Skip to main content

MDM Migration Options in Jamf Pro

Updated over a week ago

Description

Apple Business Manager (ABM) and Apple School Manager (ASM) now support native device management service (MDM) migration, introduced with iOS 26, iPadOS 26, and macOS 26.

Eligible devices can be moved from one MDM server to another without wiping or manually re-enrolling them. This is a significant improvement over previous workflows, which typically required a full device erase and reset.


This article covers two workflows that take advantage of this feature:

  • Workflow 1: Migrating devices to a new MDM server using ABM/ASM (standard migration use case).

  • Workflow 2: Using MDM migration to restore APNs communication in Jamf Pro without wiping devices.


Requirements

The following requirements apply to both workflows. Devices must meet all applicable criteria to be eligible for MDM migration.

  • Devices must be running iOS 26, iPadOS 26, or macOS 26 or later.

  • If a device was enrolled manually using Apple Configurator, the 30-day provisional period must have passed before migration is possible.

  • Migrating to or from a device management service within Apple Business Essentials is not supported.

  • Devices enrolled using Automated Device Enrollment with is_return_to_service=true are not eligible.

  • Device management service migration is not available on Shared iPad.


Migration Workflows

Workflow 1: Migrating Devices to a New MDM Server

This workflow covers the standard migration use case: moving enrolled devices from one MDM server to another using Apple Business Manager or Apple School Manager. This is useful when switching MDM vendors, restructuring your device management environment, or migrating to a cloud-based MDM solution.

  • End users are guided through a simple re-enrollment process with minimal disruption. No device wipe is required.

  • Options for managing Activation Lock and managed apps.

  • Existing user data and device configurations are preserved.

For complete step-by-step instructions, refer to Apple's official guide 🔗 Migrate Devices to a New Management Service In ABM.


Workflow 2: Restoring Communication in Jamf Pro Without Wiping

This workflow can be used in scenarios where managed devices may lose communication with Jamf Pro — for example, an APNs mismatch. Historically, restoring communication required wiping the affected iOS/iPadOS device.

With Apple's MDM migration functionality, this can now be resolved without a wipe, provided the device meets the requirements above.

Use the expander below to walk through each step of the process.

Workflow Step-by-Step

​Step 1: Create a new MDM Server Token in AxM and a new ADE Entry in Jamf Pro

  1. In Jamf Pro, navigate to Settings > Global > Automated Device Enrollment.

  2. Click Public Key on the upper-right side of the page to download the key. Do not open the downloaded .pem file and keep it accessible for the next steps.

  3. Log in to Apple Business Manager or Apple School Manager.

  4. Click on the username in the lower-left corner and choose Preferences.

  5. Ensure that the resulting page has a 'Your MDM Servers' section.

    1. If the 'Your MDM Servers' section is missing, ensure the Apple Account used to log in has appropriate permissions.

  6. Select Add under Device Management Services to create a new MDM Server Token.

  7. Give the MDM Service Name a unique name.

  8. Under MDM Server Settings, either drag/drop the Public Key or click Upload Certificate to select the file from your computer.

  9. Click Save.

  10. Click Download Token located at the top of the page.

  11. Back in Jamf Pro, navigate to Settings > Global > Automated Device Enrollment.

  12. Click New.

  13. Enter a Name and upload the .p7b token downloaded from AxM.

  14. Click Save.

Step 2: Associate the new MDM Token in Jamf Pro

  1. Either create a new PreStage Enrollment or edit the existing PreStage Enrollments and associate the new MDM Token under the Automated Device Enrollment Instance dropdown.

  2. Make sure that Automatically assign new devices is enabled in the PreStage Enrollment for ease of workflow.

Step 3: Associate the Devices to the New MDM Server Token in AxM

This process will kick off the Enrollment Complete trigger, so if there are policies that you don’t want re-running, modify the Re-enrollment settings temporarily while the devices re-enroll into Jamf Pro.

  1. Depending on the devices that have stopped communicating, in Jamf Pro, go to Computers or Devices.

  2. Select Search Inventory and click + New.

  3. Set the Criteria as needed to pull up impacted devices. We recommend including criteria that will filter out that devices that don’t meet the requirements for Apple’s MDM Migration feature.

  4. In the Display tab, make sure that Serial Number is enabled under Hardware.

  5. Navigate to Reports and click Download Report.

  6. Open the report using Microsoft Excel and copy the Serial Numbers:

  7. Log in to Apple Business Manager or Apple School Manager.

  8. Navigate to Devices and paste the Serial Numbers in the search bar.

  9. Click All Devices.

  10. Click Assign Device Management.

  11. Select the MDM Server created earlier from the dropdown.

  12. Click + Add Deadline and specify the absolute latest time for devices to switch over to the new MDM Server Token.

    Note: If Add Deadline is greyed out, you either have devices that don’t meet the requirements or it might be necessary to reach out to Apple Business Manager or Apple School Manager support to resolve.

  13. Click Continue.

  14. Press Confirm when prompted to change the device management service.

  15. You’ll then get a status/progress page.


​Step 4: End User Experience

  1. The end user will get a notification on their device which they can use to either dismiss the notification or proceed with the enrollment process. Location depends on the device type.

    • Mobile Devices

    • Computers: in the upper-right corner of the desktop,

      Note: The notification can be dismissed up-to the Deadline. Notifications display daily, and hourly 24 hours before the deadline. For the last hour before the deadline, the user receives notifications at sixty-, thirty-, ten-, and one-minute intervals.

  2. If the user proceeds through the workflow they’ll be brought to System Settings with the option to Start Enrollment.

  3. If they decided to manually proceed or if the Deadline forces the process, they will be presented with this full screen prompt forcing the User to Enroll:

    Note: The Not now text will be greyed out if the Deadline has been reached.

  4. After the user selects Enroll, they will be prompted for their password. Admin credentials are not needed. A Standard Account can preform this process!

  5. The device will re-enroll into the Jamf Pro instance and APNs communication will be restored.

More Resources

For additional information on notification behavior, deadline enforcement, and platform-specific nuances, refer to Apple's deployment guide 🔗 Migrate Managed Devices To Another Management Service.

Related Articles
Add an Apple TV into Apple School/Business Manager and enroll in Jamf Pro
Removing Jamf Pro Non-Removable MDM profiles
Unmanaging and Removing devices from Jamf Pro
Jamf School Enrollment Guide for iPhones and iPads
When Jamf Now deploys Self Service it displays "Cannot reach a Jamf MDM server"
Did this answer your question?