Skip to content
key to successful mdm migration: enlisting users
Blog Recent News Key to Suc...

Key to Successful MDM Migration: Enlisting Users

Kandji Team Kandji Team
8 min read

Migrating from one MDM solution to another can be a huge win not only for an Apple IT team but for its organization as a whole. That move can unlock efficiencies, reduce costs, and improve security and compliance for everyone. But in pitching, planning, and executing such a migration, it’s good to keep one particular constituency front of mind: your end users. Ultimately, they’re the real reason you’re switching—and you can’t make the move without them. 

To find out how to effectively work with those users during a switch from one MDM to another, we surveyed Kandji customers who’ve been through the migration process themselves, as well as the Kandji solutions engineers who guided them through that process. Here’s the gist of their advice about communicating and working with end users before, during, and after a migration.

Enlisting Users Before the MDM Migration

If your current solution is painful to use, if you and your team are spending all your time debugging it or crafting unwieldy workarounds, that’s hurting your users, because they’re not getting the help they need. If your performance metrics tell you that user tickets aren’t being addressed as promptly as you’d like or if their volume is increasing, that’s one sign that it could be time to switch.

Robby Siu, senior manager of IT at Demandbase, says he knew that time had arrived “when my whole department was getting ready to exit.” 

“They were tired of the old MDM solution. They spent hours and hours trying to troubleshoot issues.” Those issues ranged from devices that never checked in to software updates that just didn’t happen. All that troubleshooting was a time suck and a drag on morale. “And our users were frustrated because we were unable to resolve their issues.”

As you evaluate a potential new solution, you need to ask yourself, Will it make things like software updates easier for your users (as well as for you)? Does it notify those users nicely when such updates are happening and give them some say as to when they’ll actually take place? 

More importantly, will the new solution save you time? Does it make it easy for your IT team to do the things—such as specifying configurations on endpoints—that you need to do on a daily basis? 

If you’re giving a potential new solution a trial run, pay attention to the quality of its tech support. Presumably, the vendor will put its best foot forward during trials. But even then, you can get a sense of how responsive the support team is. The less time you spend waiting for support, the more time you’ll have to help your own users.

Your users can actually help you with such trial runs. Of course, you’ll want to try out any new solution on some dedicated test devices first. But if you can expand that trial to production devices, it can’t hurt to include a few of your savvier users, too. That will give you a more real-world sense of how well the solution serves your nontechnical audience. And they may see things that your IT testers miss.

Finally, when it comes to making the case for a given solution to your boss, department head, or executive team, it can be smart to stress the benefits for end-users. Arguing that those users will be happier with the new solution—because of its features or the time it gives you back to support them—may speak more eloquently to your executives than any technical specs.

How Users Can Help During an MDM Migration

OK, so you’ve trialed the new solution, decided it’s the right choice, and received the approval from leadership. The papers are signed, and you’re ready to migrate. Before you do anything else, you need to communicate about the change to your users.

The biggest reason for that is that, in most cases, you literally can’t do the migration without their help. So you need to let them know not only what’s happening and what they’ll need to do but also what’s in it for them.

“Users are always going to have to interact with the enrollment process— that's the way that Apple designed it,” says Kandji Solutions Engineer Jim Quilty. To maintain security and protect user privacy, Apple deliberately set up the MDM framework so that, on the Mac, an end user always has to approve the installation of the MDM profile and enroll in the new solution. “It's important to let them know, ‘Here's what you're going to need to do.’”

As for providing the “why,” it helps to understand the pain points the old solution presented to them. “We had troubles with the previous solution’s application portal,” says one admin we talked to. "So I told them that, if you do this, you’ll never see that portal again. And we had people calling immediately, asking, ‘Can we do it now? During lunch?’”

Your user communications could start with an email along the following lines: 



We will be moving to a new device management vendor by [DATE].


[NEW SOLUTION] will help us protect the data on your device and ensure compliance while delivering the apps and other tools you need to do your best work. It will help us keep those apps and your operating systems up-to-date with the latest and greatest features without unduly disrupting your workflows.


Over the next X days, you will receive a series of notifications. Please respond to them. You will just need X minutes to follow the prompts. I’ve included some screenshots to show you what those notifications will look like and how you should respond to them.

This raises another point: Your trial run and any subsequent testing are excellent opportunities to take plenty of screenshots, which you can then use in the documentation you’ll be creating and distributing to users.

Ideally, your users would be able to initiate the migration process themselves, perhaps through your old solution’s self-service interface. If you go that route, it’s smart to give them a deadline.

One other key to keeping users happy: Make sure your IT team is fully trained on the new solution well before launch day. That way they’ll be ready to answer any questions or address any issues that do crop up during or immediately after the migration. Depending on the complexity of the solution and of your tech stack, some structured training sessions, followed by ‘free play’ time with test instances of the new tool—perhaps with some kind of test assignment (“Set up a passcode policy”) should do the trick.

After the Migration: Keep Communicating

The goal here is that you and your users will both be happier after the migration. But change can make people nervous; thorough communication is the best way to calm them down. A new MDM solution will likely do things on your endpoints that could confuse users. Depending on the solution, things like OS updates may look different. You should be able to head off any confusion or complaints with good communication and documentation. 

Also, if the new solution lets you impose any new restrictions on users, let them know about those changes beforehand so they aren’t caught off-guard. It’s wise to explain the reasons behind any such changes preemptively so it doesn’t seem like this new solution is making life worse for them—or at least more restrictive—than it was before. 

The bottom line is that migrating to a new MDM solution is more than just a technical process; it requires good ‘soft’ skills as well. And it’s more than just a technical change for IT: It should make life easier for you, which should make life better for users. And that, ultimately, is the entire point.

About Kandji

Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.