This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 2%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMO%3C/text%3E%3C/svg%3E)
Hello,
I have a question regarding Tenant Migration for Devices.
We have an upcoming migration planned. I'm looking for a easy solution, i mean easy for the Users, not for IT. But preferably also easy for the IT. But it is more important that the users can migrate as seamless as possible.
Which would require:
No Machine Wipe / Reset wanted (if possible!)
Our Scenario:
Actual tenant1 is a Hybrid set-up form AD Domain Joined devices managed in Intune with Autopilot Hash ID's. We have a Domain1.com.
There is a second tenant2 with Domain2.com which has devices as well but not managed via Intune, they have a separate solution, but preferably they would also join then the new tenant to manage application and policies.
Now we have to migrate our machines to a cloud only tenant3 without any AD. The users are signed into the machine with Domain1.com on the tenant1 but on the new tenant3 the users will have Domain3.com as the company has a different brand name.
The tenant2 with domain2.com could later on join if that would be better for the migration in general.
We do not have yet anything configured.
What can we do, and what would be the best scenario to approach for both tenant1 and tenant2 to join the new tenant3.
Hi,
Based on my understanding,
if autopilot is required on target tenant, reset is required https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-how-to-transfer-windows-autopilot-devices-between-tenants/3920555
Please note that other factors to be considered like count of users, devices, location, authentication token cleanup, certificates, local admin account, enrollment GPO, etc.
Tenant migration is not a supported scenario for Intune. The supported and recommended way is re-enrollment that may have require reset\wipe.
You can also explore migration tools to migrate devices along with user profiles. Also, start with test migration to capture the environment specific dependencies, experiences.
If the above suggestion helps, please click on 'Accept answer' and 'upvote' it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
@Michael Ohff Thanks for posting in our Q&A.
For this issue, there is no method to do device migration without removing devices. The devices will need to be removing from the old tenant and then re-enrolled into the new tenant. You can export some policies and profiles from the old tenant and import them into the new tenant
Hope it will clarify something.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Michael Ohff I reviewed this thread and add more information. As I said, you can remove devices from old tenant.
I noticed your tenant3 is cloud only, so we can enable automatic enrollment in tenant3 and enroll these devices to tenant3 via Settings > Accounts > Add a work or school account > connect > Join this device to Azure AD.
Hope it will help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 44%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENL%3C/text%3E%3C/svg%3E)
Hello Michael, as someone who has done copious tenant to tenant migrations over the last 15years, I know how stressful this is.
For the workstations, yes, the official Microsoft response, is to wipe and reset, aka fresh start. And like Ashok says, there are alternatives like disjoin the device and re-joining to the new tenant one by one.
However, we've had customers where it is 9k to 15k machines which all have to happen in a single weekend, there is no number of help desk or admin resources that can handle with that without some serious downtime for the users and the organisation. Not to mention the length of time it takes to fresh start and to get all the apps re-installed.
As you have pointed out the vanity domain can only exist in one tenant so you have to move it big bang, and focus on all the identity during that weekend.
You can of course send out a new device to all 15k users in readiness but that isnt workable either.
Therefore to successfully migrate copious machines, like we did in the customers with 9k or 15k machines, is to use a tool like powersyncpro migration agent which will orchestrate all the devices in a single go, repermission the workstation, keep all the user profiles, and the user is back up and running on average within 7minutes.
We found actually a quite easy way to do it thanks to a community of Steve Weiner, he has made a possible way to migrate Hybrid AD-Joined devices from one Tenant to another as AD Joined devices only.
Sometimes you find struggles but if you can actually find the way around it should work. We face only minor issues which can be solved with PowerShell scripts post migrating.
https://stevecapacity.github.io/intune-device-migration-documentation/
Maybe give a look into that :-) so for me its actually resolved. We take the risk here if its working for 80% of the users and the 20% you can touch manually or then of course in the worst case, wipe and onboard directly. But if we can avoid that for the most of the users than it's a wonderful scenario already.
Yeah, nice one, that looks great. Thanks for sharing.
Not sure i'd do a script like that for an enterprise :-)
If only users read instructions ha ha
Steve Weiner even helped even a company that used Workspace ONE for their devices, i think they had over 1k computers or more and automated the process, worked pretty fine with some adjustments
For the end user its actually pretty seamless, except from once confirming your identity it runs automatically in the backend and restart 1-2 times then you just have to sign in with the new credentials and voilà.
But sure, if user would read it, that would be a bliss for IT 😂
Nice one, looks slick. I need to look more into it.
I do get concerned about package files, in my experience they have a high failure rate, about 5% of devices seem to have issues. So we use bulk enrolment token which don't have any issues.