By: Iris Yuning Ye – Product Manager | Microsoft Intune
Apple recently announced a major update at their Worldwide Developers Conference 2025 that solves one of the biggest headaches for admins: migrating macOS and iOS/iPadOS devices from one mobile device management (MDM) solution to another without factory resets, manual re-enrollment, or missing configurations. With the new MDM Migration capability in macOS 26 and iOS/iPadOS 26, built directly into Apple Business Manager, IT admins are able to transition devices from third-party MDMs to Microsoft Intune seamlessly, and without user disruption. Migrating devices to Intune helps IT admins consolidate device management across platforms, enforce consistent security policies, and reduce operational complexity.
In this blog, learn how to start using Apple’s MDM migration feature to easily move your macOS and iOS/iPadOS fleet to Intune.
Prerequisite: macOS/iOS/iPadOS 26 and enrollment into a device management service is required to use the Apple MDM migration feature.
1. Pre-migration – preparation and set up
Pre-Migration preparation and setup stepsBefore starting the migration process, there are five major steps to follow for preparation.
1.1 Keep a record of your devices
Start by creating a detailed inventory of all devices in your organization. This should include each device model, the version of OS it’s running, and whether it’s corporate-owned or user-owned. This step is critical because Apple’s new migration feature has specific OS version requirements. Knowing which devices are eligible helps you scope the migration accurately and avoid surprises later.
1.2 Document configurations in current MDM
Before making any changes, document all existing configurations in your current MDM platform. This includes:
- Configuration profiles: Capture all profiles related to Wi-Fi, VPN, email, and certificates. These are essential for maintaining connectivity and access post-migration.
- Compliance policies: Note any rules that enforce password complexity, encryption, or device health checks.
- Security baselines: Record settings such as FileVault encryption, Gatekeeper, and the macOS firewall to ensure security standards are preserved.
- Custom scripts: List any scripts used for automation, monitoring, or maintenance tasks.
- Deployed applications: Document all apps currently deployed, including how they’re delivered (Volume Purchase Program, App Store, or custom packages).
This documentation will serve as your blueprint for rebuilding these configurations in Intune.
1.3 Configure the Apple MDM push certificate
Navigate to the Intune admin center, create and upload an Apple MDM push certificate. This certificate allows Intune to securely communicate with Apple devices. Without it, device management and policy enforcement can’t function.
1.4 Add Microsoft Intune to Apple Business Manager (ABM) or Apple School Manager (ASM)
Next, integrate Microsoft Intune with ABM or ASM, by following these steps:
- Download the public key from Intune.
- Upload that key to ABM or ASM when creating a new MDM server.
- Then, download the server token from ABM or ASM and upload it back into Intune.
This allows ABM to recognize Intune as a valid MDM server and enables device assignment.
1.5 Set up MDM Configurations in Intune
Using the configurations documented in step 1.2, begin replicating existing configurations in Intune. This includes but is not limited to:
- Rebuilding configuration profiles for network access and security.
- Reapplying compliance and security policies.
- Re-deploying applications.
- Rewriting or importing scripts as needed.
- Identify the other controls to implement that improves Zero Trust.
Call to action: Please make sure testing the MDM configurations on a test device before assigning them to the devices you plan on migrating. And before initiating any migration, communicate with your endpoint users first, keeping them informed to avoid any confusion.
2. Migration – Admin step-by-step flow
Migration – Admin step-by-step flow.
The admin experience starts from ABM or ASM. After logging into ABM or ASM, navigate to the Devices section. Select the device or group of devices targeted for migration to Intune. Selecting the ellipsis on the top right of device overview interface unveils the “Assign Device Management” button.
Apple Business Manager device overview page – Assign Device Management.
Select the server you want to migrate the device to. In our case, it’s Intune.
Apple Business Manager device overview page – Assign Device Management pop-up window – select device management service to migrate to.
Apple Business Manager device overview page – Assign Device Management pop-up window – Specify enrollment deadline.
Confirm device assignment.
Apple Business Manager device overview page – Assign Device Management pop-up window – confirm device management service change.
Apple Business Manager device overview page – Assign Device Management confirmation window – ABM confirms device management service update.
3. Migration – Endpoint step-by-step flow
Migration – Endpoint step-by-step flow.
After completing the device management assignment, the device user receives a notification informing them that a management change is required.
|
macOS |
iOS/iPadOS |
| Mac device notification – management change is required. |
iOS/iPadOS device notification – management change is required. |
Mac device settings – Enrollment required.
When the user selects the notification, they are guided through a simple approval process. If the user doesn’t initiate enrollment before the admin set enrollment deadline, an enforced migration occurs, which results in a non-dismissible and full-screen prompt that must be completed by the user before using the device.
|
Regular migration |
Enforced migration (past deadline) |
| Device enrollment kickoff page – regular migration. | Device enrollment kickoff page – enforced migration (past deadline). |
Once the user approves the migration, the device communicates with Apple’s servers to get its new device management assignment. It then downloads and installs the new MDM profile. This migration process happens without rebooting the device.
Device enrollment change complete notification page.
4. Post-migration – Verification
Lastly, verify the migration and enrollment successfully completed by navigating to the Intune admin center and confirming the new devices are listed.
Screenshot of the Microsoft Intune admin center showing the successful enrollment of the new macOS device.
Please note, it's important to have test device verifying required configurations running smoothly before migrating large number of devices and test your devices after migration to ensure everything is working smoothly. If you run into any issues, further adjustments may be needed.
Special thanks to our Intune MVP, Somesh Pathak, whose content we leveraged in this blog! For more details and a video demo, check out Somesh’s blog at: https://intuneirl.com/mac-admins-your-migration-glow-up-just-dropped
Summary
In short, Apple’s new MDM migration in macOS and iOS/iPadOS 26 makes moving Mac, iPhone or iPad devices to Intune now easier than ever. With careful planning and a few simple steps, you can make the switch smoothly to manage your Apple devices all in one place.
For Mac devices that aren’t running OS 26, you can check out our Intune Github for migration scripts and review the blog Managing and migrating Macs with Microsoft Intune.
Let us know how your Mac journey is going by leaving a comment below, reaching out to us on X @IntuneSuppTeam, or join our Mac Admins Community on LinkedIn!
