You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

User profile for user: Ayekeelu
Ayekeelu Author
User level: Level 1
4 points

Moving devices for 1 ABM to another

My client is splitting their organisation in two, with each being a separate legal entity and as such will be creating a new ABM/MDM solution for the new Organisation and migrating all relevant/corresponding assets over.


All their Apple devices currently live in the "old" ABM/MDM. How best would it be to migrate them over to the new ABM/MDM?


Some reading has led me to believe this is a nightmare of a process which has to be carried out (with substantial time lapses) by Apple directly

iPhone 13

Posted on Nov 13, 2024 7:38 AM

Reply
2 replies
User profile for user: Strontium90
Strontium90
User level: Level 5
5,055 points

Nov 14, 2024 10:53 AM in response to Ayekeelu

Who did you buy the devices from? Remember, the original reseller is a link in the chain of custody. Devices can be withdrawn and reassigned by the reseller. The key is providing the reseller with the Organization ID of both ABM tenants and ensuring that the Reseller ID is added to both tenants (Apple customer number if buying direct).


If you have a competent reseller, this can be done in a day. We handle this for clients all the time. There is always a spinoff, purchase, merger, divestiture, etc. We simply get a list of impacted serials, pull them from the original ABM and assign them to the new one. This can be done while the devices are still managed by the original MDM. By moving the units to the new ABM, a new MDM can be setup, tested and validated. Now the original MDM can issue an unenroll to drop the units from management in original MDM. Then a simple profiles command will trigger the unit to enroll into the new MDM. There are gotchas. For example, you should decrypt the drives and then apply a new FileVault policy from the new MDM so you can escrow the new key.


My favorite way of doing this is to create a self service item in the original MDM. The user simply clicks a button to start the process. The policy executes a script that will do an API call to the original MDM and ask it to send the device an unenroll command. This drops the unit from management and removes all profiles. Now, if you have stuff whitelisted, like system extensions, the user will be flooded with dialog boxes. Resist the urge to click. The script goes to sleep to make sure the unenroll is complete. Then it wakes and triggers the profiles command to trigger a DEP enrollment without erasing the unit. Now you have a supervised device without erasing and starting over.


Don't give up. This can be done and done very efficiently. And you can preserve workflows with minimal impact to user devices/data.


Hope this helps.


Oh, just realized this was in the iPhone channel. You will need to erase the devices. The profiles command is only viable on Macs. So scratch that above. Just issue an erase from the original MDM and then when the device reboots it will reenroll in the new MDM. Macs are so much more fun to work with. The ability to move assets is the same regardless of device type.

Reply

Moving devices for 1 ABM to another

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up