What are you guys doing to cut costs?
Sit in any room full of CEOs, investors, or executives, and you are bound to hear the conversation steer toward how to best conserve capital. The current macroeconomic climate is motivating organizational leaders and regular folks alike to reexamine their budgets.
There are many ways for small to medium-sized enterprises (SMEs) to curb spending, but one of the easiest avenues is tool consolidation. Instead of licensing 10 different point solutions, why not incorporate them into three or four multi-purpose platforms?
The ̽»¨´óÉñ Platform Directory unifies IT stacks under one pane of glass, merging directory management and mobile device management (MDM), among other capabilities. The result? A frictionless admin experience that saves time, energy, and money.Â
MDM Migration: Apple Business Manager to ̽»¨´óÉñ
There has never been a better time to migrate from a single-point MDM to a multi-purpose IT management platform like ̽»¨´óÉñ.
There are several reasons for MDM migration, but it primarily comes down to a) wanting to conserve resources and b) wanting a better user experience than the current MDM provides.
Regardless of the motivation, MDM migrations often instigate compatibility issues, end-user resistance, and other complexities for admins to sidestep. This article will outline an Apple MDM migration strategy to ensure a smooth outcome, whether the devices are enrolled through regular device enrollment or automated device enrollment (ADE).
Are you currently relying on Apple Business Manager for your MDM needs? The remainder of this article will walk through the process of an Apple MDM migration.
1. Choose Your New MDM
Your device migration strategy not only depends on the new MDM but also on your current one. Take note of what you dislike about your existing MDM and make a wish list of what you’d like in your new MDM.
It’s worth considering what needs you need to fulfill in addition to Mac management before switching vendors. Although you can select a single-purpose MDM solution, comprehensive platforms exist to meet more of your identity and access management needs along with device management.
Things to consider when choosing a new MDM solution include:
Cost Considerations
A point MDM solution will likely be more expensive than an integrated solution. Case in point, many Apple-focused MDMs charge by the device, whereas a cloud identity management platform will charge by user and give you multiple devices per user.
̽»¨´óÉñ gives you four devices included with its per-user charge. It’s worth assessing whether you’ll use enough of a single-purpose MDM’s feature set to justify the price.
Capability Considerations
A point Apple-only MDM solution likely has the deepest feature set for macOS devices, while a solution with MDM as just one of its capabilities will meet a broader set of needs in your organization — such as identity management and Windows and Linux device management.
For heterogeneous work environments, it’s important to adopt an integrated MDM solution that can onboard devices on other operating systems besides Apple.
Zero-Touch Enrollment
You can also establish a zero-touch enrollment workflow with Apple Business Manager or Apple School Manager to automatically enroll new machines in ̽»¨´óÉñ MDM, as well as install the ̽»¨´óÉñ agent on them. The agent is used to propagate a user’s core identity to their machine and other device and identity management tasks.
Other Considerations
You may also prioritize features like:
- One-click migration policies that enable the speedy enrollment of new machines.
- Customer support programs with proven track records of success.
- Baked-in policies for configuring machine settings such as enforcing full disk encryption, prohibiting removable storage devices, and modifying local firewalls.
Ensure you choose an MDM solution that addresses the seven most common challenges of mobile device management. With solutions for Apple MDM, Windows MDM, and Linux MDM, ̽»¨´óÉñ allows admins to implement cross-platform MDM that keeps all their devices secure. For the remainder of this article, we’ll assume you chose ̽»¨´óÉñ for MDM.
2. Establish a Connection Between Apple and ̽»¨´óÉñ
Configure ̽»¨´óÉñ as a mobile device management (MDM) server by establishing a secure connection between Apple and ̽»¨´óÉñ using certificate-based authentication. Use a push certificate to establish that secure connection between ̽»¨´óÉñ and Apple Push Notification Service (APNs). You’ll need an Apple ID and password to do this.
To configure MDM complete the following steps:
Log in to the and go to Device Management > MDM. On the MDM homepage, click Configure MDM:
Under Download Your CSR, click Download and save the file:
Click Go to Apple and log in to the:
Click Create A Certificate:
Upload your ̽»¨´óÉñ CSR, then click Continue:
Click Download to download the new certificate (for example, MDM_̽»¨´óÉñ_certificate.pem). Then, in the ̽»¨´óÉñ Admin Portal, under Upload MDM Push Certificate on the Set-Up Apple MDM Certificate page, click Browse to find the Apple Push Certificate or drag and drop the file:
Finally, click Complete Setup.
A message on the MDM Home tab indicates that MDM is configured. As you can see, forging a connection between Apple and ̽»¨´óÉñ is easy peasy.
about establishing a secure connection between Apple and ̽»¨´óÉñ.
3. Choose an Enrollment Method
After you have configured ̽»¨´óÉñ’s mobile device management (MDM) server, you can enroll your macOS, iOS, and iPadOS devices in MDM. ̽»¨´óÉñ MDM lets you securely and remotely configure your organization’s devices and update software and device settings.
Below are your options for enrolling company-owned and bring-your-own (BYOD) Apple devices:
- Apple’s Automated Device Enrollment (ADE): You can only use this method for company-owned Apple devices. The device must be added to your (ABM) or (ASM) account.
- Regular Device Enrollment: For company-owned Apple devices that haven’t been added to either ABM or ASM, you’ll have to use the regular device enrollment.
- User Approval: This method is for enrolling personal iOS and iPadOS devices used to access company resources in the ̽»¨´óÉñ MDM. These devices must be running iOS 13 or later, and are owned by the user and enrolled by the user.
about Apple and ̽»¨´óÉñ MDM integration.
It’s worth emphasizing that ̽»¨´óÉñ has a you can apply to ̽»¨´óÉñ-managed macOS devices. This feature allows you to enroll your devices in bulk.
When you apply the policy, you have the option of checking a box that removes the existing non-̽»¨´óÉñ MDM enrollment profile and automatically un-enrolls them from their last MDM. You can also use this policy to enroll new machines quickly.
Unfortunately, organizations using automatic device enrollment can’t yet take advantage of ̽»¨´óÉñ’s one-click migration feature. Devices with removable enrollment profiles can take advantage of the feature. But if the profile is non-removable, unenrollment must originate from their current MDM.
For ADE-enrolled machines, you instead need to go through Apple Business/School Manager and switch the association of their serial numbers to the new MDM server. See for more information on configuring ̽»¨´óÉñ MDM in ABM/ASM.
̽»¨´óÉñ Makes MDM Migration Easy
After you have configured, enrolled, and deployed your Apple devices, you’re MDM migration is complete. You can now remotely and securely implement policies and execute commands.
Use ̽»¨´óÉñ’s ready-to-use policies to securely and remotely manage devices in your organization or to distribute specialized payloads and restrictions. Some of the commands you can execute include lock, restart, shut down, erase, and unenroll.
With ̽»¨´óÉñ, Apple MDM is just one of the features to help you securely manage identities, access, and devices.
