Phillipp Pinkernelle, IT Technology Consultant at SAP, had a problem: he had to move 80,000 devices to a new mobile device management (MDM). And it had to happen as smoothly and quickly as possible.
His initial situation was fairly grim:
- iOS devices managed by SAP’s own MDM solution
- ~ 50 in-house applications to empower users to work mobile
- No Device Enrollment Program or Volume Purchase Program: manual enrollment for every device
17,000 Macs already managed by Jamf Pro but needed to move the rest to Jamf Pro, as well.
Here's how SAP did it
- Self-developed migration tool as part of an app
- Very simple
- What happens: Send de-enrollment command to old MDM system (with deletion), save list of apps in group keychain, forward user to enrollment page of Jamf Pro
Starting with Jamf (again)
All new devices use Apple Business Manager (formerly Apple’s Device Enrollment Program). The migration process started in February 2019. SAP communicated to end users through blog posts and emails to keep them apprised throughout the migration to Jamf Pro. By July, 84,000 iOS devices had been migrated to Jamf Pro, and SAP plans to officially shut down their old MDM solution server in August.
Lessons learned with the migration
Pinkernelle said mistakes in configuration could be fatal so test everything in a test instance. Plus, ensure all new operating systems versions will work immediately. He also stressed to leverage Apple Business Manager so users (remote and onsite) can unwrap their new device and become productive immediately.
To make everything even more seamless, SAP uses the ADCS connector to issue certificates to devices.
Jamf Pro server communicates with the ADCS connector then to ADCS. This will issue the certificates and sends back to Jamf.
As an update: SAP now manages 105,000 devices with Jamf! But their JNUC is not done yet, check back tomorrow for a recap of their MDM: From Nice-to-Have to Necessity session.