Posted on 03-14-2023 11:44 AM
We have good number of mac clients in Intune and Munki, what is the best way to migrate those mac clients in JAMF Pro without interrupting end user?
Posted on 03-14-2023 01:33 PM
I'm not sure there is a non disruptive way to migrate them. Macs these days get enrolled manually, meaning they accept an invitation to enroll and/or navigate to the enrollment page and install the MDM profile (requires admin privs), or they are automatically enrolled with Apple Device Enrollment, what used to be called DEP. The latter one can only happen when a device is wiped or reset in some fashion, which is going to be more disruptive than someone logging into an enrollment page.
There is no longer a "silent" way to enroll Macs. There was, some years back when it was still possible to enroll using a QuickAdd.pkg in conjunction with a product like ARD, but those days are gone.
Wish there was a better answer, but such a migration will involve a bit of manual hand holding most likely.
Posted on 03-15-2023 04:40 AM
There is not really a way to "migrate" between MDM solutions as apple has no provisions built in the MDM work flow for this. The only way to get full management over a device is to use Automate Device Enrollment which requires the device to be wiped. Any ways to enroll a device without user involvement (beyond Automated Device Enrollment) are log gone, this is all a very user involved process now.
Understanding Device Enrollment — Deployment and Management Tutorials | Apple Training
Posted on 03-15-2023 05:44 AM
So you want to mean, we need to manually unenroll it from Intune or Munki and need to enroll in JAMF manually hitting the JAMF URL(UIE)?
Posted on 03-15-2023 10:29 AM
Yes, exactly. They need to be enrolled by navigating to the User Initiated Enrollment page and following the steps there, or if they are in ABM/ASM, they can be assigned to your Jamf Pro server and wiped and auto enrolled. That's pretty much all you have as far as options now.
Posted on 03-15-2023 10:34 AM
If I send email invitation to end user through JAMF(Via SMTP) and informed end user to click on the link they received then it can work smoothly? I want to avoid too much load on desk side.
Posted on 03-15-2023 10:37 AM
If you do that you need to manually release the devices from the old MDM. This would also be user enrollment so you wont be able to force OS updates, or prevent the removal of the MDM Profile among many other functions. Generally speaking user enrollments should only be used for BYOD situations.
Posted on 03-15-2023 10:43 AM
Make sense, so it is a conclusion that, if there is cross platform like others to JAMF then no way to avoid end user interrupt. But one JAMF to another ReEnroller can help for existing mac devices.