UiBhelp's public knowledge cards

KI 2783 Transfer UiB Managed Mac from old to new management solution

(updated )
The guide describes how to transfer a UiB-operated Mac from the old operating setup (Micro MDM) to Microsoft Intune MDM.
If the Mac is running an outdated configuration with a dedicated Install account, and you lack administrative rights on the standard user, contact the IT department before proceeding.
1. Download program / script to remove old configuration
1.1.Install via app (recommended)
The program performs the following actions:
  • Checks that the mac is not already enrolled with Intune
  • Checks that filevault er disbled (if not the user must perform step 2 before the program cam be run again)
  • Checks if the mac has legacy setup with dedicated install-account (This does not work with FileVault enabled)

    After the checks are passed  it runs a script that removes old configuration (equivalent to mdm-to-intune.sh) and at last  "profiles renew --type enrollment "
    to enroll the mac to Intune.
1.1.1 - Download the app "uib-tuneinintune.pkg" from this page.

1.1.2 -  Install the uib-tuninintune app

Since the programs hasn't been "notarized" you must jump through some hoops to open the software installer like described in the link below:

https://support.apple.com/en-us/102445
1.2 Install via script:
Download the "mdm-to-intune.sh "script at from this page.

Quit everything on the system before continuing, the Mac will be restarted automatically without warning as part of the routine.
Run the script mdm-to-intune.sh (downloaded by default to "Downloads") as administrator:
  • open the terminal program and paste the line below
  • sudo sh Downloads/mdm-to-intune.sh
  • press enter type your password and confirm. (Note: your password will not be visible in the command line).
Your Mac will restart when the script has finished running.
2. Disable FileVault if it is enabled

Go to System Preferences, search for FileVault, and select "Turn Off...". FileVault will automatically be re-enabled when the machine is enrolled in Intune later.



###########
Important!
If you are unable to disable FileVault, contact your IT department before continuing with the process.
###########
 
3: Enroll to Intune
3.1. Enroll - option #1

Run the following command as administrator:
  • open the terminal application and paste the line below
  • sudo profiles renew --type enrollment
  • press enter
  • type your password and confirm. (Note: your password will not be visible in the command line).

The enrollment routine will start automatically. After a short while you will be asked to select Enroll and then log in with your UiB account (i.e. your UiB email address).

Then proceed with point 3.3.

If you get an error message in the terminal window. Continue with 3.2.
3.2. Enroll - option #2
Can be used in cases where Apple School Manager registration is missing
KI 2864


3.3 - Check that the configuration is in place
If you have used option #1, go to System Preferences - Profiles by searching for the profile in System Settings.
If you have used option #2, you are already in the right place.

At first, only the "Management Profile" will be visible under Profiles,

After a few minutes, more profiles should appear:

##########
Important! Leave the computer turned on for an hour to allow all the configuration pieces to fall into place. You are welcome to use the computer in the meantime.
Contact the IT department if any of the steps fail, or the list of profiles does not expand within half an hour.
##########
3.4 After the enrollment
3.4.1 Log in to the keychain for printers
A prompt "macOS - Log in to UIB.NO" will appear, log in with your UiB account (email address), to be able to use UiB's printers.


3.4.2 Check that the Managed Software Center is installed
Within an hour, the "Managed Software Center" should have been installed.

3.4.3 Enable FileVault
When you restart the computer the next time, you will be asked to enable FileVault, do this.