Category filter

Migrate your devices from VMWare Workspace ONE to Hexnode UEM

Jump To


With a rapid rise in the never-ending technological advancements, the device management needs of your organization may continuously change. Hence, there’s a good chance that your current device management solution may fail to satisfy your growing business needs. In that case, the best thing you can do is to switch your Mobile Device Management (MDM) vendor.

There are plenty of reasons why organizations migrate from one MDM to another. Overpriced plans, inefficient support, complicated steps, and cloggy UI are major reasons why enterprises think of migration.

Why Hexnode UEM?

If your current MDM does not meet your business goals or technical requirements, migrating to a more flexible and robust solution is always better. Hexnode, the award-winning UEM solution, helps you cover every feature for comprehensive device management.

Here’s a list of Hexnode features that you’ve been missing out on your current vendor:

Unified management of devices: Hexnode manages all your endpoints from a single centralized console. It employs a holistic approach to control all endpoints and apps across the organization.

Multiple OS support: Hexnode extends its management capabilities to support almost all major platforms, such as Android, Windows, iOS, macOS, Fire OS, and Apple TVs.

Security: Hexnode secures your digital workspace without compromising the user experience. It includes a multitude of security features to secure apps, networks, and devices.

Zero learning curve: Hexnode is designed to minimize complex configuration steps, and thus, it has a gentle learning curve. Here, IT administrators do not require additional training to start managing endpoints.

Seamless onboarding of devices: Hexnode’s UEM lets you onboard your devices with a wide variety of enrollment options ranging from zero-touch to minimal touch methods. It also lets you configure device settings before enrollment to make the devices ready for use right out of the box. In addition, Hexnode employs a top-of-the-line support team to readily fix and attend to customer requests.

Flexible pricing plans: Here at Hexnode, we offer a wide range of pricing plans specially designed to meet all your corporate requirements.

This migration guide will help you seamlessly cover all the necessary steps to migrate from VMWare Workspace ONE (formerly known as AirWatch) to Hexnode UEM.

Key points for a successful migration

Before starting the migration process, here are some tips that will help you migrate from Workspace ONE to Hexnode UEM successfully.

MDM Migration Checklist:

Follow the steps mentioned in the migration checklist to accomplish a successful migration. The checklist provides a list of tasks you must follow during the migration process.

Clear communication to end-users:

Inform your end-users about the transition clearly and provide details of the exact steps (device wipe, initial setup assistant, etc.), which they are expected to perform. Allow users to participate in the enrollment process to make them feel involved in the device management procedures.

Test migration processes using a few devices from all platforms:

Start your migration by testing with a few sample devices from all platforms to optimize the migration processes, if any, and to check for configuration errors. This will also help you to validate your migration plan.

We recommend migrating devices in an incrementing pattern. That is, migrate in groups such that the next group has more devices than the previous group. This helps identify and rectify issues associated with a smaller number of devices, rather than the entire device fleet.

Sign up for a free trial in Hexnode UEM:

Test the product for 14 days by signing up for a free trial to explore the rich features and functionalities offered by Hexnode UEM. This will help you understand the product better and makes migration processes fast and efficient.

The entire migration processes can be grouped into three stages:

  1. Pre-migration Phase
  2. Migration Phase
  3. Post-migration Phase

Pre-migration Phase

The pre-migration phase includes all the activities you must perform prior to the migration phase. The below list explains all the pre-migration events and activities:

  • Assess MDM requirements of your enterprise:

    After all, the ultimate point of breaking away from your previous MDM vendor is to manage your organization’s needs more efficiently. Hence, the primary concern must be about what the organization needs from an MDM solution. Ensure that the features lacking in your previous MDM solution are present on your new MDM provider.

    Evaluate your previous MDM solution based on the areas that need improvement, as well as the features that need to be carried over to the new MDM. Prepare for the transition only after deciding various criteria such as the OS platforms, device types, device choice – personal or corporate, and so on.

  • Identify the use-case of the organization:

    While preparing for the transition, check that the new MDM service will meet and satisfy the organization’s use case. Ensure that the MDM platform you are planning to migrate can support your firm’s growth requirement in the near future. Decide all the configurations and features you are going to use with the new MDM based on the use-case of your organization.

