What are you guys doing to cut costs?
Sit in any room full of CEOs, investors, or executives, and you are bound to hear the conversation steer toward how to best conserve capital. The current macroeconomic climate is motivating organizational leaders and regular folks alike to reexamine their budgets.
There are many ways for small to medium-sized enterprises (SMEs) to curb spending, but one of the easiest avenues is tool consolidation. Instead of licensing 10 different point solutions, why not incorporate them into three or four multi-purpose platforms?
The JumpCloud Platform Directory unifies IT stacks under one pane of glass, merging directory management and mobile device management (MDM), among other capabilities. The result? A frictionless admin experience that saves time, energy, and money.
MDM Migration: Apple Business Manager to JumpCloud
There has never been a better time to migrate from a single-point MDM to a multi-purpose IT management platform like JumpCloud.
There are several reasons for MDM migration, but it primarily comes down to a) wanting to conserve resources and b) wanting a better user experience than the current MDM provides.
Regardless of the motivation, MDM migrations often instigate compatibility issues, end-user resistance, and other complexities for admins to sidestep. This article will outline an Apple MDM migration strategy to ensure a smooth outcome, whether the devices are enrolled through regular device enrollment or automated device enrollment (ADE).
Are you currently relying on Apple Business Manager for your MDM needs? The remainder of this article will walk through the process of an Apple MDM migration.
1. Choose Your New MDM
Your device migration strategy not only depends on the new MDM but also on your current one. Take note of what you dislike about your existing MDM and make a wish list of what you’d like in your new MDM.
It’s worth considering what needs you need to fulfill in addition to Mac management before switching vendors. Although you can select a single-purpose MDM solution, comprehensive platforms exist to meet more of your identity and access management needs along with device management.
Things to consider when choosing a new MDM solution include:
A point MDM solution will likely be more expensive than an integrated solution. Case in point, many Apple-focused MDMs charge by the device, whereas a cloud identity management platform will charge by user and give you multiple devices per user.
JumpCloud gives you four devices included with its per-user charge. It’s worth assessing whether you’ll use enough of a single-purpose MDM’s feature set to justify the price.
A point Apple-only MDM solution likely has the deepest feature set for macOS devices, while a solution with MDM as just one of its capabilities will meet a broader set of needs in your organization — such as identity management and Windows and Linux device management.
For heterogeneous work environments, it’s important to adopt an integrated MDM solution that can onboard devices on other operating systems besides Apple.
You can also establish a zero-touch enrollment workflow with Apple Business Manager or Apple School Manager to automatically enroll new machines in JumpCloud MDM, as well as install the JumpCloud agent on them. The agent is used to propagate a user’s core identity to their machine and other device and identity management tasks.
You may also prioritize features like:
- One-click migration policies that enable the speedy enrollment of new machines.
- Customer support programs with proven track records of success.
- Baked-in policies for configuring machine settings such as enforcing full disk encryption, prohibiting removable storage devices, and modifying local firewalls.
Ensure you choose an MDM solution that addresses the seven most common challenges of mobile device management. With solutions for Apple MDM, Windows MDM, and Linux MDM, JumpCloud allows admins to implement cross-platform MDM that keeps all their devices secure. For the remainder of this article, we’ll assume you chose JumpCloud for MDM.
2. Establish a Connection Between Apple and JumpCloud
Configure JumpCloud as a mobile device management (MDM) server by establishing a secure connection between Apple and JumpCloud using certificate-based authentication. Use a push certificate to establish that secure connection between JumpCloud and Apple Push Notification Service (APNs). You’ll need an Apple ID and password to do this.
To configure MDM complete the following steps:
Log in to the JumpCloud Admin Portal and go to Device Management > MDM. On the MDM homepage, click Configure MDM:
Under Download Your CSR, click Download and save the file:
Click Go to Apple and log in to the Apple Push Certificate Portal:
Click Create A Certificate:
Upload your JumpCloud CSR, then click Continue:
Click Download to download the new certificate (for example, MDM_JumpCloud_certificate.pem). Then, in the JumpCloud Admin Portal, under Upload MDM Push Certificate on the Set-Up Apple MDM Certificate page, click Browse to find the Apple Push Certificate or drag and drop the file:
Finally, click Complete Setup.
A message on the MDM Home tab indicates that MDM is configured. As you can see, forging a connection between Apple and JumpCloud is easy peasy.
Click here to learn more about establishing a secure connection between Apple and JumpCloud.
3. Choose an Enrollment Method
After you have configured JumpCloud’s mobile device management (MDM) server, you can enroll your macOS, iOS, and iPadOS devices in MDM. JumpCloud MDM lets you securely and remotely configure your organization’s devices and update software and device settings.
Below are your options for enrolling company-owned and bring-your-own (BYOD) Apple devices:
- Apple’s Automated Device Enrollment (ADE): You can only use this method for company-owned Apple devices. The device must be added to your Apple Business Manager (ABM) or Apple School Manager (ASM) account.
- Regular Device Enrollment: For company-owned Apple devices that haven’t been added to either ABM or ASM, you’ll have to use the regular device enrollment.
- User Approval: This method is for enrolling personal iOS and iPadOS devices used to access company resources in the JumpCloud MDM. These devices must be running iOS 13 or later, and are owned by the user and enrolled by the user.
Read more about Apple and JumpCloud MDM integration.
It’s worth emphasizing that JumpCloud has a pre-built policy you can apply to JumpCloud-managed macOS devices. This feature allows you to enroll your devices in bulk.
When you apply the policy, you have the option of checking a box that removes the existing non-JumpCloud MDM enrollment profile and automatically un-enrolls them from their last MDM. You can also use this policy to enroll new machines quickly.
Unfortunately, organizations using automatic device enrollment can’t yet take advantage of JumpCloud’s one-click migration feature. Devices with removable enrollment profiles can take advantage of the feature. But if the profile is non-removable, unenrollment must originate from their current MDM.
For ADE-enrolled machines, you instead need to go through Apple Business/School Manager and switch the association of their serial numbers to the new MDM server. See Configuring Automated Device Enrollment for more information on configuring JumpCloud MDM in ABM/ASM.
JumpCloud Makes MDM Migration Easy
After you have configured, enrolled, and deployed your Apple devices, you’re MDM migration is complete. You can now remotely and securely implement policies and execute commands.
Use JumpCloud’s ready-to-use policies to securely and remotely manage devices in your organization or create custom policy profiles to distribute specialized payloads and restrictions. Some of the commands you can execute include lock, restart, shut down, erase, and unenroll.
With JumpCloud, Apple MDM is just one of the features to help you securely manage identities, access, and devices.