Help

MDM Server - Device Migration from one MDM server to Another

Go to solution
rv019
New Contributor II

Posted on ‎01-12-2024 05:33 AM

Situation: In Apple Business Manager we have two MDM server settings. We want to migrate our Mac laptops from the America MDM profile to the India MDM profile. What is the best approach for this?

According to me first change the MDM setting from America to India in Apple Business Manager then reset the device and enroll the device again. Or do we have any other way of doing it?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor III

Posted on ‎01-12-2024 05:59 AM

We recently migrated MDM's. The wipe and load approach is far more efficient. In a perfect world it only takes about 10 minutes to unenroll and reenroll a device without wiping. In practice it takes anywhere from 1-3hrs per device with all the things that can go wrong, assuming you have a competent user and is very hands on. The wipe and load for Apple Silicon takes about 5-10 minutes and is basically impossible to screw up. Intel takes a bit longer due to how the reinstall workflow functions.

 

If you want the process to be hands off and not require the users to have admin access.

  • In ABM assign the devices to the MDM server you prefer.
  • Issue a remote wipe command from your existing server.
  • Devices will automatically enroll in your preferred server.

If you don't want to wipe the devices.

  • Users will need to be admins, or someone with access to the local admin account will need to be desk side.
  • You will issue the command to remove the MDM Profile.
    • In JAMFs case the MDM framework should also be removed, which is a terminal command you run after the MDM profile is removed.
  • The users will need to acquire a new MDM Configuration Profile, and manually install. (requires admin access)
  • If you want to maintain full management options over the device, you will need to perform an enrollment state change as the device did not enroll with Automated Device Enrollment.

 

Apples training on this is linked here.

https://it-training.apple.com/tutorials/apt-deployment 

View solution in original post

Reply
2 REPLIES 2

Go to solution
AJPinto
Honored Contributor III

Posted on ‎01-12-2024 05:59 AM

We recently migrated MDM's. The wipe and load approach is far more efficient. In a perfect world it only takes about 10 minutes to unenroll and reenroll a device without wiping. In practice it takes anywhere from 1-3hrs per device with all the things that can go wrong, assuming you have a competent user and is very hands on. The wipe and load for Apple Silicon takes about 5-10 minutes and is basically impossible to screw up. Intel takes a bit longer due to how the reinstall workflow functions.

 

If you want the process to be hands off and not require the users to have admin access.

  • In ABM assign the devices to the MDM server you prefer.
  • Issue a remote wipe command from your existing server.
  • Devices will automatically enroll in your preferred server.

If you don't want to wipe the devices.

  • Users will need to be admins, or someone with access to the local admin account will need to be desk side.
  • You will issue the command to remove the MDM Profile.
    • In JAMFs case the MDM framework should also be removed, which is a terminal command you run after the MDM profile is removed.
  • The users will need to acquire a new MDM Configuration Profile, and manually install. (requires admin access)
  • If you want to maintain full management options over the device, you will need to perform an enrollment state change as the device did not enroll with Automated Device Enrollment.

 

Apples training on this is linked here.

https://it-training.apple.com/tutorials/apt-deployment 

Reply

Go to solution
rv019
New Contributor II

Posted on ‎01-12-2024 08:39 AM

Thanks for your reply.

The first option is much better. I tried to do it using script and all but did not go through.

0 Kudos
Reply