Hi,

This is my situation. All the iOS devices (iPad's) are DEP registered. I have also configured VPP for deploying apps. The customer don't want to use personal Apple ID's. We have setup a federation between Azure AD and Apple. So users can use their AAD account as Apple ID. But, the accounts are business account, so it's not possible to install apps with this account. So far, so good. Users can't install unwanted apps on the iPads. We can buy apps with Apple VPP and deploy it to iOS devices. 

But now the real world. The iPads are preinstalled with software. Apps like, Contacts, Podcast, Measure, etc. But not all the apps are installed, most apps try to install them self. When that happens, the apps are asking for an Apple ID, because the apps are not deployed with the VPP. My first reaction was to "buy" the apps in VPP. But the Contacts app is not available in VPP.

How can I avoid this?