It wasn’t Topher Wheeler's first migration. Voice—an NFT platform for creators—is the third company where he has migrated from a previous device management solution to Kandji. Thanks in part to that experience, as well as help from Kandji, he moved every Apple device from the old device management vendor to Kandji in about three weeks. Here’s how.
Three Keys to a Successful Migration
After just a few weeks into his new role as Director of Corporate Technology at Voice, Topher knew he needed to find a better way to secure and configure the devices he was managing.
He also knew that switching to a new device management vendor would be difficult.
Voice had recently spun out of a parent company, so many of the company’s Mac computers were still missing from its Apple Business Manager account. Others had profiles from the parent company’s MDM still installed.
But from his previous experience with Kandji, he was confident that—with the Kandji team’s support and the Kandji MigrationAgent—he could make the move with minimal disruption. Here are three of the most important lessons he'd learned in those first two migrations that made this one work.
Begin with the End in Mind
Topher started with the end in mind: When migrating to Kandji, build out the broadest Blueprint that you possibly can—“What do you want your entire environment to look like, no exceptions?” he advises. Then, use that Blueprint as the foundation for the others. That means going through the entire list of settings in Kandji line by line, he says, and making a decision on each one. Kandji makes that easy, he says: “Everything has a description and a discussion of what it does.”
His second piece of advice: Using the Kandji MigrationAgent, test on a limited set of devices before rolling it out more widely. At Voice, Topher tested the migration with the IT team, then moved on to DevOps (which he says is “like an extended IT team”).
Topher let the Kandji MigrationAgent do the heavy lifting, autonomously performing all the steps involved in moving each Mac into Kandji. The automated prompts for his users meant that with just a few clicks they could be enrolled.
At Voice, testing the migration before the full rollout was when he discovered that many of the company’s devices were still attached to that previous organization in Apple Business Manager. Those devices had been removed from the previous MDM, but the old MDM’s profiles were still on the devices. When he tried to enroll devices via ADE, these profiles proved unremovable. He leaned on Kandji’s support engineering team to help him find a way through.
Communicate, Communicate, Communicate
His last bit of advice: Have communication and user-engagement strategies in place before you begin the wider roll-out. The migration itself requires end-user intervention and a restart, so users need to know what’s going on.
“If you're going to restart a computer, everyone is up in arms—‘I'm going to lose all of my Chrome tabs!’ ‘I haven't restarted in a year, why do I have to?’ So that communication piece is super-critical.”
Topher’s communications strategy started with making a step-by-step guide, then, after delivering Kandji’s MigrationAgent, giving everyone ample time to get it done.
Many of his users did so in the first week. “You'll have a decent majority—typically engineers—who will do things on their own.”
Once that first round was done, he created a Slack channel for people who hadn’t migrated and told the laggards they’d be removed from the channel when they finally did. That motivated most of the others to migrate.
Finally, for those who still hadn’t made the move by then—less than 30 users, he guesses—he set up 15-minute one-on-one meetings with each of them to walk through the process.
“We took a bunch of different avenues because everybody is going to be a little different. If you're an engineer and you'd rather do it by yourself, that's fine. But we'll be there to walk you through it if you don't feel comfortable.”
Life After Migration
Managing his fleet is, Topher says, "a lot easier now than it was before we made the migration."
For one thing, it’s easier to troubleshoot. “We are a fully remote company, so it’s super-helpful to get logs, to see what's going on with a device.” He says that previously the company had no real inventory of hardware, “which our security team hated because they needed a view of what our physical assets were and how they were deployed.” That’s all cleaned up.
And the company’s software distribution situation is significantly smoother. Previously, things were done ad hoc. Users were sharing installation files on Google Drive, which meant he had outdated versions of software floating around, which in turn meant an inordinate number of help-desk tickets and more risk for his security team. He’s now able to provide a standard suite of apps via Kandji’s Self Service.
In all of this, he says it’s been crucial to use as gentle a touch as possible, by putting as much control as he can in users’ hands.
“I just started here a few months ago and I have a lot of big plans, so I don't want to be seen as the totalitarian. You’ve got to ease people into things.”