Posted on 05-17-2023 01:21 AM
How are you guys handling this situation
User a has a Macbook and creates Time Machine backup of all his data. This computer is enrolled in Jamf.
User a gets a new MacBook and wants to transfer all of his data and settings to the new computer from his Time Machine backup. Normally (before having Jamf) he would use migration assistant to transfer his data from the old to the new computer. As far as I know with jamf it would cause to mess up the MDM profile.
How do you guys handle this situation?
After migrating the data just do a new self enrollment?
Posted on 05-17-2023 01:32 AM
Block time machine, block migration assistant.
DLP and all that
Posted on 05-17-2023 01:36 AM
and then? how do I transfer all the user data and settings?
Posted on 05-17-2023 04:37 AM
Things like bookmarks can be saved to cloud services (iCloud for Safari, Azure for Edge, Google for Chrome). Documents can be synced with iCloud, OneDrive, or Google Drive depending on what platform you use. For macOS itself many settings are stored in iCloud.
Generally speaking its best to let the user worry about configuring and reconfiguring the operating system to their personal preferences. I would not spend too much time worrying how to disable extended displays use shared spaces, putting the dock on the left side of the screen, what items go on the dock, or adjusting mouse acceleration for someone.
Posted on 05-17-2023 04:32 AM
Time Machine and Migration Assistant are consumer focused tools. Most enterprise environments do not use them. If you use them that is fine, they wont cause any issues with the MDM profiles. Both the new and old device should use Automated Device Enrollment. Though I suggest moving your environment towards a model that does not save much data locally.
As @jamf-42 pointed out, Time Machine and Migration Assistant are both massive DLP concerns. As I mentioned they are both consumer focused tools and Apple has no enterprise management options for them beyond out right blocking them. So a user could use migration assistant and transfer all their work data to a personal device (MDM Profiles do not migrate), and there is your data breach.
Posted on 12-18-2023 08:02 AM
If you use macOS 13.x on those Macs (Source and Target Mac), Time Machine should now skip the secured MDM Profile during restore.
I used the macOS 13.x Time Machine on a few Jamf Pro managed Apple Silicon Macs, no issues so far.
After enrolling the new Mac into Jamf Pro I used the Apple Migration Assistant and migrated the TM Backup into the newly created User on the new Mac. No issues so far.
Make sure that FileVault is turned off on both Macs during the setup, activate it once things are completed.
Make sure to test this workflow in your environment before proceeding with the customers Mac ...!