Windows DTM to Windows MDM migration

For customers who still use Windows 10+ devices that are enrolled in DTM mode, which is a traditional agent-based management that is best suited for Windows 7, MaaS360® now provides modern management capabilities built on the Windows 10+ MDM APIs. These capabilities include over-the-air enrollments and management, security policies and restrictions, profiles push such as VPN, wifi, ActiveSync, and integration with Azure AD for Office 365 online roll out. MaaS360 also provides OS upgrade and patch management workflows that are based on the Microsoft Update Management workflows.

Migration steps

Use this workflow to migrate existing Windows DTM devices to MDM management:
  1. Download and install the latest Windows 10+ Bulk Provisioning Tool from the MaaS360 Portal. See Installing the Windows 10+ Bulk Provisioning Tool for the procedure.
  2. Configure options that are relevant to your environment in the Bulk Provisioning Tool. The SelfExtractingOA.exe file is exported to your desktop. See Configuring the Windows 10+ Bulk Provisioning Tool configuration wizard to create a bulk provisioning tool executable for more information.
  3. Host the SelfExtractingOA.exe file at a publicly accessible web URL.
  4. On the Enterprise App for Windows window, go to App Details and select URL option for the App upload option field. Enter the URL of the EXE file to the Windows App Catalog and then distribute the EXE to the specific Windows DTM device group using the Instant Install option, where the EXE is automatically downloaded and installed silently on devices. For more information, see Adding Windows executable (exe) files.

    The EXE file is distributed to all DTM-enrolled Windows 10+ devices. Once the EXE is installed on the DTM-enrolled devices, the devices are now enrolled in MDM. The DTM record is hidden (the MES agent deregisters the DTM record) and the new MDM record is now listed in the Portal. After the MES agent is installed on the device, the DTM record is marked inactive in the Portal.

Scenarios impacted by migration

Patch management

There is no impact to existing DTM devices that are enrolled on existing BigFix agents.

App management
  • If app distribution is in a pending state, the distribution applies to only one DTM device. Once migration is complete, the device record is hidden (inactive), and app distribution is pending. You must redistribute if you want to distribute for an MDM record. For redistribution of the same package, go to the app user interface and then distribute the package again to the newly migrated device (to confirm that after migration the new device uses the same name as before the migration).
  • If app distribution is complete, there is no impact to the migration process.

User association

When the migration is complete, upload the user association CSV file. When all MDM records are updated with the new record details, upload the CSV file once all the DTM devices are migrated to MDM. See Associating users with bulk enrolled Windows 10+ devices.

End-user portal

Once the DTM record is hidden (inactive), the new MDM record is displayed under the enrolled user in the Portal on the Devices Inventory (Devices > Inventory) page.

Tracking the migration process through advanced search

To track the devices that migrated from DTM to MDM or are pending migration to MDM, create one of the following advanced search groups:
  1. From the MaaS360 Portal Home page, select Devices > Advanced Search. The Advanced Search page is displayed.
  2. Create an advanced search group based on one of the following search criteria:
    • To track MDM devices that were created from the DTM to MDM migration workflow, configure the following options:
      1. In the Search for field, select Active Devices.
      2. In the With Device Type(s), select all device types.
      3. In the Last Reported field, select Last 7 Days.
      4. In the Search Criteria field, select All Conditions (AND), and then select Hardware Inventory > Device Enrollment Mode > In > Windows Bulk Provisioning.
      5. Click Search.
    • To track DTM devices that are pending MDM migration, configure the following options:
      1. In the Search for field, select Active Devices.
      2. In the With Device Type(s), select Desktops, Laptops, Tablets, and Other.
      3. In the Last Reported field, select Last 7 Days.
      4. In the Search Criteria field, select All Conditions (AND), and then select the following values:
        • For Condition 1: Software Installed > Application Name > Contains > IBM Endpoint Manager Action Agent
        • For Condition 2: Operating System > OS Name > Contains > 10
      5. Click Search.