Apple's ADE Migration Methods
Apple's Device Enrollment Program (or ADE) simplifies iOS and macOS devices management by automating devices enrollment and enabling Supervision during setup. This program is managed from the Apple Business Manager (ABM) portal.
To learn more about Apple's Device Enrollment Program, please consult the official documentation.
Exodus support two approaches for migrating your ADE devices: the Official migration method and what we call the Standard migration method.
The second option can be considered as a workaround to avoid the inconvenience of having your end-users losing all their personal data.
ADE migration methods
In this section, we will explain in details both options.
Apple's Official migration method: with Full Device Wipe
The Official migration method will automatically migrate your ADE devices by initiating a Full Device Wipe (or Factory Reset). The device OS will trigger a custom booting sequence which will let your end-users enroll against your Target Tenant. This custom booting sequence can be configured from your Target Tenant prior to the devices migrations. ADE devices that were Supervised prior to their unenrollment will stay Supervised once re-enrolled.
Keep in mind that your end-users will lose all their personal data in the process and won't be able to leverage iCloud backups to restore any previous state.
Exodus's Standard migration method: without Full Device Wipe
The Standard migration method skips the Full Device Wipe and triggers an unenrollement and re-enrollement of the devices. By doing this, your end-users will keep all their personal data and like in the Official migration method, your devices will still be Supervised once migrated.
This migration method works perfectly, but comes with some drawbacks that you need to be aware of:
- Despite the fact that the device will still be Supervised, your end-users will be able to unenroll from your Target Tenant by deleting the management profile in the Settings of their device.
- Once unenrolled, if your end-users decide to erase their device on their own, their device will be assigned once again to the correct virtual server in Apple Business Manager portal but will not be associated to the correct end-user. Their device will be migrated in your Target Tenant as a generic unauthenticated staging user.
Despite the above drawbacks it is important to understand that even if a device gets factory reset by an end-user, the device stays listed in Apple Business Manager and does not get revoked from the program. It is never lost.
Migrating your ADE devices
In this section, we will detail what are the required actions in the Exodus Console and Apple Business Manager portal for both migration methods.
The Official migration method
During the Migration creation, select
Yes for the
Do you want to Wipe ADE Devices? option in the Source page of the form. Any devices listed as
ADE in the subsequent Migration will be invited to follow the Full Device Wipe migration method.
The Standard migration method
During the Migration creation, leave the default
No for the
Do you want to Wipe ADE Devices option in the Source page of the form. Any devices listed as
ADE in the subsequent Migration will be invited to follow the Standard migration method.
ADE devices reassignments in Apple Business Manager
Once your Migration is created, Exodus will automatically detect any ADE devices and will list them as
ADE in the
Enrollment Type column of the Device List.
In Workspace ONE, Exodus will be able to list as ADE only the ADE devices enrolled within the specified OG with the local default profile assigned.
Before migrating these devices, they must be reassigned from the Source Tenant virtual server to the Target Tenant virtual server in Apple Business Manager portal:
- In the selected Migration, filter the Device List with the "ADE" value then click the
Exportbutton to retrieve a
.csvfile with the Serial Numbers of the listed ADE devices.
- Go to your Apple Business Manager portal.
Devicesin the side menu.
- Copy and paste the list of Serial Numbers in the
- Click on the
Editbutton for Edit MDM server
- Select the virtual server bound to your new Target Tenant in the
Assign to the following MDM:drop down menu.
- Confirm your choice, your devices are now assigned to the Target Tenant virtual server.
Be aware that the automatic synchronization of the Target Tenant with Apple's servers might take a while.