Category Filter

How to migrate devices from AirWatch to Hexnode MDM?


Are you really comfortable with your device management solution employed in your organization? Even if it’s not the case, you can always think about migrating to another MDM.

There are plenty of reasons why organizations migrate from one MDM to another. Overpriced plans, in-efficient support, complicated steps, and cloggy UI are the major reasons why enterprises think of migration.

If you feel insecure with your current MDM provider, it’s ideal to migrate to a more secure and robust solution like Hexnode. Hexnode MDM is flexible in managing a multitude of device models and operating systems from a centralized platform. Here at Hexnode, we offer a wide range of pricing plans that are specially designed to meet your corporate requirements. Hexnode MDM employs a top-of-the-line support team and has minimal and simple configuration steps as compared to other vendors.

The migration procedure may seem a bit complicated at first, but transitioning MDM vendors doesn’t have to be a difficult process. This migration guide will help you cover all the necessary steps to migrate from AirWatch to Hexnode MDM seamlessly.

Key points for a successful migration

Before starting the migration process, here are some tips that will help you to migrate from AirWatch to Hexnode MDM successfully.

MDM Migration Checklist:
Follow the steps mentioned in the migration checklist to accomplish a successful migration. The checklist provides a list of tasks you must follow during the migration phases.

Clear communication to end-users:
Inform your end-users about the transition clearly and provide details to the exact steps (device wipe, initial setup assistant, etc.), which they are expected to perform. Empower your users to take part in the enrollment process and make them feel that they have more acceptance of management.

Test migration processes using a few devices from all platforms:
Start your migration by testing with a few sample devices from all platforms to optimize the migration processes, if any, and to check for any configuration errors. This will also help you to validate your migration plan.

Sign up for a free trial in Hexnode MDM:
Test the product for 30 days by signing up for a free trial to explore the rich features and functionalities in Hexnode MDM. This will help you understand the product better and makes migration processes fast and expedient.

The entire migration processes can be grouped into three stages:

  1. Pre-Migration Phase
  2. Migration Phase
  3. Post-Migration Phase

Pre-Migration Phase

The pre-migration phase includes all the activities you must perform prior to the migration phase. The below list explains all the pre-migration events and activities:

  • Assess MDM requirements of your enterprise:
    After all, the ultimate point of breaking away from your previous MDM vendor is to manage your organization’s needs more efficiently. Hence, the primary concern must be about what the organization needs from an MDM solution. Make sure that the features that were lacking from your previous vendor are present on your new MDM provider.
    Evaluate your previous MDM solution based on the areas that need improvement, as well as the features that need to be carried over to the new MDM. Prepare for the transition only after deciding various criteria such as the OS platforms, device models, device choice – personal or corporate, and so on.
  • Identify the use-case of the organization:
    While preparing for the transition, check that the new MDM service will meet and satisfy the use-case of the organization. Ensure that the MDM platform you are planning to migrate can support your firm’s requirement growth in the near future. Decide all the configurations and features which you are going to use with the new MDM based on the use-case of your organization.
  • Create a list of users:
    Prepare a list of all users that must be added to the new MDM solution. Export the data from the legacy MDM provider’s user database, if possible. Identify specific users who require special privileges like admin and technicians.
  • Create a logical timeline:
    The first step before heading to the migration phase is to create an effective timeline. Choose a time period that is best suited for migration. It will be ideal to choose a time period in which your devices are out of use so that the IT team will have enough time for the transition without impacting users.
    Study the entire migration process and prepare an achievable schedule that includes important milestones, expenses, and many other implementation factors. Divide the entire migration process into different segments, targeting from a small group of devices to a higher number within various periods. This will optimize the process and helps to validate the migration plan.
  • Effective Communication:
    It’s highly important to inform and educate your end-users about the migration processes. Describe the steps which your users must execute, which should include the details on whether the device will be wiped or not, whether the users are required to wipe and re-enroll the devices manually, and so on. Empower your users by providing thorough training sessions and in-depth help articles to carry out the steps seamlessly.
  • Backup data to cloud services:
    Store sensitive data to cloud services before migration so that any data, if lost after migration, can be retrieved. Some examples of cloud services include:
    • iCloud
    • Google Drive
    • Dropbox
    • Box
  • Prepare devices for migration:
    After completing the events mentioned above, check your device for activation lock and factory reset protection. Back up your data to keep it safe if in case your device gets wiped. Make your devices ready for the transition. Help regarding device wipe and disenrollment from your previous vendor are explained in the next phase – Migration Phase.

Migration Phase

All the actions that the organization must carry out to migrate from one MDM to another are included in this section. Make sure that you are right on the timeline and have completed all the pre-migration steps before entering the migration phase.

