Monday 12 February 2018

Migrate to Microsoft Intune from another MDM solution

Customers have asked me about this many times. How can we easily migrate to Intune from another MDM solution? Therefore I've decided to test drive a tool that I heard about recently. EBF have developed a tool called the EBF Onboarder and it supports the migration to Intune from pretty much all the well known MDM vendors. You can read about it here

It's really easy to use.



So let's start with the source MDM solution. You can see that I have a device waiting to be migrated.......



......and this is the EBF Onboarder. Click on New Migration to start.



Enter a name for the migration. Be creative.



Now we're asked to choose the source MDM system. The following solutions are supported sources:
  • Blackberry UEM
  • MobileIron Core (VSP)
  • MobileIron Core (EAS unmanaged)
  • MobileIron Cloud
  • AirWatch
  • XenMobile
  • Good for Enterprise
  • SAP Afaria
  • MaaS360
  • Sophos Mobile Control
  • Cisco Meraki
  • SOTI MobiControl
  • jamf PRO

Enter credentials for the source system. 



Microsoft Intune is the default target system. Enter your credentials. We only need to enter the tenant ID if the user has access to multiple tenants.



Click Find Devices.


EBF Onboarder connects to the source system and lists the device(s) that we need. Click Save Migration


Confirm that you want to Save the migration project.



You are presented with the content of the migration email that will be sent to users. This can be customized. Save the email.....




...and here is the migration. Check the box beside the users name and you can then select Send Invitations. This is so simple to use.

Now lets have a look at the behaviour on this Android device.


The user receives the invitation from EBF Onboarder for Intune.


The user opens the email and clicks on the Start Migration link.


The user is re-directed to the Onboarder service and asked to select Start Migration.



The first step is to retire the device from the source system. It's alarmingly quick (approximately 30 seconds).



Retirement is complete and now the user in invited to enrol with Intune. They are instructed to follow the Microsoft Intune link.



The user is re-directed to Google Play store and asked to download and install the Microsoft Intune Company Portal. We're familiar with the rest of the process at this stage.



User authenticates with Intune.........



.....and continues with the setup process.



The device is being added to Intune.



Enrollment is complete.


The device is available for management in the Intune portal.

The two-step retire/registration process on the device took less than five minutes and was very straightforward for the user to understand and follow. I was very impressed.

You can sign up for a trial on the EBF website The trial allows you to migrate 20 devices from multiple source systems and only expires when the 20 have been migrated.

I hope you found this blog post interesting. Until next time.........

24 comments:

  1. Thanks for this. Finally intune is supported. Im currently in phase of migrating from xenmobile to intune. Do you know if this and how this works if we currently use dep and or vpp? Further i presume this only takes care of un- and enrollment of the device in intune, it does not migrate policies etc?

    ReplyDelete
    Replies
    1. Yes, it's fully supported with DEP. It does not migrate policies.

      Delete
  2. Thank you for answering.

    ReplyDelete
  3. Thanks for this!

    Can anyone provide a set of instructions / web links on how to deploy Android apps from Intune to managed and enrolled devices ?

    I'm reading mixed reviews of if this is even possible. I can add an app, mark it as required where the enrolled Android gets a notification but I have not been able to work out how to deploy an app.

    Is additional licensing required ? Is it even possible ?

    ReplyDelete
  4. If an iPhone is under supervised mode, will it maintain that state from MobileIron to Intune using this service?

    ReplyDelete
  5. I'm pretty sure it does but I haven't tested. That's a question for EBF.

    ReplyDelete
  6. Looking for some assistance. What's the best way to move a user from Meraki to MS Intune??? I'm upgrading users during this too from an iPhone SE to iPhone 6s

    Scenario: User/Meraki/iPhone SE
    moving to MS Intune
    User/MS Intune/iPhone 6s

    I've been doing this:
    iCloud backup of old device that was in Meraki
    Restore to new iPhone 6s, that's in DEP & Intune

    Getting mixed results. Had some that I was able to restore and then Remote Management popped up and allowed enrollment.

