Script: macOS MDM Migration Engine

The MDM Migration Engine is a shell script ran via an installed PKG from MDM which has the ability to:

  1. Performed an automated migration out of Jamf Pro and enforce a semi-automated MDM enrollment into a new MDM of choice.

  2. In any MDM other than Jamf Pro - wait for unenrollment command from MDM, and then enforce a semi-automated enrollment into new MDM.

  3. Incorporates the Activation Lock Engine before MDM Migration.

  4. Performs additional ancillary functions such as software removals (Jamf Connect, Jamf Protect, and Cisco Umbrella), and FileVault key re-escrows (Escrow Buddy).

The MDM Migration Engine pkg is uploaded to MDM and can be scoped for recurring check-in, or Self Service. The software is configured with a standard .plist that is pushed via MDM.

Demo MDM Migration from Jamf to Mosyle on macOS Sonoma:

MDM Migration Re-Enroll Window:

image

Sample Code:

image

Sample .plist configuration file applied via MDM and read via code:

image

Sample runtime log file, stored locally and obtainable via MDM extension attribute:

image

Full Confluence technical documentation: 

image
image

Composer .pkg composition:

image

Simplicity is prerequisite for reliability.

Edsger Dijkstra

Description

Greatly simplifies the process for migrating MDM solutions on the endpoint, without having to wipe the device. This saves immense technical labor and allows workplace productivity to continue in large organizations when switching MDM solutions.

Technology