How to migrate Android devices from another MDM to Hexnode?

While an MDM migration may seem complex, it is possible to streamline the process with a proper migration plan in hand. This article provides you with the insight necessary to migrate your Android devices from the previous MDM solution to Hexnode as seamlessly as possible.

Migration steps

Follow the below steps to achieve a smooth transition of your Android devices:

1. Remove assets from current MDM and back up required data.
2. If you’ve got Samsung Knox devices, create a Knox portal account to automate the enrollment process. For compatible reseller purchased devices, create a zero-touch enrollment portal to achieve automatic enrollment.
3. Configure Google Workspace (G Suite), Android Enterprise, Samsung KME, and Android ZTE (if you are planning to use these services with Hexnode UEM).
4. Sync users from directory services to Hexnode UEM.
5. Disenroll devices from current MDM.
6. Enroll devices into Hexnode UEM.

Step-1: Remove assets from current MDM and back up required data

Determine what all data need to backup before you remove assets from the current MDM. Export device details and user details to use them during the enrollment process if required. Before the device wipe, you should back up all the essential data on your devices to your preferred cloud storage service.

Step-2: Create a Knox portal account and Zero-touch enrollment account

If your organization doesn’t have a Knox portal account and zero-touch account, sign up for these programs to automate the MDM enrollment process.

1. Knox portal account.
   • Go to Knox enrollment page and apply for the Knox portal account.
   Notes:

   • You should have a Samsung account to use the KME service.
   • Samsung will review the application and a confirmation mail will be sent once it’s approved.

2. Zero-touch enrollment account.
   Your reseller will setup the zero-touch enrollment account for your organization if the devices were purchased from a zero-touch carrier or reseller.
   
   Note:

   You’ll need a Google account associated with your corporate email to use the portal.

Step-3: Configure Google Workspace (G Suite), Android Enterprise, Samsung KME, and Android ZTE

1. Google Workspace (G Suite) – Prior to integrating Google Workspace (G Suite) with Hexnode UEM, create a service account with Google and manage API client access for MDM.To integrate Google Workspace (G Suite) with Hexnode UEM:
   • Configure Google Workspace (G Suite) in your Hexnode UEM portal by uploading the JSON key downloaded from the Google Developers Console.
   • Paste the EMM token generated from the Google Admin Console.
   • Your organization will be enrolled in Android Enterprise program using the Google domain.
2. Android Enterprise – By configuring Google Workspace (G Suite), you can join your organization in the Android Enterprise program. You can also use your Google account for Android Enterprise registration.To enroll your organization using the Google account:
   • Select Managed domain for Android Enterprise enrollment in your Hexnode UEM portal.
   • Sign in with your Google account and complete registration by providing the business details.
3. Samsung Knox Mobile Enrollment – Create a new MDM profile for Hexnode UEM in the Samsung KME portal to assign this profile to your devices.
   • Go to Knox portal and create a new MDM profile with your Hexnode UEM server URL in the MDM server URI column.
   • Provide other profile details and URL for the Hexnode UEM APK in the MDM Agent APK column.
4. Android Zero Touch Enrollment – Sign in to Zero Touch Portal using the Google account linked to your corporate email and create a new MDM configuration for Hexnode UEM.
   • Add MDM configuration, select Hexnode for Work app from the list of EMM apps and provide the JSON data available in your Hexnode UEM portal.

Step-4: Sync users from directory services to Hexnode UEM

You can sync the users from various directory services such as Active Directory (AD), Microsoft Entra ID and Google Workspace (G Suite) to the MDM console.

Unbind your current MDM vendor from the directory services and configure Hexnode UEM with them.

1. Active Directory
   • Configure Active Directory settings under Admin tab to get the users synced from the AD account to the Hexnode portal.
2. Microsoft Entra ID
   • Configure Microsoft Entra ID under Admin tab to get the users synced from the Microsoft Entra ID account to the Hexnode portal.
3. Google Workspace (G Suite)
   • Configure Google Workspace (G Suite) under Admin tab to get the users and user groups synced from the Google Workspace (G Suite) account to the Hexnode portal.

Step-5: Disenroll devices from current MDM

Disenroll all devices from the current MDM. This can be done in two ways:

• Use the current MDM to perform disenroll action.
• Manually remove management from the devices by uninstalling the MDM app. This doesn’t work if the MDM was set up as non-removable.

Step-6: Enroll devices into Hexnode UEM

You can enroll your devices to Hexnode UEM using different methods.

Automatic enrollment methods

Use the automated MDM enrollment methods to quickly enroll your devices without even touching them.

Samsung Knox Mobile Enrollment

Samsung KME provides a no-touch enrollment for the reseller devices and a manual enrollment process for non-reseller devices.

1. For reseller devices
   • You must register your participating reseller to your KME portal, and the reseller will upload the device details to your account. You have to approve the upload.
   • Your devices will be listed in the KME portal under Devices > Uploads. Download the device details as a CSV file.
   • Modify the device list with user credentials.
   • Bulk configure the devices and assign the Hexnode UEM profile created in Step-3 to these devices.
2. For non-reseller devices
   • To enroll devices not purchased from an approved reseller there is a Knox deployment application.
   • Download the Knox Deployment application from the Google play store.
   • Select the Hexnode UEM profile created in Step-3 to associate with your devices.
   • Deploy your devices either using Bluetooth or NFC.

Android Zero Touch Enrollment

Hexnode provides support for Android Zero-touch Enrollment to automatically enroll your corporate-owned device as Android Enterprise Device Owner. You can configure all the compatible devices in a single go by uploading a CSV file.

• Prepare a CSV file containing device details like IMEI number, serial number, model number, manufacturer name, etc. The file should also contain the ID of the configuration you’ve created in Step-3.
• Upload the CSV file to the Zero Touch Portal.

Android Enterprise Enrollment

Corporate devices can be enrolled as a device owner and personal devices as a profile owner in the Android Enterprise program either using the managed domain or google domain.

1. Managed domain – If you’ve enrolled the organization using your Google account in Step-3:
   • To enroll as a device owner
     1. Reset the device to factory settings.
     2. Android 7+ – Use the QR code on your Hexnode UEM portal to enroll the device.
     3. Android 6+ – On the initial setup screen when prompted to sign in with a google account, enter afw#hexnodemdm and follow the on-screen instructions to install the Hexnode for Work app.
     4. Android 5+ – Download and install Android Debug Bridge on a computer, connect your device to the computer and run a set of commands to install Hexnode for Work app.
   • To enroll as a profile owner
     1. Download and install Hexnode for Work app.
     2. Enter your server name or scan the QR code in the Hexnode UEM portal.
     3. Follow the on-screen instruction to configure a work profile.
2. Google domain – If you’ve enrolled the organization using your G Suite account in Step-3, the enrollment process will be different depending on whether the option to Enforce EMM policies on Android devices in the Google admin console is checked or not.

Bulk enrollment with CSV import

Use the device and user details downloaded in Step-1 to enroll devices in bulk.

• Bulk user import – Send enrollment instructions to users in bulk via email by uploading the user details as a CSV file.
• Pre-approved enrollment – Bulk import a list of devices based on their serial numbers via a CSV file. You can proactively assign device management policies to these devices and the policies automatically take effect upon enrollment.

Self-enrollment

Users can enroll with their AD credentials or usernames and passwords set in the portal.

Open enrollment

Scan QR code or type in server address to enroll the devices without any authentication.

Email/SMS enrollment

Users will receive an enrollment request via email or SMS which contains the enrollment URL, username and password.