Posted on 09-20-2022 01:10 PM
Hello all,
I'm a new JAMF administrator for a University employing around 3500 individuals. Had a situation pop up last week with one of our departments, and while I'm finding similar threads in the JAMF community I haven't stumbled upon one quite in the situation we are in.
We met with one of our department heads recently. The department has purchased approximately 60 new iPhones to replace 60 aging iPhones for her personnel. All are managed via JAMF Pro. Unbeknownst to us, Apple IDs were created by the department and setup on all 60 iPhones. These Apple IDs are being managed by the department head who is now finding its becoming quite tedious to manage all these Apple IDs.
We as an organization have not restricted the ability to sign in with a personal Apple ID.
I've been asked to look into if there's a way to remove the use of these 60 or so privately managed Apple IDs on the new phones that are going to be deployed. The department head though is asking if we have the ability to transfer iMessages, Contacts, and Photos from these Apple IDs that they created and transfer to the new phones. These three services / apps are a must due to the nature of their roles on campus. Simultaneously the department would like us to block the ability for their employees to then sign in with their personal Apple IDs. So again the ask is transfer iMessages, Photos, and Contacts from an Apple ID to a new phone that will not be allowed to sign in with an Apple ID.
Currently we are not using Managed Apple IDs.
I feel like there isn't going to be an easy fix on this one and maybe this is one hole that can't be dug out of. I don't believe that JAMF would have the ability here to transfer over any contacts, messages or photos and this is going to be more of an iCloud limitation. I did try some testing on a couple of iPads by signing into one with my personal Apple ID. From there I tried using Apple Configurator and took a backup. I tried restoring from backup on a different iPad but kept getting a -43 error. Thinking it might have something to do with the MDM profiles on both, I removed both MDM profiles. The same error persists.
Even if I were to successfully take a backup of an employee's phone and transfer to another, I'm thinking though as soon as I sign out of iCloud on the new phone it would take messages and photos with it. From testing it looks I'd get the option to keep Contacts at least.
At this point, I think if the department wants the history on their iMessages, Photos, and Contacts, the easiest way is to keep using the Apple IDs their department head setup. Otherwise if we looked into Managed IDs they'd essentially have to start from scratch at least from iMessages and Photos are concerned. I'm thinking we could at least import Contacts into the new Managed IDs (if we went this route).
Really looking to see how others in higher education (or large businesses) are handling these type of scenarios. Any insights / thoughts / suggestions on our current predicament would be greatly appreciated. Thanks in advance!
Posted on 09-22-2022 03:55 PM
iMazing should be able to help you transfer data from the old phone to the new one - https://imazing.com/transfer-all-data-to-any-other-iphone-or-ipad
Preventing iCloud sign in would require a configuration profile to prevent modifying account settings - but this will affect far more than just iCloud (think email, App Store, etc).