  • Create a list of users:

    Prepare a list of all users to be added to the new MDM solution. If possible, export the user data from the previous MDM provider’s database. Identify specific users who require special privileges like admins and technicians.

  • Create a logical timeline:

    The first step before heading to the migration phase is to create an effective timeline. Choose a time that is best suited for migration. It would be ideal to choose a time when your devices are out of use so that the IT team will have enough time for the transition without impacting users.

    Study the entire migration process and prepare an achievable schedule that includes important milestones, expenses, and other implementation factors. Divide the entire migration process into different segments, targeting a small group of devices to a higher number within various periods. This will optimize the process and help validate the migration plan.

  • Effective Communication:

    It’s essential to inform and educate your end-users about the migration processes. Describe the steps that your users must execute, including the details on whether the device will be wiped or not, whether the users are required to wipe and re-enroll the devices manually, and so on. Empower your users by providing thorough training sessions and in-depth help articles to seamlessly carry out the steps.

  • Backup data to cloud services:

    Store sensitive data to cloud services before migration so that any data, if lost after migration, can be retrieved. Some examples of cloud services include:

    • iCloud
    • Google Drive
    • Dropbox
    • Box
  • Prepare devices for migration:

    After completing the steps mentioned above, check your device for activation lock and factory reset protection. Back up your data to keep it safe, in case your device gets wiped. Make your devices ready for the transition. Help regarding device wipe and disenrollment from your previous vendor is explained in the next phase.

Migration Phase

The migration phase includes all the actions that the organization must carry out to migrate from one MDM to another. Make sure that you are right on the migration timeline and have completed all the pre-migration steps before entering the migration phase.

The first thing to do while planning the migration is to check out new MDMs. Here at Hexnode, we provide a 14-day trial period with the highest subscription plan, so that you can explore all the features and make sure we provide everything you need. If not, contact us directly and request new features that you find essential to meet your requirements.

Since you have access to the Hexnode portal, identify which pricing plan you will choose when the trial period ends. Hexnode offers programs that are scaled across various price ranges. Refer the pricing page if you are facing any difficulty in tracking down the features.

Steps to be followed in the migration phase:

1. Create technicians

Create technicians

Create technicians (same as Administrators in Workspace One) in Hexnode. They have at-most privileges and are responsible for managing users. The number of technicians that you can add to Hexnode varies with your subscription plan.

2. Migrate Tokens

Migrate Tokens

You can now migrate the tokens from the previous MDM vendor to Hexnode.

This includes Wi-Fi profiles (for enrollment via Apple Configurator), security certificates (certificates for Android, iOS, and macOS devices), apps, identity/user authentication certificates (VPN and Wi-Fi) and configuration profiles (DEP). Set up APNs, DEP and VPP certificates/tokens in Hexnode.


It is recommended to create new APNs certificate in the Apple Push Certificate Portal, and add it to Hexnode.


To sync your DEP account with Hexnode, create a new MDM server for Hexnode in your DEP portal and transfer devices from the previous MDM server to the newly created one.

To transfer devices from the previous MDM to Hexnode Server,

  1. Login to your DEP portal.
  2. Go to Settings, select the old MDM server and Download the devices list.
  3. Go to Device Assignments and change the Choose Devices option to Upload CSV file.
  4. Upload the downloaded device list and choose the Action as Assign to server.
  5. Select the newly created server for Hexnode UEM as the MDM Server and click Done.


To migrate the VPP token to Hexnode, clear the available VPP token on your Workspace ONE console and sync the VPP account with Hexnode.

To clear the VPP sToken from the AirWatch console,

  1. On the Workspace ONE console, select the appropriate organization group.
  2. Go to Groups & Settings > All Settings > Devices & Users > Apple > VPP Managed Distribution.
  3. Select Clear and follow the on-screen instructions.

3. Directory integration

Directory integration

Register your directory services like AD, Azure AD, G Suite and Okta in Hexnode for easy and better management.

4. Import Assets

Import Assets

To import users to Hexnode, it is best to export the users’ list as a CSV file from the previous vendor and use the “Bulk enrollment” option to add them to Hexnode.

