This will showcase the migration process for Android devices. The migration process for iOS devices is similar.

1. Navigate to Trend Vision One > Mobile Security Operations > Mobile Inventory, to start integration with existing MDM.

   

2. On the following page, you will find various configuration setting values, including the enrollment token. Please retain these values as they will be required in the subsequent steps.

   

3. Navigate to Apps > App Catalog then click Add to search and add the new agent: Mobile Security Business. Note that this step needs a connection to the App Store and managed Google Play Store. If you have not connected these app stores, you may need to do so beforehand.

   

   

   

4. Once the new agent has been added, there are a few configuration setup that would have to be completed. In the App Delegation section, select the option to delegate this app to all spaces. This will allow the new agent to be inherited by newly created spaces.

   

5. When adding a managed configuration, check “Auto-launch on install” and “Blocks the user from uninstalling the app” options.

   

   

6. In the following section, fill in the Enrollment token, Connected server, and MDM enrollment path, provided in Trend Vision One's admin portal. If necessary, you may also fill in the other fields. Please ensure that the Push to Device option is turned ON.

   

7. In the Runtime Permissions section, ensure that all the specified permissions are set to be auto granted.

   

   

8. In the Distribute this App Config section, define the scope of users who need to be migrated to the new agent.

   

9. We also need to add a "Install on device" configuration to ensure that the new agent can be pushed and installed automatically.

   

   

10. Perform the “Force Check-in” action.

    

Because the Auto-launch on install is enabled in the configurations, once the Force Check-in action is successfully completed, the devices should appear in Trend Vision One's admin portal, indicating that they are enrolled. However, in some cases the Auto-launch on install may fail. In such situations, users may need to manually launch the agent to complete the enrollment.

From the client user's perspective, even though most actions such as enrollment can be automated, they still need to manually open the agent app and grant certain important permissions. This is due to OS limitations, as sensitive permissions should be granted with the users' awareness.

After users have completed the configuration without any issues, the device status will display as "Your device is protected." Administrators will also have full access to the comprehensive capabilities offered by Trend Vision One Mobile Security.

The migration of policies requires manual intervention as the logic and design of policies differ between the legacy solution and the new Trend Vision One solution.

For example, the Web Threat Protection, which you may have configured in on-premise TMMS’s admin portal: Policies > Policy for Group > Device Security > Security Policy > Web Threat Protection Settings.

You can find a same policy configuration in Trend Vision One’s admin portal. Create and configure a new policy manually.

After completing all the migration actions, the administrator can advise client users to delete or uninstall the on-premise TMMS, according to their preference.

If they choose not to uninstall the legacy agent, it will not affect the new agent.