Skip to main content

How are you guys handling this situation 

User a has a Macbook and creates Time Machine backup of all his data. This computer is enrolled in Jamf.

User a gets a new MacBook and wants to transfer all of his data and settings to the new computer from his Time Machine backup. Normally (before having Jamf) he would use migration assistant to transfer his data from the old to the new computer. As far as I know with jamf it would cause to mess up the MDM profile.

How do you guys handle this situation? 

After migrating the data just do a new self enrollment?

Block time machine, block migration assistant.

DLP and all that

Block time machine, block migration assistant.

DLP and all that


and then? how do I transfer all the user data and settings?

Time Machine and Migration Assistant are consumer focused tools. Most enterprise environments do not use them. If you use them that is fine, they wont cause any issues with the MDM profiles. Both the new and old device should use Automated Device Enrollment. Though I suggest moving your environment towards a model that does not save much data locally. 

 

As @jamf-42 pointed out, Time Machine and Migration Assistant are both massive DLP concerns. As I mentioned they are both consumer focused tools and Apple has no enterprise management options for them beyond out right blocking them. So a user could use migration assistant and transfer all their work data to a personal device (MDM Profiles do not migrate), and there is your data breach.

and then? how do I transfer all the user data and settings?


Things like bookmarks can be saved to cloud services (iCloud for Safari, Azure for Edge, Google for Chrome). Documents can be synced with iCloud, OneDrive, or Google Drive depending on what platform you use. For macOS itself many settings are stored in iCloud.

 

Generally speaking its best to let the user worry about configuring and reconfiguring the operating system to their personal preferences. I would not spend too much time worrying how to disable extended displays use shared spaces, putting the dock on the left side of the screen, what items go on the dock, or adjusting mouse acceleration for someone. 

If you use macOS 13.x on those Macs (Source and Target Mac), Time Machine should now skip the secured MDM Profile during restore.


I used the macOS 13.x Time Machine on a few Jamf Pro managed Apple Silicon Macs, no issues so far.


After enrolling the new Mac into Jamf Pro I used the Apple Migration Assistant and migrated the TM Backup into the newly created User on the new Mac. No issues so far.


Make sure that FileVault is turned off on both Macs during the setup, activate it once things are completed.


Make sure to test this workflow in your environment before proceeding with the customers Mac ...!

Reply


Terms & ConditionsCookie settings