If you are integrating with AD, Azure AD, or G Suite or Okta please neglect the above mentioned, as users and groups will be directly synced with Hexnode.

You can also export device details from Workspace ONE and add them as pre-approved devices in Hexnode (Apple and Android). Adding a pre-approved device gives you the flexibility to pre-configure apps and policies in the devices even before enrollment initiation.

5. Create Policies

Create Policies

Create policies in Hexnode that suit your use cases. Hexnode lets you configure policies for all supported Operating Systems from the same pane. This will come in handy if your organization is managing devices in more than one device platform. You can proactively attach users, user groups, domains, and pre-approved devices as Policy targets.

6. Disenroll From Workspace One

Disenroll From AirWatch

By now, you would have a better understanding of Hexnode and if you find our software compatible with your use, disenroll your devices from Workspace ONE and enroll them with Hexnode UEM.

Disenrolling a device from the Workspace ONE console via the Delete Device action sends a wipe device command to the device. So, if your device has any critical data, it is recommended to backup your data before disenrolling. There might be many ways to disenroll devices from Workspace ONE like removing the MDM profile, uninstalling the agent app, factory resetting the device, etc. One of the remote and most effortless ways to disenroll devices from Workspace ONE is by deleting the device directly from the portal.

  1. Go to Devices > List View.
  2. Check the box corresponding to all or any devices that you want to migrate.
  3. More Actions > Admin > Delete Device > Delete.

Let’s look at the different methods to disenroll or remove the MDM administration from the devices.

Apple Devices

  • For Apple devices added to DEP (iOS, Apple TV and Mac)

    To disenroll a DEP enrolled device, in which the removal of MDM administration profile is restricted,

    • Remove your devices from the current MDM server. This can be done either by deleting the previous MDM server from ABM, or you can remove/unassign/release devices from the previous MDM server.
    • If you are deleting the server, reassign the devices to the new MDM server created for Hexnode. Or, if you are unassigning the devices, first download the device list using the Download button and then unassign.
    • Then carry out a complete device wipe (erase all contents and settings) to remove the device management.
  • For Apple devices enrolled via Apple Configurator (iOS and Apple TV)
    • Either use the Delete Device option or carry out a wipe to remove the current MDM profile from the device.
    • Create a new blueprint with Hexnode UEM details, and apply it to the device that has to be migrated.
  • For Apple devices enrolled through the MDM agent app (iOS and Mac)
    • Use the Delete Device option in the portal to uninstall and wipe the device. Or, you can remove the MDM agent profile to remove device management.
  • For Apple devices enrolled via auto-discovery or other enrollment methods
    • Devices enrolled via auto-discovery, or other enrollment methods can be disenrolled by the Delete Device option, Wipe command, or by manually removing the MDM agent profile.

  • A supervised device, after device reset, will turn non-supervised. Use the Apple Configurator or DEP enrollment methods to regain supervision.
  • While resetting the device, make sure that either the MDM provides an activation bypass code or remove the Apple ID linked to the device to prevent activation lock.
  • Re-enrolling devices in Hexnode via DEP and Apple Configurator will send a wipe command to the device. Before doing so, back up the important data.

Android Devices

In the case of Android devices, a simple Delete Device action can be employed to remove devices from Workspace ONE, or you can Factory reset devices to remove management. This will not work in the case of ROM, Zero-touch and Samsung Knox enrolled devices. Resetting devices enrolled via any of these techniques restore the MDM management.

  • Legacy Android:

    In legacy Android enrolled devices, removing the MDM agent app (by restricting the apps’ device admin privileges) or factory resetting the device is enough to remove management.

  • Android Enterprise:
    • In case of the profile owner enrolled device, removing work profile (Settings > Accounts > Remove Work Profile) or factory resetting the device will also remove remote management.
    • Device owner enrolled machines can be disenrolled by factory resetting the device.
  • Note:

    While resetting, make sure that Factory Reset Protection (FRP) is disabled. You can also remove the accounts associated with the device before the factory reset.

