The need to migrate your fleet of Macs to a new Mobile Device Management (MDM) server can be a daunting process. Fears of potential disruption for your users, computers falling out of management, losing connection to company resources – it’s enough to make even the savviest IT admins think twice about the undertaking.
In the JNUC session The Old Switcheroo: macOS MDM migrations, presenter Andrew Needham, Senior Professional Services Engineer, Jamf, discusses how Jamf Migrate for macOS simplifies and secures the process of migrating to Jamf Pro from another MDM server.
A specialist in macOS MDM device migrations, Needham shares firsthand knowledge about how best to support customers to successfully navigate the process.
What is a device migration and why do you need to a specific workflow to do it?
When you use MDM to manage and maintain your fleet, it is the configuration profile of your MDM that establishes trust with a device.
And when it comes to MDM profiles Needham says, “It’s Highlander rules, ‘There can be only one’.” In other words, you can’t have more than one MDM profile on the device at the same time.
You will need to remove the existing MDM profile from the device before you can install a new MDM and establish new trust with the new destination server.
To address this issue, Jamf developed a workflow we call Jamf Migrate.
Details of this workflow include:
- Requires engagement of Jamf’s Professional Services team to deliver
- Used for macOS* to migrate to Jamf Pro
- macOS Big Sur or newer
- Source MDM needs to be able to deliver custom configuration profiles and packages
*Another workflow is available for migration of iOS.
Why do we need device migrations?
There are many situations when an organization might want to move MDM servers without having to wipe devices. Some of the possible reasons for an MDM migration include:
- New Jamf Pro customer
- Business acquisitions
- MDM server name change – a re-enrollment would be considered a migration
- Organizational change
- On-prem to Jamf Cloud – if unable to do a redirect need to migrate
Needham noted that in macOS Catalina and prior, IT admins could use QuickAdd packages to programmatically install an MDM profile and allow users to complete user-approved MDM.
Since the release of macOS Big Sur, this is no longer an option. Starting with macOS 11.0, this tool cannot be used to install configuration profiles. The intention was to make the process more secure and prevent accidental installations.
But an unassisted migration workflow risks many potential threats, from a user having to navigate a complex user workflow, to data loss, loss of productivity, user distrust, or the loss of management entirely.
The Jamf Migrate workflow was designed to address these issues.
Benefits of using Jamf Migrate workflow
Organizations working with Jamf Professional Services to migrate their MDM enjoy improved:
- Deployment – Scalable setup and deployment with custom configuration profiles and packages
- Customization – Easy to customize behavior and branding, support for multiple languages
- User experience – Minimal disruption, multiple deployment options, easy to follow
- Security – Built from the ground up to be a secure workflow, visibility of devices throughout process
How to plan and deliver your migration
Needham breaks down the migration process into five phases:
He revealed that most of the work is not during the migration itself, but in the preparation, communication, testing and follow-up stages. The most important factor: communication.
Discussing an example migration timeline, Needham showed that the phases may overlap or run in parallel. Perhaps surprisingly, the number of devices doesn’t greatly impact the time frame. Organizational factors have a much greater impact, such as efficacy of communications, relationship with users, buy-in from leadership and engagement with other stakeholders.
For a much more in-depth discussion of how to plan and deliver a migration, including a case study of a successful organizational migration, check out the full session online.
Register for JNUC to access this session as well as others on demand.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.