Business, education and life all seem to run online. As newer technologies emerge that turn complex processes and practices into simpler workflows, users choose to rely more and more on their devices to make life easier.
This increased usage results in greater reliance on devices. With that comes, of course, additional challenges. When managing devices, admins must ensure that their configurations and baseline security requirements secure devices, users and data. Adding to the challenge is the rise in distributed workforces, the critical nature of upholding user privacy and the increased user demand for using personally-owned devices at work. With all of that, the waters are a whole lot murkier.
But they don’t have to be. After all, that’s the beauty of the MDM model — it allows organizations to effectively extend security and management to all endpoints that access enterprise resources. The key is finding the right device management solution that meets the unique requirements of your organization and grows to meet changing requirements and evolving technologies.
But what happens when your provider doesn’t offer the type of support you require? What options, if any, are available to migrate your existing fleet? And how will that impact your business?
Rest assured, I'll answer all of these questions here.
Why would organizations change providers?
“Because one of these things is not like the others.” — Taylor Swift
Many companies use an MDM solution to manage their end-user devices. However, changing requirements and new technologies can trigger a change in providers. Another important reason for the change is support or lack thereof. Let’s take Apple for example. They design their devices to adhere to frameworks that govern security and privacy, among others. These frameworks act as blueprints for developers to let them know how to best implement security and privacy practices into the apps they create and run on Apple hardware. Doing so ensures that hardware, software, users and data are all protected from issues that might otherwise compromise security and privacy.
Apple integrates security and privacy into its overall design philosophy and, as such, prioritizes them within its frameworks for developers to adhere to. When Apple announces a new feature, it too is baked into its frameworks and made available to MDM providers. This allows them to support the newest security feature within their respective MDM solutions.
However, while a few provide true same-day support of Apple’s latest and greatest, some do not. This delay impacts any organizations that rely on the newest security and privacy protections to stay protected against ever-evolving threats. Because these MDMs don't support these features yet, this prevents organizations from deploying these critical protections.
The result? Impacted organizations must make the difficult decision to delay the deployment of the latest patches —leaving devices and, by extension, their infrastructure— vulnerable to risk.
Another solution is to minimize risk factors by migrating to a solution that does meet your organizational needs. While there are challenges inherent to migrating from one solution to the other, organizations are best served when taking a risk assessment approach to determine if the challenges to migration exceed the risks of being unable to mitigate threats in a timely manner.
What challenges make migrations difficult?
First and foremost, one of if not the greatest challenges is the impact on productivity. Tied closely to the first is time. Both productivity and time are impacted directly by the downtime required to get each device migrated, multiplying that by the total number of devices to migrate. The larger the number, the greater the time that is displaced to complete the project.
Regarding downtime, typically devices enrolled in one MDM solution require these devices to be wiped and reenrolled within the new MDM solution. While the re-enrollment process itself isn’t terribly time-consuming, other factors such as:
- the size of your IT staff
- employee location: onsite vs remote
- data backup and restoration
- device reprovisioning
- types of devices being migrated
all play a significant role in determining the level of impact that downtime affecting your users during the migration process. Consider these to be on a sliding scale of sorts. A large IT staff managing centralized, on-site employee devices that are the same model MacBook Pro laptop, without the need to physically back up or restore data, may be able to handle this. A large staff and identical devices will result in decidedly less of an impact on project time than if your organization has no dedicated IT staff or employees work remotely, for example. This will cause downtime to grow disproportionately.
While the hurdles for changing MDM providers have historically appeared to be high, they don't have to be…
Migrations as easy as 1-2-3
Jamf has developed an elegant solution that solves migration challenges by streamlining the process to:
- eliminate administrative headaches
- minimize the impact on end users
- automate migration workflows
What manner of wizardry do we speak of? Nay, ‘tis not wizardry, but merely a workflow that allows administrators to “work smarter — not harder.” This workflow performs the necessary commands on devices managed by another MDM provider that:
- copies files necessary to automate migration
- uninstalls the old management profile
- installs the Jamf Pro management profile
- renews encryption password (if FileVault is enabled)
- performs clean-up processes
When executed as a management command, the workflow will query the device and determine what resources are needed. These will deploy from your origin MDM and, once downloaded, execute on-device. A wizard will display that runs through each step of the process, such as the removal of the old management profile.
Next, the Jamf Pro management profile will install. For devices with FileVault currently enabled, the next step will prompt the device to renew the encryption key so that it may be stored securely in Jamf Pro’s database (this also makes it a breeze to retrieve in the event that users lock themselves out of their Mac). It is recommended that users be logged onto their Macs, as they will be prompted to enter their credentials during this phase and granted access to unlock FileVault upon authenticating.
Last, the final step performs some basic housekeeping to remove any files and scripts used during the migration process.
The workflow can be started at a time that works best and completes in a few minutes. The best part? The migration process doesn’t require wiping devices or backing user data prior to re-enrollment. Just a few minutes per device —over any network connection— is all that’s required to seamlessly migrate from your previous MDM provider to Jamf Pro.
1. Simple configuration
Regardless of your existing MDM provider, a few minor configurations are necessary to prepare it to deploy the files that will kick off the migration process across your entire macOS fleet.
2. Jamf Migrate
The secret sauce, if you will. Jamf Migrate is a lightweight package that is configured and uploaded to your existing MDM provider. It is this package that then deploys to your devices and begins the migration process. It orchestrates each phase of migration, ensuring that the next process doesn’t execute until the previous one is complete.
3. There is no step #3.
That’s it! Once Jamf Migrate completes its workflow, your devices will have removed the previous management profile and been successfully enrolled into Jamf Pro. Congratulations, the migration project is now complete. Future management workflows can be found within the easy yet powerful Jamf Pro administrator’s console.
Ready to migrate to the best-of-breed Apple management solution?
Contact Jamf or your preferred reseller today to schedule support for your migration project.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.