  • Zero-touch enrolled devices:

    Use the Delete Device option to disenroll and wipe the device. Or,

    1. Login to your Zero-touch portal.
    2. Go to Devices, change the Configurations for the devices whose management has to be removed to No config.
  • Samsung Knox enrolled devices:

    To remove the management of a Samsung Knox device,

    1. Sign in to your Knox portal.
    2. Go to Knox Mobile Enrollment > LAUNCH CONSOLE.
    3. Go to Devices > ALL DEVICES.
    4. Select the devices whose management has to be removed.
    5. Click on Actions > Configure devices.
    6. Change MDM Profiles to Clear profiles and then click onSave.

Windows devices

Windows enrolled devices can be disenrolled by the Delete Device option. You can also remove the MDM profile directly from the work/school section of the device.

7. Enroll in Hexnode

Enroll in Hexnode

To manage the disenrolled devices from the previous MDM vendor, you need to enroll them with Hexnode UEM. Hexnode UEM supports the enrollment of iOS, Android, Mac, Windows 10 PCs & Tablets, Apple TV, and Fire OS devices. Here, devices can be registered using many enrollment methods ranging from zero-touch to minimal touch enrollment options. Before enrolling your devices, make sure that you configure the Enrollment Settings on the Hexnode portal.

The Workspace ONE disenrolled devices have to be enrolled back in Hexnode.

The platform-specific instructions for enrolling devices in Hexnode UEM are given below:

iOS Devices

Devices can be enrolled in iOS through various enrollment techniques, which include,

  • Apple Business Manager/Apple School Manager

    The most recommended enrollment method in case of bulk supervised enrollment.

    To assign the devices to the newly created MDM server for Hexnode,

    1. In the Apple Business Manager page, go to Device > Device Assignments.
    2. Upload the CSV file that you have downloaded in Step 2: Migrate Tokens.
    3. Choose Action as Assign to server and choose Hexnode as the MDM Server.
  • Apple configurator

    Each device has to be individually accessed to enroll in Hexnode using Apple Configurator. Use this method to enable device supervision on enrollment, when the device cannot be enrolled using Apple DEP.

  • Pre-approved

    Use in case you want to pre-approve devices or pre-assign policies to devices before enrollment.

  • Email/SMS

    Users will get enrollment requests with login credentials via email/SMS to guide them through the enrollment procedure.

  • Enroll in DEP via Apple Configurator

    Previously, Apple allowed only the devices purchased directly from Apple to be enrolled in DEP. But now you can add any Apple device running iOS 11 or later to DEP regardless of how or from where it is purchased, using Apple Configurator 2.5 or later.

  • Enrollment without authentication
  • Users can directly enroll in Hexnode with no authentication.

  • Self enrollment

    Users can enroll with the directory or local credentials.

Mac Devices

Mac devices can be enrolled in Hexnode through any of the following ways.

Apple TV Devices

Use any of the following methods to enroll Apple TV in Hexnode UEM.

Android Devices

  • Android Legacy
    • Self-enrollment
    • Self-enrollment allows users to enroll devices with their Active Directory/Azure Active Directory/Google/Okta/local user credentials.

    • QR code

      Scan the QR Code to enroll via the Hexnode app.

    • Email/SMS enrollment

      An Email/SMS with enrollment credentials and instructions on how to enroll devices will be sent to selected users. They can use this information to enroll their devices in Hexnode.

    • Pre-approved

      Upload a CSV file with device details in Hexnode so that you can attach policies and applications to devices prior to enrollment.

  • Android Enterprise
  • To enroll a device in Android Enterprise,

  • Zero Touch Enrollment

    Zero-touch enrollment is a bulk device enrollment method. To enroll a device using the Zero-Touch enrollment method,

    1. Login to your zero-touch portal and create a configuration for Hexnode UEM.
    2. Upload the device list in CSV format and apply the configuration to the devices.
    3. All the devices will now be assigned to that specific configuration.
  • Samsung Knox Enrollment

    Samsung Knox devices can be enrolled in Hexnode via Knox Mobile Enrollment, a no-touch enrollment solution by Samsung Knox. To enroll in Knox,

    1. Login to your Knox portal account and create a profile for Hexnode UEM.
    2. Upload the device list in CSV format and assign profiles to the devices.
    3. For reseller purchased devices, the reseller will add the devices to the Knox portal. The profiles can then be applied to the devices.
    4. For non-reseller devices, associate the created Hexnode profile to the devices via Knox Deployment Application and deploy them using either Bluetooth or NFC.
  • Android ROM/OEM Enrollment

    Android ROM/OEM enrollment unlocks many features like non-removable MDM even after device wipe, silent app installation, etc.

