Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
When Apple releases a new operating system for macOS and iOS, it’s an excellent time to evaluate if your current management solution meets your needs. Device management systems are the critical solution in your Apple deployment and play a vital role in ensuring that all devices, whether company-owned or BYOD, are secure, compliant, and easily managed. During an evaluation, there may come a time when your organization needs to migrate to a new MDM solution. This can be a challenging task, but with careful planning and execution, it can be done fairly smoothly.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Preparation
The first step in any MDM migration involves extensive preparation. Before proceeding with the actual cutoff, it’s essential to document your current MDM setup. This documentation should include everything from the existing configurations, policies, and profiles to the devices currently managed by your MDM. Understanding the landscape of your current MDM environment will provide a clear roadmap for what needs to be migrated and how.
Next, gather all necessary credentials, certificates, and keys for the migration. These are the building blocks of your new MDM environment, and having them ready will prevent delays. Additionally, key stakeholders should be involved early in the process. This includes IT, security, network teams, and even end-users affected by the migration. Their insights and buy-in will be crucial for a seamless transition.
Configuring your new device management solution
Once you’ve laid the groundwork, it’s time to set up your new device management solution. This process starts with configuring the Apple Push Notification Service certificate. This certificate is critical as it enables secure communication between your devices and the device management server.
After setting up the APNs, link your new device management solution to Apple School Manager or Apple Business Manager. These platforms are the backbone of managing Apple devices, making it easier to deploy apps, books, and settings to them. With ABM and ASM in place, everything else is more straightforward.
You’ll also need to recreate your enrollment and configuration profiles. These profiles define how devices are set up and managed, so ensuring they align with your organization’s policies and needs is essential. Reviewing and optimizing these profiles is an excellent opportunity if you’re migrating from a previous device management system.
Finally, ensure your network is configured correctly to support the new device management solution. This includes checking firewall settings, DNS configurations, and any proxies that may affect device communication.
Reenrolling devices
With your new MDM solution configured, the next step is to reenroll your devices. The re-enrollment process will vary depending on the type of device and how it was initially enrolled.
For devices enrolled through Automated Device Enrollment, the process generally involves erasing the device and reenrolling it through the Setup Assistant. While this may sound drastic, it ensures the device is enrolled correctly and compliant with your new MDM policies.
Macs enrolled via ADE can often be reenrolled using a simple terminal command, provided they are part of Apple School Manager or Apple Business Manager. This is a more streamlined process, but ensuring that all necessary configurations are applied during enrollment is still crucial.
For devices enrolled through Device Enrollment that have removable device management profiles, the process involves manually removing the old profile and reenrolling the device with the new one. If the profile is non-removable, the device must be erased before re-enrollment.
Apple TVs require manual re-enrollment by entering the enrollment profile URL after removing the previous MDM profile. While this might require more hands-on time, it’s straightforward and ensures that the Apple TV fully works with your new device management environment.
Testing and final adjustments
After enrollment, testing the devices to ensure they function as expected under the new MDM solution is critical (trust, but verify). This includes verifying that all policies are correctly applied, apps are deployed, and devices can communicate with the device management server without issues.
It’s also wise to gather feedback from users and company leaders at this stage. They can provide valuable information about any issues that might have been overlooked and help ensure the transition is smooth for everyone involved. A good example is having a beta test group first or putting out a survey immediately afterward.
Wrap up
Migrating to a new device management solution may seem nearly impossible at first. Still, with careful planning and execution, it can be a smooth and beneficial process for your company if you move to a solution that provides a better product. By documenting your current environment, configuring the new device management properly, and ensuring that all devices are correctly reenrolled, you can maintain the security and manageability of your devices while taking advantage of your new device management solution’s capabilities. Preparation, communication, and thorough testing are critical to a successful device management migration. With these steps, your organization can easily transition to a new device management solution.
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
FTC: We use income earning auto affiliate links. More.
Comments