While planning to migrate from your current MDM, the first thing you should do is to check out a new one. Here at Hexnode, we provide a 30-day trial period with the highest subscription plan, so that you explore the features and make sure everything you need is provided by us. If not, contact us directly and request new features that you find essential to meet your requirements.

Since you have access to the Hexnode portal, identify which pricing plan that you will be choosing when the trial period ends. Hexnode offers programs that are scaled across all price ranges. Refer the pricing page if you are facing any difficulty in tracking down the features.

Steps to be followed in the migration phase:

1. Create technicians

Create technicians

Create technicians (same as Administrators in AirWatch) in Hexnode. They have at most privileges’ and are responsible for managing users. The number of technicians that you can add in Hexnode varies with your subscribed plan.

2. Migrate Tokens

Migrate Tokens

The next thing you might want to do is to migrate tokens from AirWatch and sync your accounts with Hexnode.
This includes Wi-Fi profiles (for enrollment via Apple Configurator), security certificates (certificates for Android and iOS devices), apps, identity/user authentication certificates (VPN and Wi-Fi) and configuration profiles (DEP). And set up APNs, DEP and VPP certificates/tokens in Hexnode.

It is recommended to create a new APNs certificate in the Apple Push Certificate Portal and add it to Hexnode.

To sync your DEP account with Hexnode, create a new MDM server for Hexnode in your DEP portal and transfer devices from the previous MDM server to the newly created one.
To transfer devices from the previous MDM to Hexnode Server,

  1. Login to your DEP portal.
  2. Go to Settings, select the old MDM server and Download the devices list.
  3. Go to Device Assignments and change the Choose Devices option to Upload CSV file.
  4. Upload the downloaded device list and choose the Action as Assign to server.
  5. Select the newly created server for Hexnode MDM as the MDM Server and click Done.

To migrate VPP token to Hexnode, clear the available VPP token on your AirWatch console and sync the VPP account with Hexnode.
To clear the VPP sToken from the AirWatch console,

  1. On the AirWatch console, select the appropriate organization group.
  2. Go to Groups & Settings > All Settings > Devices & Users > Apple > VPP Managed Distribution.
  3. Select Clear and follow the on-screen instructions.

3. Directory integration

Directory integration

Register your directory services like AD, Azure AD and G Suite in Hexnode for easy and better management.

4. Import Assets

Import Assets

To import users to Hexnode, it is recommended to export the users’ list in the form of a CSV file from the previous vendor and use the “Bulk enrollment” option to add them in Hexnode. This relieves you from importing users manually.

The recommended best practice is to group the user’s in incrementing patterns (next group with more users than the last) and import them at various time periods.

If you are integrating with AD, Azure AD or G Suite please neglect the above mentioned, users and groups will be directly synced with Hexnode.

You can also export device details from AirWatch and add them as pre-approved devices in Hexnode (Apple and Android). Adding a pre-approved device gives you the flexibility to pre-configure apps and policies in the devices even before enrollment initiation.

5. Create Policies

Create Policies

Create policies in Hexnode that suits your use cases. Hexnode lets you configure policies for all supported Operating Systems at the same pane. This will come in handy if your organization is using more than one type of device. You can proactively attach users, user groups, domains and pre-approved devices as the Policy targets.

6. Disenroll From AirWatch

Disenroll From AirWatch

As of now, you have a better understanding of Hexnode and if you find our software compactable for your use, disenroll your devices from AirWatch and enroll them in Hexnode MDM.

Disenrolling a device from the AirWatch console via the Delete Device action sends a wipe device command to the device. So, if your device has any critical data, it is recommended to back-up your data before disenrolling. There might be many ways to disenroll devices from AirWatch like removing the MDM profile, uninstalling agent app, factory resetting the device, etc. But let’s stick with the remote and most effortless way, deleting the device directly from the portal.

  1. Go to Devices > List View.
  2. Check the box corresponding to all or any devices that you want to migrate.
  3. More Actions > Admin > Delete Device > Delete.


Let’s look at different scenarios by which management can be removed from the device end.

Apple Devices

  • For Apple devices added to DEP (iOS, tvOS, and Mac)

    To disenroll a DEP enrolled device, a simple Delete Device option might not be enough. The vendor might have restricted the removal of management profiles. So, follow the below steps to remove such devices.