    BUT.. I've had some where it just skips the Remote Management piece.

    Workaround, is to active new phone as a new device, then log into iCloud for the user, a turn on all that needs to be restored under icloud. Noticed I couldn't get the user's messages(sms) today.

    Is this best practice? Thoughts?? Is there a better way??
    THANKS!

    ReplyDelete
  7. This was really very helpfule

    ReplyDelete
  8. Good One Gerry!! Thanks.
    I am looking for MobileIron cloud users to Intune. May i know what are the impacts for MobileIron users during migration? Because we are planning to go ahead with batch migration, so Non-migrated users may get some issues. Please suggest.

    ReplyDelete
  9. You should leave the MobileIron policies in place until all the migrations are finished. Also be careful with conditional access. If you require devices to be compliant to access corporate resources then your MobileIron users will have problems.

    ReplyDelete
  10. Thanks for this post Gerry. I saw EBF has a video that shows some of the steps you described, but what about the backend? Can EBF take an existing MDM configuration and replicate the groups, apps, and device configs as well?

    ReplyDelete
    Replies
    1. No Danny, there is no migration path. You have to re-create all the configurations in Intune.

      Delete
  11. Hi All

    I am looking at this application to move from Sophos MDM on Sophos Central. Does anyone have details to enter on the source screen when using sophos mdm cloud, as i am not sure what customer field will be. I remember when it was on premise what this field was, but not in the cloud.

    Thank you

    ReplyDelete
  12. Hi All,
    I am looking to Migrate Mobile Devices From JAMF Pro To intune, do anyone have any article to help, to Migrate Devices from JAMF to intune

    ReplyDelete
  13. Hello, thanks for the blog its a good read, however i was wondering how this would work for devices enrolled via apple DEP where the end user cannot remove the enrolment profile and android enterprise where the device needs to be factory reset to be re-enrolled in a corporate fully manage user device state
    many thanks

    ReplyDelete
  14. Hello, thanks for the blog its a good read, however i was wondering how this would work for devices enrolled via apple DEP where the end user cannot remove the enrolment profile and android enterprise where the device needs to be factory reset to be re-enrolled?

    ReplyDelete
  15. Hi, I want to migrate devices in Microsoft Intune from Blackberry UEM. what BAS user means

    ReplyDelete
  16. How does this handle DEP? Dont Apple devices enrolled in DEP/ABM call-to-apple only during the initial device setup process?

    ReplyDelete
    Replies
    1. Yes, that's right. The process I've shown here is for personal devices that the user has enrolled by downloading and installing an app.

      Delete
  17. Hi Gerry. Thanks for this post. Wondering what about computer migrations from AirWatch to Intune. We were told (by VMware support) that there's a risk for a computer to try to perform an Enterprise Wipe which we can't afford. Do you perhaps know if EBF can deal with a situation like that? We don't want the computers to by wiped out but get them enrolled into Intune.

    ReplyDelete
    Replies
    1. The enterprise wipe from Workspace One should not factory reset the device. It should remove enterprise data only. EBF won't help you with this. It just facilitates the underlying technology.

      Delete
    2. Thanks for your reply Gerry. What would the best and recommendable approach be in this case? At our company people are scared about the chance of having to deal with losing data. Enterprise data we don't care about because AirWatch deployment here was only meant for BitLocker encryption. There's nothing else set so we're hoping to have a smooth transition, yet nobody can assure us whether or not we can put user's data at risk.

      Delete
    3. The vmware documentation tells you that the users personal data should be safe, but you'll have to test it https://kb.vmware.com/s/article/50103263

      Delete
  18. Hi Gerry,

    Will this product help with a migration from Sophos to InTune, the problem we have come across that we are not able to find a work around for is the Android profiles Sophos is the Google workplace EMM and you cannot have 2 so we can not work out how we migrate all 200 users from Sophos to InTune as we cannot set up the profiles on InTune first.

    Hope that makes sense

    ReplyDelete