Install BigFix MDM Service for Windows

Learn how to install BigFix MDM Service for Windows to provide MDM service on through WebUI.

Before you begin

These prerequisites must be met to install the BigFix MDM Service for Windows:
  • You must have the wnscredentials.json file ready to upload. For the work flow to create this file, see Generating WNS credentials.
  • You must be a Master Operator to perform this task through WebUI

About this task

To install BigFix MDM Service for Windows:
  1. From the WebUI main page, select Apps > MCM.
  2. On the Modern Client Management page, click Admin.
  3. On the Admin page, from the left navigation, under MDM Servers, select Install.
    Install MDM Server
  4. Select Target Device. Click Edit Devices and select an appropriate target to install the MDM server on.
  5. Server Install Type: For Select OS, select Windows to manage Windows devices.
  6. Install Parameters:
    • Organization Name: Enter a string. While enrolling a device, the organization name entered here is displayed to the end users.
    • User Facing Hostname: For over the air enrolls, this is the hostname of the server where users can visit to enroll in MDM. The value must be a valid URL. For example, mdmserver.deploy.bigfix.com.
  7. LDAP parameters: This is used for authorization to enroll users for MDM over the air. This limits enrollment to your MDM server to authorized users only. Omitting all LDAP parameters disables the need for LDAP authentication to enroll for MDM.
    • Enable LDAP Auth: Select this check box only if you want to enable LDAP Authentication.
      Note: For over the air enrollments, select this check box to ensure that the incoming enrollment requests are from authorized users. If LDAP auth is not enabled, any user who has access to the MDM enrollment URL can get enrolled into MDM.
    • LDAP URL: Valid format is https://<server>:<port>. For more information on LDAP URL formats, see https://ldap.com/ldap-urls/
    • LDAP Base DN: Valid format "dc=example,dc=org"
      Note: Configuring multiple Base DNs is not supported.
    • LDAP Bind User: The root point to bind to the server. For example, DC=mydomain,DC=mycompany,DC=com. "user@example.org"
    • LDAP Bind Password: Enter a string.
  8. TLS Credentials: Upload the MDM Server TLS certificate and key files.
    1. TLS Key Password: Enter a string to set TLS key password.
    2. TLS Certificate: Click Upload File and browse through the location to select the TLS .crt file.
    3. TLS Key: Click Upload File and browse through the location to select the TLS .key file.
  9. MDM Server Authentication Certificate and Key Content: Upload the MDM Server authentication certificate and key files.
    1. For Certificate Authority, click Upload File and browse through the file location to select the ca.cert.pem file.
    2. For MDM Server Certificate, click Upload File and browse through the file location to select the server.cert.pem file.
    3. For MDM Server Key, click Upload File and browse through the file location to select the server.key file.
      Tip: For more information on how to generate .pem and .key files, see MDM SSL certificates.
  10. WNS Credentials: This field appears when you select Windows as the operating system. Click Upload File and browse through the file location to select the wnscredentials.json file.
    Tip: For more information on how to generate wnscredentials.json file, see Generating WNS credentials.
  11. Click Install.
Results: This action completes these activities:
  1. Downloads a set of docker images from software.bigfix.com which is needed for the MDM installation.
  2. Installs the services and certificates including the Plugin certificates and the TLS certificate on which the server runs.
  3. Applies all required configurations.