    • Remove your devices from the current MDM server. This can be done in two ways. Either delete the previous_mdm_server from ABM, or you can remove/unassign/release devices from the previous_mdm_server.
    • If you are deleting the server, reassign the devices to the new MDM server that you have created for Hexnode. Or if you are unassigning the devices, first download the device list using the Download button then unassign.
    • Then carry out a complete device wipe (Erase all contents and settings) to remove the device management.
  • For Apple devices enrolled via Apple Configurator (iOS, tvOS)
    • Either use the Delete Device option or carry out a wipe to remove the current MDM profile from the device.
    • Create a new blueprint with Hexnode MDM details and apply it to the device that has to be migrated.
  • For Apple devices enrolled through the MDM agent app (iOS and Mac)
    • Use the Delete Device option in the portal to uninstall and wipe the device. Or you can remove the MDM agent profile to remove management.
  • For Apple devices enrolled via auto-discovery or normal enrollment methods
    • Devices enrolled via auto-discovery or normal enrollment methods can be disenrolled by the Delete Device option, Wipe command, or by manually removing the MDM agent profile.

  • A Supervised device after device reset will turn non-supervised. Use the Apple Configurator or DEP enrollment methods to regain supervision.
  • While resetting the device, make sure that either the MDM provides an activation bypass code or remove the Apple ID linked to the device to prevent activation protection.
  • Re-enrolling devices in Hexnode via DEP and Apple Configurator will send a wipe command to the device. Prior to doing so, back up the important data.

Android Devices

In the case of Android devices, a simple Delete Device action can be employed to remove devices from AirWatch or you can Factory reset devices to remove management. This will not work in the case of ROM, Zero-touch and Samsung Knox enrolled devices. Resetting devices enrolled via any of these techniques restores the MDM management.

  • Legacy Android:

    In legacy Android enrolled devices, removing the MDM agent app (by restricting the apps’ device admin privileges) or factory resetting the device is enough to remove management.

  • Android Enterprise:
    • In case of the profile owner enrolled device, removing work profile (Settings > Accounts > Remove Work Profile) or factory resetting the device will also remove remote management.
    • Device owner enrolled machines can be disenrolled by factory resetting the device.
  • Note:

    While resetting, make sure that FRP is disabled. Or remove the accounts associated with the device prior to the factory reset.

  • Zero-touch enrolled devices:

    Use the Delete Device option to disenroll and wipe the device. Or,

    1. Login to your Zero-touch portal.
    2. Go to Devices, change the Configurations for the devices whose management has to be removed to No config.
  • Samsung Knox enrolled devices:

    To remove the management of a Samsung Knox device,

    1. Sign in to your Knox portal.
    2. Go to Knox Mobile Enrollment > LAUNCH CONSOLE.
    3. Go to Devices > ALL DEVICES.
    4. Select the devices whose management has to be removed.
    5. Click on Actions > Configure devices.
    6. Change MDM Profiles to Clear profiles and Save.

Windows devices

Windows enrolled devices can be disenrolled either by the Delete Device option. You can also remove the MDM profile directly from the device work/school section of the device.

7. Enroll in Hexnode

Enroll in Hexnode

To exercise comprehensive management over your disenrolled devices, enroll your devices in Hexnode MDM. We support enrollment of iOS, Android, Mac, Windows 10 PCs & Tablets, and tvOS devices of all shapes and sizes. Here, devices can be registered using a plethora of enrollment methods ranging from zero-touch to minimal touch enrollment options. Before enrolling your devices, make sure that you configure the Enrollment Settings on the Hexnode portal.

These AirWatch disenrolled devices have to be enrolled back in Hexnode.

The platform-specific instructions for enrolling devices in Hexnode MDM are given below:

iOS Devices

Devices can be enrolled in iOS through various enrollment techniques. Which includes,

  • Apple Business Manager/Apple School Manager

    The most recommended in case of bulk supervised enrollment.
    To assign the devices to the newly created MDM server for Hexnode,

    1. In the Apple Business Manager page, go to Device > Device Assignments.
    2. Choose the Upload CSV file option and upload the CSV file that you have downloaded in Step 2: Migrate Tokens.
    3. Choose Action as Assign to server and choose that you created for Hexnode as the MDM Server.
  • Apple configurator

    Each device has to be accessed individually to enroll in Hexnode.

  • Pre-approved

    Use in case you want to pre-approve devices that can be enrolled to Hexnode.

  • Email/SMS

    Users will get enrollment request with login credentials via email/SMS.

  • Enroll in DEP via Apple Configurator

    Previously, Apple allowed only the devices purchased directly from Apple to be enrolled in DEP. But now you can add any Apple devices running iOS 11 or later to DEP regardless of how or from where it is purchased.

  • Enrollment without authentication
  • Users can directly enroll in Hexnode with no authentication.

  • Self enrollment

    Users can enoll with their AD credentials.

Mac Devices

Mac devices can be enrolled in Hexnode through any of the following ways.

Apple TV Devices

Use any of the following methods to enroll Apple TV in Hexnode MDM.

Android Devices

  • Android Legacy
    • Bulk enrollment with CSV import

      Recommended if you are using a large number of devices.

