Migrating from another MDM

The guide outlines the procedures for migrating macOS and Windows devices from one Mobile Device Management (MDM) system to another, detailing steps for both supervised and unsupervised macOS devices as well as specific instructions for migrating Windows devices via Intune.

3 min read

Migrating Macs

There are two ways to migrate macOS devices from one MDM to another:

  1. For supervised devices (in Apple Business Manager): Migration requires changing the MDM server in ABM and disenrolling the device. Employees will receive a popup asking them to re-enroll in FleetDM, Primo's MDM.

    This change in ABM will not reset or affect any device data.

    By updating the MDM server in ABM, we can create devices in Primo and automatically assign them to your employees for migration tracking.

    Note that you'll need to manually remove devices from your old MDM, as this process doesn't do it automatically.

💡 Find more information about this migration directly here.
  1. For unsupervised devices: Apple doesn't allow multiple MDMs on a single device. The migration process requires two steps: first disenroll from the current MDM, then re-enroll in the new one. After removing devices from your previous MDM, you can use Primo's "invite to MDM" function to streamline deployment. The system will automatically send reminders every 7 days to employees who haven't enrolled, and you can monitor the migration progress through your dashboard.

Migrating Windows Devices

Before starting

If you have connected Intune and Entra ID, here is the procedure to follow before initiating the migration

  1. Set FleetDM up as external MDM on Entra ID : https://primo.mdm.getprimo.com/settings/integrations/automatic-enrollment/windows
  1. On Entra, switch the automatic enrollment to Fleet :
    • Then select “Intune”
    • Select “None” in both options and Save
    • Do the same on “Fleet” but select “All” instead

Migrating your devices individually from Intune

Follow these steps to migrate your devices from Intune one by one :

  • Enroll the computer in Primo, the device will be created in Primo with the status "Enrolled in another MDM"
  • Use the migration button in Primo to apply the migration script

Migrating all your devices from Intune

Follow these steps to migrate your devices from Intune:

  1. Upload the following script
    • Find your full MDM URL:
      • The format is: https://REPLACE_BY_COMPANY_NAME.mdm.getprimo.com/api/mdm/microsoft/discovery
      • Replace REPLACE_BY_COMPANY_NAME with the company name / domain that is present in the Fleet URL
    • Paste it in the script, replacing INPUT_URL_HERE
    • Upload the script on the your MDM instance (Controls > Scripts)
      $EnrollmentsPath = "HKLM:\SOFTWARE\Microsoft\Enrollments\"
$Enrollments = Get-ChildItem -Path $EnrollmentsPath
$DiscoveryServerFullUrls = @("INPUT_URL_HERE")

Foreach ($Enrollment in $Enrollments) {
    $EnrollmentObject = Get-ItemProperty Registry::$Enrollment
    if ($EnrollmentObject."DiscoveryServiceFullURL" -in $DiscoveryServerFullUrls ) {
        $EnrollmentPath = $EnrollmentsPath + $EnrollmentObject."PSChildName"
        Write-Host "Suppression de l'inscription : $EnrollmentPath"
        Remove-Item -Path $EnrollmentPath -Recurse
        Write-Host "Inscription supprimée. Réinscription de l'appareil..."
        & "C:\Windows\System32\deviceenroller.exe /c /AutoEnrollMDM"
        Write-Host "L'appareil a été réinscrit."
    }
}
  1. Create a policy to migrate
    • Re-use the URL from above
    • Paste it in the query below, replacing INPUT_URL_HERE
      SELECT 1 FROM registry 
WHERE path LIKE 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\%%'
AND name =  "DiscoveryServiceFullURL"
AND data NOT IN ("INPUT_URL_HERE")
  1. Link script to policy
    • Navigate to Policies > No team
    • Click on “Manage automation” and link the script you uploaded to the newly created policy
Related articles
Did this answer your question?