User profile for user: FabianMay
FabianMay Author
User level: Level 1
4 points

MDM migration to Microsoft Intune

Hello everyone!


I'm currently planning the migration of my company's devices from Sophos Mobile to Microsoft Intune.

The problem is that we want to perform a "clean ADE" but also restore the user data while doing so..

I've already started another community discussion that points to a solution with the iMazing Configurator software. This question is about another idea that came across my mind...


The step-by-step guide for the migration would be like this:


  • Remove the device from the old MDM solution (un-enroll, remove management profile, remove managed apps)
  • Reassign the devices in the Apple Business Manager (from old to new MDM)
  • Add the serial number as a corporate identifier in Intune
  • Enroll the device using the Intune Company Portal (device is detected as "corporate owned" due to the step before)
  • After enrollment is finished, create a new backup that includes the new management profile, certificates etc.
  • Reset the device (remove all settings/content)
  • Enroll the device using ADE and restore the newest backup


The result should be a device that is fully supervised (all the management commands of Intune working) and still has the user data from the backup. Only the managed apps were lost when removing the old management profile.


Do I miss something? Is this something anyone has tested yet or can approve it's a good idea?

Posted on Jun 30, 2023 6:31 AM

Reply

Similar questions

3 replies
User profile for user: celliott147
celliott147
User level: Level 6
12,049 points

Apr 2, 2024 7:23 AM in response to FabianMay

Unfortunately, MDM is embedded into the backup. If you remove MDM and restore from a backup, the device will not be managed. If you back up with the old MDM, when you restore from the backup, it will be pointing to the old MDM.


Back up as much as possible to your enterprise cloud storage, then nuke and pave and set up as a new device. Then restore what you could from cloud storage. Unfortunately, personal settings and such will not transfer successfully.


MDM is embedded into the backup for security reasons.

Reply
User profile for user: Ljenks
Ljenks
User level: Level 1
8 points

Apr 2, 2024 12:15 PM in response to celliott147

Thank you for your assistance, kind mentors!

Question from a newbie trying to learn from a firehose . . .


You said "nuke and pave". . . .

And that got me thinking.

What does "pave" mean in that context? Or is it just colloquial?


I am trying to back up my data and then clean my devices (MacBook, 2 Windows computers, iPhone, iPad, Android-based burner phone to use when my "Hal" renders it useless) as thoroughly as possible before activating as if new, with a new Apple ID, email address, etc. due to a breach that led to infections throughout my Microsoft software and cloud, turning my devices into, at one point Google-based managed devices, and then Amazon-based managed devices.

Their crap is imbedded in much of the content andLibrary associated with this Apple ID (they use fonts, languages, and CSS files, Visual Basic hidden in Excel files, archived texts and emails with links, SmartTVs, my Audi via CarPlay, NFC, hidden Wifi, and more I'm sure I haven't found), which would mean the files in my Time Machine backups. And I don't have any old enough because it's been going on for too long.


Thus, I want to create redundant backups to access in the future, to get to necessary data, contacts, taxes, and (hopefully) prosecution evidence.


Questions:

  1. Is it an appropriate assumption that Time Machine itself is corrupted if the rest of my system is? So that, even if I never touch the Bad Actor files, merely keeping the Time Machine backup introduces risk. (I no longer know what's real and what's corrupt, which is why I haven't come to this forum for solutions. . . . )
  2. What forms of alternative backup would you recommend?
  3. Do you happen to know if Apple Support will/can set aside a backup of my cloud? I have assumed they can, which is why haven't turned on the Vault. I have difficulties getting a Sr Advisor to believe that I've been compromised, and I am not in the mood today to go through the 20 degrading minutes (my stalker messes with my microphone and I've had issues with Apple Tech support thinking I've hung up) before I can convince them each time.)
  4. Lastly, My Documents, Downloads, and Desktop folders are not listed under my User name on my Hard Drive in Finder, only under iCloud Drive in the sidebar. Is this normal? (I have assumed that is how iCloud knows what to backup) Where should I find them in Finder?


I would enclose screenshots, but I currently am not able to insert them here with the button or drag them over. And when I try to add text in the typical tool at the bottom, I get a "try back later" error message.

Safari is running a Marcom Search Event, decorator.js, and navigator.serviceworker.ready in the background just fine (from web inspector console).


Thank you!

Reply

MDM migration to Microsoft Intune

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up