This guide provides instructions for migrating devices from your current MDM solution to Fleet.
For seamless MDM migration, view this guide.
To migrate hosts, we will do the following steps:
In ABM, unassign your hosts from your current MDM solution by selecting Devices and then selecting All Devices. Then, select Edit next to Edit MDM Server, select Unassign from the current MDM, and select Continue.
Assign these hosts to Fleet: select Devices and then select All Devices. Then, select Edit next to Edit MDM Server, select Assign to the following MDM:, select your Fleet server in the dropdown, and select Continue.
There are two migration workflows in Fleet: default and end user.
The default migration workflow requires that the IT admin unenrolls hosts from the old MDM solution before the end user can complete migration. This will result in a gap in MDM coverage until the end user completes migration.
The end user migration workflow allows the user to kick off migration by unenrolling from the old MDM solution on their own. Once the user is unenrolled, they're prompted to turn on MDM features in Fleet, reducing the gap in MDM coverage.
End user experience:
Configuration:
Available in Fleet Premium
End user experience:
Configuration:
In Fleet, you can configure the end user workflow using the Fleet UI, Fleet API, or Fleet's GitOps workflow.
After configuring the end user workflow, instruct your end users to select the Fleet icon in their menu bar, select Migrate to Fleet and follow the on-screen instructions to migrate to Fleet.
Fleet UI:
macos_migration
key in the GitOps reference documentation.org_info
key in the GitOps reference documentation.To see a report of which hosts have successfully migrated to Fleet, have MDM features off, or are still enrolled to your old MDM solution head to the Dashboard page by clicking the icon on the left side of the top navigation bar.
Then, scroll down to the Mobile device management (MDM) section of the Dashboard. You'll see a breakdown of which hosts have successfully migrated to Fleet, which have MDM features disabled, and which are still enrolled in the previous MDM solution.
Available in Fleet Premium
When migrating from a previous MDM, end users must restart or log out of their device to escrow FileVault keys to Fleet. The My device page in Fleet Desktop will present users with instructions on how to reset their key.
To start, enforce FileVault disk encryption and escrow recovery keys in Fleet. Learn how here.
After turning on disk encryption in Fleet, share these guided instructions with your end users.
In Fleet, the Activation Lock feature is disabled by default for automatically enrolled (ADE) hosts.
In 2024, Apple added the ability to manage activation lock in Apple Business Manager (ABM). For devices that are owned by the business and available in ABM, you can turn off activation lock remotely.
If a device is not available in ABM and has Activation Lock enabled, we recommend asking the end user to follow these instructions to disable Activation Lock before migrating the device to Fleet: https://support.apple.com/en-us/HT208987.
If the Activation Lock is enabled, you will need the Activation Lock bypass code to wipe and reuse the Mac successfully.
However, Activation Lock bypass codes can only be retrieved from the Mac up to 30 days after the device is enrolled. This means that when migrating from your old MDM solution, it’s likely that you’ll be unable to retrieve the Activation Lock bypass code.