You can migrate computers from one Sophos Central account to another.
To migrate computers you need to do as follows:
- Turn on device migration for your Sophos Central accounts. See Turn on device migration.
- Use the Endpoint API to migrate the computers. See Migrate computers using Endpoint API.
- Review the migration results in Sophos Central. See Review the migration results.
If an option is locked, your partner or enterprise admin has applied global settings.
To migrate computers you must be an administrator for both accounts. You need to have the Admin role. See Role management.
You also need API credentials for both accounts. You need to have Service Principal Super Admin credentials. See API Credentials Management.
To migrate computers you use our Endpoint API. Check the following:
- You know how our APIs work. See How our APIs work.
- You have set up our APIs and have the tools to work with them. See Getting started as a tenant.
For more information on the Endpoint API see Endpoint API.
Turn on device migration
To turn on migration, do as follows:
Sign in to the Sophos Central account you want to migrate computers from.
This is your sending account.
Go to Global Settings > Device Migration.
Turn on Allow device migration.
Set a time limit for migrations.
We recommend that you allow migrations for a limited time period.
Sign into the Sophos Central account you want to migrate computers to.
This is your receiving account.
Turn on device migration and set a time limit.
Migrate computers using Endpoint API
Only Windows endpoints support the API-based migration process.
Mac and Linux endpoints will need to be migrated on the device by running the installer for the targeted account.
To migrate computers between Sophos Central accounts you use our Endpoint API. These instructions summarize the steps you need to do using the API commands. For detailed information on how to use the commands see Endpoint API.
To migrate computers, do as follows:
For the Sophos Central account you want to move computers to, do as follows:
In your Receiver enviroment, create a receiving job for the endpoints.
You will get an access token when you do this. You need this to create the sending job for the other Sophos Central account. You also need the ID for the receiving job.
For the Sophos Central account you want to move computers from, do as follows:
- Get a list of endpoints you want to migrate.
In your Sender environment, create a sending job with the list of endpoints, the access token and the ID from the receiving job you set up for the other Sophos Central account.
This starts the migration.
You can check the progress of the migration in the API. You can get more detailed information in Sophos Central.
Review the migration results
You can use the event and audit logs in your Sophos Central accounts to check the migration has been successful. You can also check the receiving Sophos Central account for the migrated devices.
In your sending account check your audit log. You should see a "Send endpoints to another tenant" event.
You also need to check your computers. Go to the Events tab for each computer. For each computer that did migrate you should see "Device registered with new account
<AccountID>. It's now managed by that account".
For each computer that didn't migrate you should see "Device failed to register with new account
<AccountID>. It continues to be managed by this account".
In your receiving account check your audit log. You should see an "Allow endpoints to migrate to this tenant" event.
You also need to check your computers. Go to Devices and then click Computers. You should see your migrated computers. Click on a computer to check it. For each migrated computer, you should see that it has been registered, a user assigned to it and that it has been updated.