Category filter
How to migrate iOS devices from another MDM to Hexnode?
Executing a smooth ios migration requires a clear action plan to ensure user data remains safe and devices stay compliant. This guide organizes the transition into four logical phases: Preparation, Ecosystem Configuration, User Integration, and Execution.
Phase 1: Preparation & Backup
Before initiating the migration, ensure you have a fallback plan.
- Audit & Export: If your current MDM supports it, export device inventory and user details to assist with the Hexnode setup.
- Data Backup: You will likely need to wipe devices (especially ADE). Ensure required data is stored in your preferred cloud storage service.
- Asset Removal: Delete the DEP and VPP tokens configured in the current MDM to free them up for Hexnode.
Phase 2: Ecosystem Configuration
Set up the Apple ecosystem connections required for management.
1. Apple Business Manager (ABM)
If your organization hasn’t enrolled, go to https://business.apple.com/ and sign up. The Automated Device Enrollment and Volume Purchase Programare seamlessly integrated here.
Apple will review your information, so approval may take time.
2. APNs Certificate (Mandatory)
A new APNs certificate is required for Apple devices to communicate with Hexnode.
- Download the self-signed certificate from Hexnode.
- Go to the Apple Push Certificates Portal, upload the request, and download the APNs certificate generated by Apple.
- Upload the APNs certificate back to the Hexnode UEM portal.
3. Migrate Tokens
- ADE Server Token:
- Create a new MDM server in Apple Business Manager using the public key from Hexnode.
- Upload the server token to your Hexnode portal to link the services.
- Create a ADE profile in Hexnode to configure the setup assistant.
- Assign your ADE devices to the Hexnode UEM server in the ABM portal.
- VPP Token:
- Revoke all app licenses from the previous MDM.
- Download a new VPP token from ABM.
- Configure VPP in Hexnode by uploading this token and saving.
- Check “reclaim licenses” to revoke old licenses and reuse them with Hexnode.
Phase 3: User Integration
Sync users from your directory services to the UEM console. Unbind the old provider and configure Hexnode with:
- Active Directory: Configure Active Directory settings under the admin tab.
- Microsoft Entra ID: Configure Microsoft Entra ID settings under the admin tab.
- Google Workspace: Configure Google Workspace settings to sync users and groups.
Phase 4: Execution (Disenroll & Enroll)
Once the infrastructure is ready, move the devices.
Step 1: Disenroll from current MDM
- Remote: Push a disenroll action from the previous MDM console.
- Manual: Go to Settings > General > Profile & Device Management on the device and remove the profile.
Step 2: Enroll into Hexnode UEM
Choose the enrollment method that fits your deployment.
Devices need to be fully erased if you are planning to enroll them via Apple ADE.
A. Automated Device Enrollment (ADE)
Use ADE enrollment for eligible devices.
- Requirement: Devices must be fully erased.
- Process: Assign devices to Hexnode in ABM. Devices will automatically enroll upon their initial setup.
B. Apple Configurator
Use Apple Configurator to enroll iOS devices manually.
- Benefit: Devices can be manually added to ADE regardless of purchase source.
- Warning: Make sure that Activation Lock is disabled when you’re letting users wipe their own devices.
C. Bulk Enrollment (CSV)
Use the details exported in Phase 1.
- User Import: Send enrollment instructions to users in bulk via email by uploading user details as a CSV file.
- Pre-Approved: Bulk import a list of devices based on serial numbers. You can proactively assign policies that take effect immediately.
D. User-Initiated Enrollment
- Self-Enrollment: Users can enroll with their AD credentials or usernames/passwords set in the portal.
- Open Enrollment: Users can enroll devices without authentication ; only the enrollment URL is needed.
- Invites: Users will receive an enrollment request via email or SMS containing the credentials.