    You can make the Hexnode system agent app a privileged app during Android ROM/OEM enrollment. This will grant system permissions to the Hexnode MDM app as new versions are being installed.

Windows Devices

  • Enroll using Hexnode Installer

    Recommended for devices running Windows 10 v1803 or later.

    Enter the enrollment URL ( on the browser to download the Hexnode Installer app on the device. Install the app and follow the on-screen instructions to complete the device enrollment.

  • Open enrollment & Authenticated enrollment via Email/SMS

    Recommended for Windows 10 v1709 or below.

    The major difference between open enrollment and Email/SMS is that in case of the latter, users will be asked to authenticate for enrolling their device.

    To enroll a device using Open or Email/SMS enrollment methods, go to Settings > Accounts > Access Work or School > Enroll in device management on the device. Enter the enrollment URL and the user authentication credentials (required for Email/SMS enrollment) whenever prompted. Then, follow the on-screen instructions to complete the device enrollment.

  • Self enrollment

    Users have to enroll in Hexnode by authenticating with their organization’s directory credentials or local user credentials.

  • PPKG Enrollment

    Use the PPKG enrollment technique while bulk enrolling Windows devices in Hexnode. End-users need to just power on the device, connect to the network, and install the ppkg file to enroll with Hexnode UEM.

    To enroll devices via PPKG enrollment,

    1. Create a ppkg file using Windows ICD.
    2. Distribute this ppkg via external media/email.
    3. Click on the ppkg file and follow the on-screen procedure to get the devices enrolled with Hexnode.

8. Migration Fallback

Migration Fallback

There is a possibility that some of the device enrollments may fail, decreasing the organization’s overall productivity. This may set back your whole productivity. We suggest some easier enrollment techniques as a workaround to quickly roll out your devices to the MDM console.

For Apple devices, use:

  • Email/SMS (Use either open/authenticated enrollment)
  • Pre-approved
  • Apple configurator (For supervised enrollment – iOS only)

For Android devices, use:

  • QR Code
  • Email/SMS (Use either open/authenticated enrollment)
  • Pre-approved

For Windows devices, use:

  • Enroll using Hexnode Installer

9. Monitor enrollment process

Monitor enrollment process

Monitor the whole enrollment process and track newly enrolled users using various analytics methods. Identify the devices still in unenrolled/enrollment failed state. Use any of the methods mentioned in the migration fallback section to enroll it back in Hexnode UEM.

Post-migration Phase

This phase includes checks and surveys to be carried out to ensure that all devices are successfully migrated from your previous vendor to Hexnode UEM.

  • Device Inventory checks: Export the details of all devices enrolled in Hexnode UEM from the Reports tab. Compare this list with the exported legacy MDM provider’s device database. This would help find all the devices, which are still not enrolled in Hexnode UEM.
  • Restoring backup data: For Apple devices, you can restore saved data by logging into your devices using your iCloud or Managed Apple ID. Cloud-hosted data can also be retrieved from cloud services like Google Drive, Dropbox, Box, etc. This will ensure no data loss after the migration process.
  • Unsubscribing the services of old MDM: Decommission the services of your previous MDM provider.
  • Surveys and feedback on new MDM: Collect users’ feedback to identify any issues or new requirements in your new MDM solution. Conduct surveys regularly to analyze the user experience so that training sessions can be arranged, if needed, for new areas and use cases.
  • Troubleshooting / Support plan to assist with migration: Equip yourself with the world-class support team from Hexnode UEM to assist you in issues regarding migration. Clear your queries by referring to the published FAQs and other how-to articles to mitigate troubleshooting issues.
  • How-to Guides