̽»¨´óÉñ

This article describes how to migrate macOS devices from Kandji’s Mobile Device Management (MDM) to ̽»¨´óÉñ's MDM. You can centralize device management for your Apple, Windows, and Linux devices in the ̽»¨´óÉñ Admin Portal.

Before you begin, ensure that your Kandji-managed devices are enrolled in Apple’s Automated Device Enrollment (ADE) with (ABM) or (ASM). After the ̽»¨´óÉñ agent is installed, you'll use Kandji to remove the device’s enrollment and uninstall Kandji. You’ll then unassign the device in ABM and reassign it to ̽»¨´óÉñ’s MDM, and push the new enrollment profile to the device.

Preparing the Device in Kandji

To prepare the device in Kandji:

1. In Kandji, install a  for ̽»¨´óÉñ, using the settings described in Granting Full Disk Access Permissions to the ̽»¨´óÉñ Agent for MacOS.
2. Use Kandji to deploy the . See Deploy the ̽»¨´óÉñ Agent with a Third-Party MDM Solution to learn more.
3. Confirm that the device appears in the Devices List in the ̽»¨´óÉñ Admin Portal.
4. Remove the device from Kandji. See the instructions in the . 

Unassigning the Device from ABM or ASM

To unassign the device from ABM or ASM:

1. Log into your ABM or ASM account.
2. Click Devices in the sidebar and select your device.
3. Click Edit MDM Server.
4. Select Unassign from the current MDM and click Continue.
   
   
5. Click Continue again.

Reassigning the Device to ̽»¨´óÉñ’s MDM Server

To reassign the device to ̽»¨´óÉñ's MDM Server:

1. In ABM or ASM, click Devices in the sidebar and select your device.
2. °ä±ô¾±³¦°ìÌýEdit MDM Server.
3. ³§±ð±ô±ð³¦³ÙÌýAssign to the following MDM and choose the ̽»¨´óÉñ MDM Server from the list.
   
4. °ä±ô¾±³¦°ìÌýContinue and then click ContinueÌý²¹²µ²¹¾±²Ô.
   

Using a Command to Enroll the Device in ̽»¨´óÉñ MDM

To create a ̽»¨´óÉñ Command to enroll devices in ̽»¨´óÉñ MDM:

1. Log in to the .
2. Go to DEVICE MANAGEMENT > Commands. 
3. Click ( + ), then select Command From Template.
4. In the macOS tab, select Mac - Enroll MDM System in DEP | v1.0.2 JCCG and click configure.
5. For Event, select Run Manually.
6. Go to the Devices tab and select the device where you want to run this command.
7. Click Save.
8. Run the command to push the enrollment profile to the device:
   1. ​​​​In the Command List, select the check box next to the command you just created.
   2. Click Run Now.
      

Proceed to instruct the user to accept the new enrollment profile on the device and re-enroll in ADE.

Re-enrolling the Device in ADE

After running the command from step 8 in the previous section, users need to accept the profile and follow the steps to re-enroll their device. The steps differ depending on the version of macOS.

On macOS 15 Sequoia:

1. A Remote Management screen appears displays asking to confirm ̽»¨´óÉñ's management of your device. Click Enroll.
   
2. Enter an administrator password and click Enroll to allow the enrollment installation to proceed.
   
3. On the enrollment wizard, click continue.
   
4. When the enrollment profile has finished installing, you will see an enrollment complete message. The device is now managed by ̽»¨´óÉñ. Click Quit to begin using your device.
   

On macOS 13 Ventura or macOS 14 Sonoma:

1. To allow ̽»¨´óÉñ to automatically enroll your device, on your Mac device go to System Settings > Privacy & Security > Profiles, and click Allow.
   
2. A message displays asking to confirm ̽»¨´óÉñ's management of your device. Click Enroll. 
   
3. Proceed through the rest of the prompts to complete the enrollment process. By proceeding with an Automated Device Enrollment, the enrollment profile will be locked on the device and all entitlements will be restored for supervision state on macOS version 10.15.