Meraki MDM migration risk: are your endpoint controls keeping up?

TL;DR: Migrating from Cisco Meraki Systems Manager requires cleanly removing old management control, reassigning device tokens, and preserving APNs or Android Enterprise trust so endpoints do not drift, lose control, or keep stale profiles, according to JumpCloud. The governance lesson is that endpoint identity transitions fail when lifecycle and cryptographic ownership are not treated as one process.

NHIMG editorial — based on content published by JumpCloud: migrating from Cisco Meraki Systems Manager to a replacement MDM

By the numbers:

• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.

Questions worth separating out

Q: How should teams prevent orphaned management profiles during an MDM migration?

A: Teams should remove the old management authority first, then confirm that the endpoint no longer receives policy from the retired platform before enrolling it elsewhere.

Q: Why do MDM migrations create endpoint identity risk?

A: Because the device is not just hardware.

Q: What signals show an MDM transition is not complete?

A: Look for stale profiles, orphaned certificates, missing organisation identifiers, failed push delivery, and devices that still appear in the retired platform's inventory.

Practitioner guidance

• Map the old and new trust anchors Document every device binding that points to the retired MDM, including ABM, ASM, Zero-Touch, APNs, and Android Enterprise service accounts.
• Sequence unenrollment before reenrollment Run targeted unenrollment through the original dashboard API before you push the new enrollment flow.
• Audit for stale profiles after cutover Check endpoint logs and local management state to confirm the old organisation identifier has been removed, then verify that certificates, profiles, and corporate payloads no longer reference the previous platform.

What's in the full article

JumpCloud's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step API unenrollment workflow for Meraki Dashboard operations
• Exact APNs and Android Enterprise payload handling during device handoff
• Detailed troubleshooting for stale profiles, push failures, and token mismatches
• Migration method trade-offs for factory reset, BYOD, and in-place transitions

👉 Read JumpCloud's guide to migrating from Cisco Meraki Systems Manager →

Meraki MDM migration risk: are your endpoint controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →