (VPP) account as well, which allows you to centrally manage application licenses. See more info on silent iOS app installs here.
Adding Store Apps
Once you are ready to add your apps, navigate to Systems Manager > Manage > Apps and select 'Add new' at the top right of the page, and iOS/macOS app store, or Android Play Store app.
Search for your application, and click the app entry found to enter the app configuration page. In this example, we show adding an iOS app, but the steps are the same for macOS.
Note: Dashboard does not allow the adding of multiple apps with the same app identifier (i.e. com.carrotcreative.Ham-Horn in the above image). To check which app identifiers have already been added, navigate to the Systems Manager > Manage > Apps page, click on the wrench icon on the right, and add the 'Identifier' column.
Configuring Apps
After adding an app, you'll see an interface similar to the below. Note that Android apps may show slightly different options until changes are saved.
Scope
By default, this app will be pushed down to all devices of the matching operating system, but this can be narrowed down by tag. See tag scoping for more info.
License Method (iOS only)
This is used to specify if an iOS app should be configured to use one of your organizations VPP licenses, instead of prompting the user to sign into their Apple ID. You may use the drop down to select either VPP Codes, VPP User Assignment, or VPP Device Assignment. For more information about VPP, see our article here.
macOS App Store App deployment requires the use of VPP Device Assignment, and as such is always selected for this type of app.
Allow Apps To Install Mac
Auto-Install / Auto-Uninstall
By default, apps will automatically attempt to install on all scoped devices once 'Save Changes' is clicked. To push out an install later, or leave the installation option up to the end user, who can access available apps through the managed Play Store or Systems Manager app, uncheck this option.
Remove with MDM
Allow All Apps To Download
Selecting this check-box will force the app to be uninstalled when the Meraki management profile is uninstalled. This is important to have checked if you want to ensure that the apps you select are only available to those mobile devices that are managed by Systems Manager.
macOS App Store Apps cannot be removed by unscoping the app or this 'remove with MDM' option. To remove macOS App Store Apps the device will need to send a command to remove the app locally such as sudo rm -r '/Application/AppName' or deploy a script / custom .pkg to do this.
Allow All Apps To Install Macos
Attempt to Manage Unmanaged (iOS only)
If the device you push this application to is already installed, Systems Manager will attempt to take management over the app, allowing Dashboard admins to push updates and uninstalls for that app. This is only available on iOS 9+, and will prompt the user for confirmation on unsupervised devices.
Backup on Sync (iOS only)
Allow All Apps To Install Macbook
Deselecting this check-box will prevent app-generated data from being backed-up during a sync. This is important for administrators who want to separate personal from organizational/corporate data on an iOS device.
Approval Status (Android)
After saving changes initially, the option to approve the app for your managed Play Store will appear. Users will not be able to access the app for download until you approve it first. See our deployment guide for more info.
Pushing and Updating Apps
After configuring your app, clicking on 'save changes' will automatically push out the app install commands to devices in scope, listed at the bottom of the page. Again, ensure you have VPP app licenses available for iOS apps if applicable, and that you have approved Android apps for end users to access.
To manually re-push apps, you can use the commands under 'Status' to re-push to all scoped devices, or only devices missing the app. You can also selectively re-push the app to specific devices by checking the boxes at the bottom and clicking Manage > Update/Reinstall. This can be used to manually update apps that have new versions available in the app store as well.
For more information on pushing app updates, see this article.