Devices should only have one MDM provider.
Users must unenroll their devices from the current MDM provider before they enroll in Intune.
- Set up Intune
- Deploy apps and create app protection policies
- Unenroll devices (The devices are vulnerable until they enroll in Intune and start receiving your new policies)
- Optional, but recommended (If you have Microsoft Entra ID P1, also use Conditional Access to block devices until they enroll in Intune)
- Optional, but recommended(Create a baseline of compliance and device settings that all users and devices must have)
- Enroll in Intune
Reference : https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-intune-setup
Example : From MobileIron to Intune
Assess your current MobileIron setup, including device configurations, applications, and policies.
Although the migration should not affect user data, it’s advisable to back up important data to iCloud or another backup solution.
Apple MDM Push Certificate: Ensure you have an Apple MDM Push Certificate set up in Intune. This certificate is required for managing iOS devices.
Configure Enrollment Profile: Create an enrollment profile to configure how devices will be enrolled in Intune.
Remove Devices: You can unenroll devices individually from the MobileIron console. This usually involves:
Factory Reset (Optional): For a clean slate, you can perform a factory reset on the devices, especially if they are configured as supervised devices via Apple Business Manager. This ensures all previous MDM profiles and configurations are completely removed.
Enrolling Devices into Intune.
Monitoring and Support.
A reset is required if you want to manage iOS devices as corporate-owned with full supervision using ADE or Apple Configurator.