Configure your new MDM solution
Before you can link to your new mobile device management (MDM) solution, you must first configure it. After you’ve completed the configuration, you can follow the steps below.
Link your new MDM solution to Apple School Manager or Apple Business Manager
First, download an Apple Push Notification service (APNs) certificate and use it to configure your new MDM solution. Next, to link your new MDM solution to Apple School Manager or Apple Business Manager, upload your MDM solution’s certificate and then download a new content token for your new MDM solution.
For more information, see Link to a third-party MDM server in Apple School Manager or Link to a third-party MDM server in Apple Business Manager.
Re-create your enrollment and configuration profiles
You must re-create your enrollment and configuration profiles and associated payloads in your new MDM solution. Make sure specific payloads are designated for users, devices, or their associated groups. For more information, consult your new MDM solution’s documentation.
Reassign devices to your new MDM solution
In Apple School Manager or Apple Business Manager, you can assign some test devices from your existing MDM solution to your new MDM solution. After testing is successful, you can reassign the rest of your devices. You can then set the default MDM server to the new MDM solution.
If you’re migrating Mac computers to a new MDM solution
If you’re migrating Mac computers to a new MDM solution, consider the following:
Setup Assistant: Create a specific Setup Assistant payload that manages the specific Setup Assistant panes and whether the user should interact with each pane.
Bootstrap token: If you’re using a bootstrap token, make sure to set up your new MDM solution to enable this workflow. See Bootstrap token.
Activation Lock bypass codes: If your devices are activation locked, back up all the Activation Lock bypass codes before you migrate so you can reactivate devices after a reset or wipe.
FileVault recovery keys: In case you have escrowed FileVault recovery keys from your Mac computers, back them up securely to help users reset their password.
macOS user type: Migration of Mac computers to another MDM solution may require an administrator user name and password. If the macOS users are standard users and not administrators, additional assistance may be needed to help them migrate.
Packages: If necessary, macOS packages must be migrated and available to use in the new MDM solution. After the packages are available, they must be reassigned to their appropriate policies and workflows. This includes bootstrap packages that may be a part of any prestage enrollment profiles.
If the new MDM solution supports scoping
If the new MDM solution supports scoping, all scoping groups and assignments for apps, profiles, and so forth, must be mirrored in the new MDM solution.
How to handle in-house proprietary apps
Any apps created by your organization don’t have to be unassigned from the device. They can just be downloaded again to the device after it has enrolled in the new MDM solution.
Maintain your network connection
If your Wi-Fi network requires authentication and that authentication is tied to a configuration profile, users may be unable to rejoin your network to complete the migration. Make sure you re-create the appropriate network access certificates and payloads so devices can reconnect and enroll in the new MDM solution.
If you’re going to use your network to migrate, consider the potential load on each access point. You may want to consider migration in groups to lessen the load on your network.
If you’re erasing devices that use an eSIM, make sure you turn on “Preserve Data Plan” in the MDM Remote Wipe command.