feat: update MDM migration guide with new UX #22128
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spokanemac
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
noahtalerman
requested changes
Sep 17, 2024
articles/mdm-migration.md
Outdated
Comment on lines
14
to
46
| ## FileVault recovery keys | ||
|
|
||
| _Available in Fleet Premium_ | ||
|
|
||
| When migrating from a previous MDM, end users need to restart or logout of their device to escrow FileVault keys to Fleet. The **My device** page in Fleet Desktop will present users with instructions to reset their key. | ||
|
|
||
| To start, enforce FileVault disk encryption and escrow recovery keys in Fleet. Learn how [here](https://fleetdm.com/guides/enforce-disk-encryption). | ||
|
|
||
| After turning on disk encryption in Fleet, share [these guided instructions](#how-to-turn-on-disk-encryption) with your end users. | ||
|
|
||
| ## Activation Lock | ||
|
|
||
| In Fleet, the [Activation Lock](https://support.apple.com/en-us/HT208987) feature is disabled by default for automatically enrolled (ADE) hosts. | ||
|
|
||
| In 2024, Apple added the ability to manage activation lock in Apple Business Manager (ABM). For devices that are owned by the business and available in ABM, you can [turn off activation lock remotely](https://support.apple.com/en-ca/guide/apple-business-manager/axm812df1dd8/web). | ||
|
|
||
| If a device is not available in ABM and has Activation Lock enabled, we recommend asking the end user to follow these instructions to disable Activation Lock before migrating the device to Fleet: https://support.apple.com/en-us/HT208987. | ||
|
|
||
| This is because if the Activation Lock is enabled, you will need the Activation Lock bypass code to successfully wipe and reuse the Mac. | ||
|
|
||
| However, Activation Lock bypass codes can only be retrieved from the Mac up to 30 days after the device is enrolled. This means that when migrating from your old MDM solution, it’s likely that you’ll be unable to retrieve the Activation Lock bypass code. | ||
|
|
||
| ### How to turn on disk encryption | ||
|
|
||
| 1. Select the Fleet icon in your menu bar and select **My device**. | ||
|
|
||
|  | ||
|
|
||
| 2. On your **My device** page, follow the disk encryption instructions in the yellow banner. | ||
| - If you don’t see the yellow banner, select the purple **Refetch** button at the top of the page. | ||
| - If you still don't see the yellow banner after a couple minutes or if the **My device** page presents you with an error, please contact your IT administrator. | ||
|
|
||
| <img width="1399" alt="My device page - turn on disk encryption" src="https://user-images.githubusercontent.com/5359586/229950451-cfcd2314-a993-48db-aecf-11aac576d297.png"> |
There was a problem hiding this comment.
Why move these to the top? I think as a reader of the article I want to learn how migration works first. Then I want to learn how migration affects FileVault and other items.
cc @spokanemac
There was a problem hiding this comment.
Only some scrolls/reads to the bottom, and if you don't address FileVault and Activation lock ahead of the move, you'll have a tougher row to hoe. Happy to move it back down @noahtalerman.
There was a problem hiding this comment.
Makes sense. I think up to you @spokanemac
2 tasks
noahtalerman
had a problem deploying
to
Docker Hub
GitHub Actions
Error
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
|
9 tasks
noahtalerman
had a problem deploying
to
Docker Hub
GitHub Actions
Error
noahtalerman
previously approved these changes
Sep 20, 2024
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
|
@jahzielv and @spokanemac after Jahziel added the new screenshot, I made some more updates to reduce the language in the guide. I ended up moving the FileVault and Activation Lock sections to the bottom of the doc. If anyone is prepping for a migration they want to learn how migration works first. I think they'll scan the whole doc before they start a task as big as migration so they won't miss these sections at the bottom. Let me know what you think! If it looks good let's get the changes merged in 🚀 |
jahzielv
commented
Sep 20, 2024
jahzielv
commented
Sep 20, 2024
jahzielv
commented
Sep 20, 2024
|
@noahtalerman a few tiny typo/grammar things, otherwise LGTM! |
Co-authored-by: Jahziel Villasana-Espinoza <[email protected]>
spokanemac
had a problem deploying
to
Docker Hub
GitHub Actions
Error
spokanemac
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
spokanemac
approved these changes
Sep 20, 2024
|
@noahtalerman @spokanemac looks like we're gtg, shall I merge? |
|
@jahzielv go for it! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist for submitter
If some of the following don't apply, delete the relevant line.
changes/,orbit/changes/oree/fleetd-chrome/changes.See Changes files for more information.