Intune: as Target

Required environment’s information

You need to first set up all general prerequisites before proceeding to this guide.

Configure your users

In order for Exodus to verify that each of your Source Tenant users is present in your Target Tenant, you need to make sure that each user's email in your Source Tenant matches the User Principal Name (UPN) or email value of the associated user in the Target Tenant.

warning

Any device for which Exodus can't find a matching user in the Target Tenant, will be marked as failed with a sub-status: Target user not found (see the Console Guide's Device Statuses section for more details).

The next steps depend on the type of devices that you are about to migrate. Refer to the below sections accordingly.

iOS

If your iOS devices are bound to Apple's Automated Device Enrollment (ADE) program, you must follow the extra steps below.
If your iOS devices are not bound to ADE, then no extra steps are required.

Access to Apple Business Manager portal

You must have access to the Apple Business Manager portal where both your Source and Target Tenants are configured.

This is required so that you can reassign the ADE devices to the Target Tenant virtual server.

warning

To avoid any false device reallocation in the event of a Full Device Wipe, devices must be reassigned prior to any device migration.

Set up your Target Tenant's ADE Profile

Before proceeding with the migration, you need to check the configuration of your ADE profile in your Target's Microsoft Intune admin center in Devices › Enroll device > Apple enrollment > Enrollment program tokens, then select the corresponding ADE configuration.

Configure the ADE profile

In order to allow your users to re-enroll correctly after their device is factory reset, you need to configure your Target Tenant's ADE profile with the following settings:

1. Set User Affinity to Enroll with User Affinity to enable authentication screen during enrollment.
2. Select one of the authentication method to either Setup Assistant to let Apple display the authentication screen, or Company Portal to force your user to authenticate using the Microsoft Intune Agent app.

Set up the ADE default profile

Next, you must set a default ADE profile in Devices › Enroll device > Apple enrollment > Enrollment program tokens:

1. Select the corresponding ADE configuration
2. Click on Set default profile
3. Select the corresponding profile in the iOS Enrollment Profile
4. Click on Save.

info

Since 1.19, Exodus now automatically declares Apple Supervised devices as Corporate devices using Intune's Corporate Device Identifier feature.

Android

If your Android devices are bound to Google's Android Enterprise (AE) program, you must follow the extra steps below.
If your Android devices are not bound to AE, then no extra steps are required.

Google account setup

You first need a regular Google account or a G Suite account with administration rights.

Then you need to link this account to your Intune Target Tenant. To do so, in your Microsoft Intune admin center, go to Device > Enroll devices > Android enrollment > Managed Google Play and verify that your account is correctly setup following the official documentation.

Enrollment token and QR Code

Once configured, you'll need to provide to your users an enrollment token or a QR Code, so they can finish the Fully Managed enrollment process successfully.

To do so, go to Device > Enroll devices > Android enrollment > Corporate-owned, fully managed user device and save the provided values. See the official documentation for further details. (see Fig. 1.1).

Figure 1.1