Jamf and restore of Time Machine backup

Maclife
New Contributor III

How are you guys handling this situation 

User a has a Macbook and creates Time Machine backup of all his data. This computer is enrolled in Jamf.

User a gets a new MacBook and wants to transfer all of his data and settings to the new computer from his Time Machine backup. Normally (before having Jamf) he would use migration assistant to transfer his data from the old to the new computer. As far as I know with jamf it would cause to mess up the MDM profile.

How do you guys handle this situation? 

After migrating the data just do a new self enrollment?

5 REPLIES 5

jamf-42
Valued Contributor II

Block time machine, block migration assistant.

DLP and all that

Maclife
New Contributor III

and then? how do I transfer all the user data and settings?

AJPinto
Honored Contributor III

Things like bookmarks can be saved to cloud services (iCloud for Safari, Azure for Edge, Google for Chrome). Documents can be synced with iCloud, OneDrive, or Google Drive depending on what platform you use. For macOS itself many settings are stored in iCloud.

 

Generally speaking its best to let the user worry about configuring and reconfiguring the operating system to their personal preferences. I would not spend too much time worrying how to disable extended displays use shared spaces, putting the dock on the left side of the screen, what items go on the dock, or adjusting mouse acceleration for someone. 

AJPinto
Honored Contributor III

Time Machine and Migration Assistant are consumer focused tools. Most enterprise environments do not use them. If you use them that is fine, they wont cause any issues with the MDM profiles. Both the new and old device should use Automated Device Enrollment. Though I suggest moving your environment towards a model that does not save much data locally. 

 

As @jamf-42 pointed out, Time Machine and Migration Assistant are both massive DLP concerns. As I mentioned they are both consumer focused tools and Apple has no enterprise management options for them beyond out right blocking them. So a user could use migration assistant and transfer all their work data to a personal device (MDM Profiles do not migrate), and there is your data breach.

JevermannNG
Contributor II

If you use macOS 13.x on those Macs (Source and Target Mac), Time Machine should now skip the secured MDM Profile during restore.

I used the macOS 13.x Time Machine on a few Jamf Pro managed Apple Silicon Macs, no issues so far.

After enrolling the new Mac into Jamf Pro I used the Apple Migration Assistant and migrated the TM Backup into the newly created User on the new Mac. No issues so far.

Make sure that FileVault is turned off on both Macs during the setup, activate it once things are completed.

Make sure to test this workflow in your environment before proceeding with the customers Mac ...!