Apple's ADE Migration Methods
Overview
Apple's Device Enrollment Program (or ADE) simplifies iOS and macOS devices management by automating devices enrollment and enabling Supervision during setup. This program is managed from the Apple Business Manager (ABM) portal.
To learn more about Apple's Device Enrollment Program, please consult the official documentation.
Exodus support two approaches for migrating your ADE devices: the Official migration method and what we call the Standard migration method.
The second option can be considered as a workaround to avoid the inconvenience of having your end-users losing all their personal data.
ADE migration methods
In this section, we will explain in details both options.
Apple's Official migration method: with an Erase command
The Official migration method will automatically migrate your ADE devices by initiating an Erase (or Factory Reset). The device OS will trigger a custom booting sequence which will let your end-users enroll against your Target Tenant. This custom booting sequence can be configured from your Target Tenant prior to the devices migrations. ADE devices that were Supervised prior to their unenrollment will stay Supervised once re-enrolled.
Keep in mind that your end-users will lose all their personal data in the process and won't be able to leverage iCloud backups to restore any previous state.
Exodus's Standard migration method: without an Erase command
The Standard migration method skips the Erase command and triggers a Retire command to unenroll and re-enroll the devices. By doing this, your end-users will keep all their personal data and like in the Official migration method, your devices will still be Supervised once fully migrated.
This migration method works perfectly, but comes with some drawbacks that you need to be aware of:
- Despite the fact that the device will still be Supervised, your end-users will be able to unenroll from your Target Tenant by deleting the management profile in the settings of their device.
- Once unenrolled, if your end-users decide to erase their device on their own, their device will be assigned once again to the correct virtual server in Apple Business Manager portal but will not be associated to the correct end-user. Their device will be migrated in your Target Tenant as a generic unauthenticated staging user.
Despite the above drawbacks it is important to understand that even if a device gets factory reset by an end-user, the device stays listed in Apple Business Manager and does not get revoked from the program. It is never lost.
Migrating your ADE devices
In this section, we will detail what are the required actions in the Exodus Console and Apple Business Manager portal for both migration methods.
The Official migration method
In the Batch form Options section, enable the switch buttons for either or both of your Apple devices. During their subsequents migrations, they will be invited to follow the Erase migration method.
The Standard migration method
In the Batch form Options section, leave the switch buttons disabled for your Apple devices. During their subsequents migrations, they will be invited to follow the Standard migration method.
ADE devices reassignments in Apple Business Manager
Once your Batch is created, Exodus will automatically detect any ADE devices and will list them as ADE
in the Enrollment Type
column of the Device List.
In Workspace ONE, Exodus will be able to list as ADE only the ADE devices enrolled within the specified OG with the local default profile assigned.
Before migrating these devices, they must be reassigned from the Source Tenant virtual server to the Target Tenant virtual server in Apple Business Manager portal:
- In the selected Batch, filter the Device List with the "ADE" value then click the
Export
button at the bottom of the table to retrieve a.csv
file with the Serial Numbers of the listed ADE devices. - Go to your Apple Business Manager portal.
- Select
Devices
in the side menu. - Copy and paste the list of Serial Numbers in the
Search
text field. - Select
All devices
. - Click on the
Edit
button for Edit MDM server - Select the virtual server bound to your new Target Tenant in the
Assign to the following MDM:
drop down menu. - Confirm your choice, your devices are now assigned to the Target Tenant virtual server.
Be aware that the automatic synchronization of the Target Tenant with Apple's servers might take a while.