    • Self-enrollment
    • Self-enrollment allows the users to enroll devices with their Active Directory/Azure Active Directory/Google user credentials.

    • QR code

      Scan a QR Code to enroll in Hexnode.

    • Email/SMS enrollment

      An Email/SMS with the enrollment credentials and instructions on how to enroll devices will be send to the selected users. They can use this information to enroll their devices in Hexnode.

    • Pre-approved

      Upload a CSV file with device details in Hexnode so that, you can attach policies and applications to devices prior to enrollment.

  • Android Enterprise
  • To enroll a device in AE,

  • Zero Touch Enrollment

    Zero-touch enrollment is a viable option for OTA enrollment method. To enroll a device using Zero-Touch enrollment method,

    1. Login to your zero-touch portal and create a configuration for Hexnode MDM.
    2. Upload the device list in CSV format and apply the configuration to the devices.
    3. All the devices will now be assigned to that specific configuration.
  • Samsung Knox Enrollment

    Samsung Knox devices can be enrolled in Hexnode via Knox Mobile Enrollment, a no-touch enrollment solution by Samsung Knox. To enroll in Knox,

    1. Login to your Knox portal account and create a profile for Hexnode MDM.
    2. Upload the device list in CSV format and assign the profiles to the devices.
    3. For reseller purchased devices, the reseller will add the devices to the Knox portal. Then the profiles can be applied to the devices.
    4. For non-reseller devices, associate the created Hexnode profile to the devices via Knox Deployment Application and deploy them using either Bluetooth or NFC.
  • Android ROM/OEM Enrollment

    Android ROM/OEM enrollment unlocks a lot of features like non-removable MDM even after device wipe, silent app installation, Hexnode system agent app etc.

Windows Devices

  • PPKG Enrollment

    Use the PPKG enrollment technique while bulk enrolling Windows devices in Hexnode. End-users need to just power on the device, get connected to the network and install the ppkg file to get enrolled with Hexnode MDM.

    1. Create a ppkg file using Windows ICD.
    2. Distribute this ppkg via external media/email.
    3. Click on the ppkg file and follow the on-screen procedure to get the devices enrolled with Hexnode.
  • Open enrollment

    Install the Hexnode agent app from the store and enter your organization’s Hexnode server address to enroll your Windows device in the MDM.

  • Email/SMS

    Users will receive an Email/SMS with the Hexnode server address. They have to authenticate with the credentials provided in the correspondence to enroll their devices.

  • AD-based enrollment

    Users have to enroll in Hexnode by authenticating with their organization’s Active Directory credentials along with the Hexnode server address.

8. Migration Fallback

Migration Fallback

There is a possibility that some of the device enrollments may end in failures. This may set back your whole productivity. We suggest some of our easier enrollment techniques as a workaround to quickly roll out your devices to the MDM console.
For Apple Devices use:

  • Email/SMS (Use either open/authenticated enrollment)
  • Pre-approved
  • Apple configurator (For supervised enrollment – iOS only)

For Android Devices use:

  • QR Code
  • Email/SMS (Use either open/authenticated enrollment)
  • Pre-approved

For Windows Devices use:

  • Email/SMS (Use either open/authenticated enrollment)

9. Monitor enrollment process

Monitor enrollment process

Monitor the whole enrollment process and track newly enrolled users using report analytics. Identify the devices still in unenrolled/enrollment failed state. Use any of the methods mentioned in migration fallback to enroll it back in Hexnode MDM.

Post-Migration Phase

This phase includes all checks and surveys to be carried out to ensure that all devices are migrated from your previous vendor to Hexnode MDM successfully.

  • Device Inventory checks: Export the details of all devices enrolled in Hexnode MDM from the Reports tab. Compare this list with the exported legacy MDM provider’s device database. This will help to find out all the devices which are still not enrolled in Hexnode MDM.
  • Restoring back-up data: For Apple devices, you can restore saved data by logging into your devices using your iCloud or Managed Apple ID. Cloud-hosted data can also be retrieved from cloud services like Google Drive, Dropbox, Box, etc. This will ensure no data loss after the migration process.
  • Unsubscribing the services of old MDM: Decommission the services of your previous MDM provider and inform users about the deactivation so that any of the users who continue using the services can migrate to Hexnode MDM.
  • Surveys and feedback on new MDM: Collect users’ feedback to identify any issues or new requirements in your new MDM solution. Conduct surveys regularly to analyse the user experience so that training sessions can be arranged, if needed, for new areas and use cases.
  • Troubleshooting / Support plan to assist with migration: Equip yourself with the world-class support team from Hexnode MDM to assist you in issues regarding migration. Clear your queries by referring to the published FAQs and other how-to articles to mitigate troubleshooting issues.