Although we strongly recommend the erase and redeployment of devices when switching between macOS management solutions (detailed here), it is possible for datajar.mobi to migrate devices that are already deployed and in use.
Limitations
We at dataJAR will do our upmost best to ensure the process is as smooth and repeatable as possible, however there is no Apple supported method to migrate management solutions without erasing devices. As a result, there will be a percentage of devices that may fail the process and require manual intervention by our support staff, possibly requiring an erase and redeployment regardless.
Devices enrolled without an erase and redeployment also have a higher risk of harder to troubleshoot issues as older deployments or configurations can interact in unpredictable ways with the new management system. Again, dataJAR will do our upmost best to ensure this risk is minimised, but this may result in increased time for resolution of occasional support issues, also possibly requiring an erase and redeployment to fully resolve. Support staff will work through any issues to ensure that this is the last possible option.
This process is limited to macOS devices running macOS 10.15.x or older, and migrating from a Jamf Pro on-premise or cloud instance only.
Requirements
In order to deliver a migration workflow, dataJAR will require:
- Full admin access to the current Jamf Pro implementation, including access to create policies, scripts and Jamf Pro accounts, and to upload Mac packages
- Minimum 2 customer test devices enrolled in the current solution
- Users to manually "accept" the MDM profile post migration
- (FileVault encrypted devices only) Users to enter their FileVault user account password when prompted to allow us to re-generate and escrow the FileVault Recovery Key
High Level Process
The high level process for end users would look similar to the below
Migration
1) The user will launch Self Service and run the "Jamf Migration - Migrate to datajar.mobi" policy.
2) This will display the policy information. The user should save and close any work they have open and click "Migrate".
3) The policy will complete in the background and show a notification to the user when it has completed. The policy will next run in the background to attempt the migration.
4) This can take a few minutes to complete. Once the migration is successful, the datajar.mobi Progress Screen is displayed.
Note: If the migration process fails, the device will be temporarily re-enrolled to the previous Jamf Pro solution and will automatically reattempt every 30 minutes.
5) Users should pick the "Migrated" role (if one is available) or the correct role for their usage
6) The rest of the migration and deployment process will continue and the device will restart once complete.
Post Migration
After the device has restarted, the user will need to "Approved" the MDM Profile.
1) Launch System Preferences, and click "Profiles"
2) Scroll down until the datajar.mobi MDM Profile is found. Select this on the left hand side
3) Click "Approve" on the right hand side
4) Click "Approve" again on the popup message
FileVault Recovery Key
In order to collect and escrow the FileVault Recovery Keys into the new datajar.mobi solution, we will need to ask the user for their FileVault user password. This prompt will happen once per day, but will also be available in Self Service. This process looks like the below:
1) The once per day popup message. Click "Next"
2) Enter your user login password when prompted
If you require further assistance or support, please contact our support team.