Hi all
For our customers with existing enrolled Windows computers, we are migrating the way they are managed and this requires some new technology to be installed. The instructions on how to do this can be found on this IBM Support note: https://www.ibm.com/support/pages/node/7163512
What's this about?
This document refers to the migration process for Windows 10 and 11 computers which need to be migrated to the Modern Activation technology in order to maintain connectivity to the MaaS360 platform after 15th October 2024. After this date computers which have not been migrated will continue to send updates to the IBM platform; but will no longer be managed remotely – no remote actions such as Lock/Wipe etc. will be possible.
Note: the lack of remote management does not mean that the computers will stop working. It does however mean that unless a remote viewing tool is used, the administrator will not be able to connect to the computer remotely and will need to have it physically in front of them to make any changes.
Supported Windows versions
Windows 7: Migration not necessary.
New enrollments are not supported, devices can remain enrolled if desired. The migration process does not work for Windows 7, and support for Windows 7 has already been stopped by Microsoft. See here . IBM will stop support for Windows 7 in the future but without a specific date for now.
Windows 10/11: Migration necessary for those computers which have the following software installed: "IBM Endpoint Manager Action Agent".
- Windows 10 is supported by IBM and will be supported up to October 2025 by Microsoft.
- Windows 11 is supported by IBM and Microsoft.
- Versions supported include Home, Professional, Enterprise and Education.
https://www.ibm.com/docs/en/maas360?topic=saas-maas360-platform-system-requirements
If Windows 10 and Windows 11 computers have the “IBM Endpoint Manager Action Agent” software present, then they need to be migrated. If they do not have this software present, then they do not need to be migrated.
Windows Server
Windows Server machines are not supported for MaaS360 enrollment (unless used as Cloud Extender appliances) and therefore not subject to migration.
A full list of supported device types can be found here
Software present on devices
IBM Endpoint Manager Action Agent: If devices have this software present they need to be migrated.
IBM BigFix Remote Control Target: If devices have this software present but not the Endpoint Manager software mentioned, they do not need to be migrated. The Target app is an older app which might have been distributed and installed at a certain point in time but is not relevant to this migration.
How to search for impacted devices
Searching for impacted devices
To search for devices you can use the Devices / Advanced Search feature which allows for specific search criteria to be used.
Please use the search criteria exactly as shown below.
Using the exact criteria will ensure that the devices you choose to migrate will be the correct list, no more, no less.
|
Search criteria used
|
|
1. Search for = Active devices only
If you have inactive devices, which become active in the future, they may need to perform the migration also. Just change filter criteria on 1st line from “Active” to “All Records”.
|
|
2. With Device Type(s): Desktops / Laptops / Tablets only
Windows Mobile/Phone devices, Windows Virtual Machines and Servers are not supported for enrollment.
|
|
3. Last Reported
All Records (including devices which haven’t sent a signal in a long time)
|
|
4. Search Criteria: All Conditions (AND)
This ensures that the criteria you are searching are all conditional so that only devices matching all of the criteria are returned in search results.
|
|
· Condition 1: Hardware Inventory / Platform Name / Equals / Windows (NOT Mobile/Phone)
· Condition 2: Hardware Inventory / Managed Status / Equals / Enrolled
· Condition 3: Software Installed / Application Name / Contains / IBM Endpoint Manager Action Agent
|
|
|
Installation criteria
The permissions chosen when adding the MSI app to the MaaS360 App Catalog include System permissions, meaning no further administrator access is required, and Silent install, meaning the user should not need to interact. However, because of variations in the installation process there are some steps that the user will need to take.
Software names for agents installed by MaaS360
At various points in time and depending on when the device was enrolled, one or other software may have been installed in order to manage the device and send and receive information and settings. These pieces of software might be any of those below.
Apps you may find on your enrolled Windows PC’s
|
App name
|
Migration required
|
Supported for migration
|
Other information
|
|
IBM Endpoint Manager Action Agent
|
Yes
|
Yes
|
Migration required
|
|
IBM BigFix Remote Control - Target
|
No
|
No
|
No migration path – devices can remain as they are (not required)
|
Device inventory table
This table should help you to understand how many computers are enrolled in MaaS360 which require migration. If you recreate this table and record it as a decision point you will be able to refer back later.
|
Device type
|
Windows OS version
|
Migration required?
|
Comments
|
Device number
|
|
Desktop / Laptop
|
7 (only if already enrolled)
|
N
|
New enrollments not supported for Windows 7. No migration path for Win7
|
|
Desktop / Laptop / Tablet
|
10
|
Y
|
For Windows 10 computers with the “IBM Endpoint” software installed
|
|
|
Desktop / Laptop / Tablet
|
11
|
Y
|
For Windows 11 computers with the “IBM Endpoint” software installed
|
|
|
Desktop / Laptop / Tablet
|
10, 11
|
N
|
Migration not required where “IBM Endpoint Manager Action Agent” software is not present
|
|
Server
|
n/a
|
N
|
Windows Server not part of supported device types
|
Installation options
As planned the user has to get the activation link because the administrator has to send out an activation request. How can this be automated?
Please note that the activation link only applies for new non-MDM devices ie devices not already enrolled. Existing enrolled devices do not need to use the activation request.
Installing the MSI will require system permissions and in many cases, users do not have Administrator rights on their Windows computer. What can they do?
Please ensure you choose the option “System and User Installation” permissions on the “Installation Requirements” tab when adding the MSI into the MaaS360 App Catalog. This will ensure the necessary rights.
The MSI in itself does not contain Admin permissions. Should the option “Using Silent” on the Installation Requirements tab provide the option to get a silent install without requiring user intervention?
Depending on the way the PC has been set up this should happen without requiring user intervention.
How can I enroll Windows computers from now on?
Please see the attached file which gives you instructions on how to set this up.
Why wasn't I told about this?
We sent out notifications in February 2024 about this and more recently have contacted customers directly.