Mobile devices are extensively used in workplaces because of their productivity and cost-saving advantages. But the trend of using technology has resulted in serious security concerns about data breaches and leaks, loss of devices, and unauthorized access. Therefore, IT managers are on the lookout to securely manage company devices.
Companies want to facilitate using devices purely for work purposes or deploy a personal device that could separate work and personal data securely. Therefore, companies need robust mobile device management (MDM) solutions but setting it up often presents multiple challenges for the IT team.
Migrating from Existing MDM Provider
With technologies constantly evolving and a company’s needs always changing, there’s a high possibility that you may outgrow your MDM provider’s capability.
There are many reasons for switching MDM solutions, but the three most common ones include:
- Your current MDM provider does not provide the support you expect
- You a simple MDM solution with rich features managing all your devices
- The price of your current provider is too high
Migrating isn’t going to be easy. Switching all your devices to another MDM vendor can initially feel overwhelming, but don’t worry, it does not have to be so painful.
This article will throw light on switching MDM providers as seamlessly as possible, with the least disturbance for end users.
5 Things to Consider When Switching MDM providers
1. Logistically enrolling user devices into the new solution
The first thing you will need to consider before making the switch is how you are going to enroll your existing devices into the new MDM. For iPhones, you can use the following three tools along with your new MDM solution:
- Apple School Manager (ASM)
- Apple Business Manager (ABM)
- Device Enrollment Program (DEP only for supervised devices)
With ASM and ABM processes, end users can enroll and configure new devices automatically without requiring hands-on support from IT admins.
Android smartphones can be enrolled in an MDM with:
- Android for Work (AFW) Setup and Configuration
- Enroll devices Android Enterprise devices after unboxing or a factory reset, in the form of six-taps and scanning a QR Code
Using the above deployment tools for switching MDM gives you two options:
- Log in to the portal and move your entire token to your new MDM
- Create a new MDM server entry and move your devices to the new token
With both types of processes, the next time your devices are wiped, they will automatically get enrolled into your new management system.
2. Wiping for iOS and MAC devices
You can supervise iOS devices by pairing Apple Configurator or a device enrollment program (DEP) used with an MDM solution. With supervised iOS devices, IT administrators can easily control many settings of the device through an MDM solution.
Switching MDM vendors even for supervised iOS and Android devices involves wiping the device.
Thankfully, you can speed this process by simply sending a wipe command to your devices once you have moved the server token in either ABS or ASM (for iOS only).
While enrolling a Mac into an MDM, you won’t have to necessarily wipe it off. If the MDM profile can be removed (this will differ based on MDM providers), devices can be enrolled to a new MDM without having the need to wipe them.
3. Ensuring users’ data remains secure while switching MDMs
Here are the details you need to consider for different types of data on devices:
Mail: If the user’s mail account is an IMAP server or Microsoft Exchange, then once the new MDM’s profile is pushed in the device, the device will resynchronize all the data.
Note: Depending on the volume of data and the number of devices, this process could become network-intensive, which may cause a delay in loading the content.
Apps and app data: Certain apps sync data over the cloud so it shouldn’t be a problem. But certain apps only use local storage, which cannot be resynchronized. Therefore, a cloud restore should not be a problem, but be sure to double-check this for business-critical apps.
Photos, notes, & messages: If your device users are using cloud sync services or cloud backup, rest easy that all the content will sync effortlessly. However, if you have prohibited cloud backups as a strict corporate policy, you may have to configure a backup to your machine to sync all data, which can be burdensome.
For iOS especially: If you have a managed app distribution license through ABM or ASM, your organization can retain ownership of these licenses and can easily redistribute them using the new MDM solution.
4. Protect the network from increases in traffic volume during re-enrollment
While switching MDMs, you will see a large amount of network traffic, which mostly depends on what apps and content you are pushing to your devices. The location of your end-users during re-enrollment, either on-network or off, will also significantly affect the network traffic. Some of this traffic may be caused by devices that are directly downloading apps directly from the App Store.
As a best practice for BYOD devices, it is recommended to push only required apps and then encourage users to get other apps when the time is best for them, and especially not during a massive enrollment process.
Fortunately, if a Mac acts as a local caching server, it may be relieved from this network blockage. By properly configuring it, the caching server can easily deliver app store content to all Mac devices on the network without spanning across the internet to get the job done.
5. Informing users about the switch
It is critical to clearly communicate your MDM migration news with all your users.
While switching MDM, users may often see pop-ups about app licensing or their devices may need to be entirely wiped off as part of the plan. This may genuinely worry the end user. So instead of making this a secret program, empower users and make them a part of the enrollment process.
The OOB (out of the box) zero-touch deployment should be leveraged so that end users are a part of the process. If you have clearly communicated information about app and data retention, device wipes, etc., you can easily provide your users with a smooth setup experience.
Quick Migration Checklist
Make sure to prepare the following checklist before going ahead with your MDM migration plan:
- Create a timeline that you can adhere to for the entire process
- Don’t forget to evaluate and closely document existing workflows
- Prepare users for the transition
- Export data from the previous MDM solution
- Inform staff to turn in the devices
- Perform device wipes or un-enroll existing devices neatly
- Re-enroll devices into the MDM platform
- Conduct device assignments
- Check device inventory to ensure data transfer and device
Enjoy your successful device enrollment and MDM migration!