A quick look at the Exodus MDM migration tool
A bunch of former AirWatch folks built an MDM migration tool, which could be useful as companies contemplate EMM refreshes, update deployments, or go through organizational changes.
Recently I learned about an MDM migration tool called Exodus, from Mobinergy and H2G Lab, a group of consultants and mobile developers based in France and the UK.
Since MDM migration isn’t something we’ve covered previously on BrianMadden.com, and Exodus is a third-party tool that you might not have heard about, today I’ll share a quick look.
The migration landscape
Now that many companies have had enterprise mobility management deployments for five or close to 10 years, they may be thinking about making some changes. The EMM market is much more mature than it was at the beginning of the decade (though still not completely settled!), so a decision that you made in 2012 might not make sense in 2019 or 2020. Migration also comes up when companies make acquisitions, change the design of their deployments, or consolidate providers.
EMM—and MDM in particular—is a very sticky product, because once a device is enrolled to an MDM server, depending on the exact situation, it often has to be unenrolled and then re-enrolled to make a move. During this process, there’s a period when a device is unmanaged, which means that there’s a chance it could get lost or fall through the cracks and not get re-enrolled. There aren’t many migration products out there, but your EMM vendor will have guidance on the process.
Mobinergy and H2G Lab were founded alongside each other by a group of former AirWatch employees, and Exodus was created as a joint project. Recently, I spoke to Thibaut Bellon, co-founder of Mobinergy, and Damien Gosset, co-founder of Mobinergy and head of engineering at H2G.
MDM migrations also involve replicating groups and policies from one server or product in another, a significant project in its own right. Exodus comes in for the actual handover of the device enrollment.
Exodus comprises a user-facing agent app and a SaaS-based management service.
The app is installed prior to the migration (you can of course push it with MDM) and it keeps track of the device during the whole process. It walks users through re-enrollment, and can send them notifications if they don’t successfully complete it. The app also ensures that the device is on Wi-Fi and has enough battery life before starting.
The Exodus service keeps track of users and devices throughout the process, via the agent app and via API connections to the source and destination MDM servers. It can also help with Apple Business Manager configuration.
In the actual migrations, there are a lot of device and MDM mode variables. Are iOS devices managed in Device Enrollment mode (i.e., regular old MDM) or in Automated Device Enrollment mode (i.e., DEP)? Are they supervised? Are Android devices managed with legacy Device Admin agents or with Android Enterprise? Are you okay with wiping your devices, or do you want to preserve the data, and are you okay with the caveats? Is this a COPE or BYOD situation where devices have a primary user, or is this a shared or kiosk device?
All of these will affect the exact flow. I won’t go into the details here, but fortunately, the Exodus documentation is available to the public, and they have demo videos on YouTube.
For EMM/UEM platform sources (i.e., the MDM server that you’re migrating away from), Exodus supports VMware Workspace ONE, MobileIron Core, MobileIron Cloud, and Microsoft Intune. For the destination EMM/UEM, it supports Workspace ONE; support for Intune as a destination is coming soon. Exodus can also migrate macOS device from Jamf to Workspace ONE.
Exodus was launched last year at VMworld 2018 Europe, and, as they are based in France and the UK, they’re focused on EMAE for now. The team seems eager to get this in front of more customers, though. They do support via Slack, and Mobinergy is the distributor.
I can definitely see a need for tools like this. As I mentioned, there are many reasons why you might need to change your MDM setup, and migrating by attrition could easily drag the process out by years. Another reason is the new iOS User Enrollment mode, which requires unenrolling and re-enrolling. We’ll keep an eye on this.