Home
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
BigFix Mobile
BigFix Mobile enables you to enroll and manage Android, iOS, and iPadOS devices.
Apple mobile management
With BigFix Mobile, you can seamlessly enroll iOS and iPadOS devices.
Provisioning Apple mobile devices
You can get Apple mobile devices enrolled to BigFix Mobile in the following ways.

Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
- Modern Client Management and BigFix Mobile
  This guide is intended for HCL BigFix Master Operators (MO) and those who administer BigFix deployments. If you are looking for information about using Modern Client Management (MCM) and BigFix Mobile, see the WebUI User's Guide.
- BigFix MCM
  Read this section to learn enrolling and managing Windows and macOS desktop and laptop devices.
- BigFix Mobile
  BigFix Mobile enables you to enroll and manage Android, iOS, and iPadOS devices.
  - Android mobile management
    BigFix Mobile, the Enterprise Mobility Management (EMM) solution, is integrated with Android Enterprise. With this solution, you can effortlessly enroll and manage Android devices.
  - Apple mobile management
    With BigFix Mobile, you can seamlessly enroll iOS and iPadOS devices.
    - Provisioning Apple mobile devices
      You can get Apple mobile devices enrolled to BigFix Mobile in the following ways.
    - Apple mobile policy management
      A policy represents a group of settings that govern the behavior of a managed device and the apps installed on it.
  - Device trust
    The Device Trust feature from BigFix Mobile prevents unmanaged devices from accessing enterprise services. It provides an extra layer of security to your organization's application access and protects against potential threats from compromised devices. This extra security helps ensure that your users access applications from a device that you know is trusted.
  - Application management
    With the application management capability in BigFix Mobile, you can administer, distribute, and control mobile applications on your enrolled Android and iOS mobile devices. You can add and assign apps to devices, protect company data in apps, force install work apps which do not require user permission, and do much more. smooth app distribution and effective management on Android and iOS devices.
  - Kiosk management
    In kiosk mode, you can lock a device, so that it can run only one or a small set of applications. This mode turns an Android or Apple phone or tablet into a dedicated device that can run only one or more specified apps. Kiosk mode provides effective control over the device use and helps ensure that the devices can be used only for intended purposes. Mobile devices can run tasks in kiosk mode by configuring the settings through a policy. This feature applies only for company owned devices. In a dedicated or supervised device, the device user can access only the apps that the kiosk policy allows.
  - OS update
    The OS update policy allows to configure rules and settings to manage the operating system updates on the enrolled devices. This policy ensures that devices receive the necessary updates for security, bug fixes, and feature enhancements, while also maintaining a consistent and secure environment for all devices within the organization. The system update policy impacts both the current and future updates for the device, including any pending system update.
- SCEP Certificate-based authentication
  BigFix MCM supports certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- SAML-authenticated enrolment flow
  When you configure SAML as the authentication method, when a user hits the enrollment URL and click Enroll, the user is first authenticated via the identity provider before proceeding with the enrollment process.
- Application management
  Application management in BigFix MCM enables IT admins to centrally control, distribute, and maintain Windows and macOS applications. It allows IT administrators to streamline the deployment, update, and security of apps on enrolled devices.
- Email configuration management
  With BigFix MCM and BigFix Mobile, you have the ability to install and set up email application that can connect to your email system. This allows users to easily connect, verify their identity, and synchronize their work email accounts on their devices.
- VPN management
  BigFix MCM and BigFix Mobile enable organizations to manage and configure Virtual Private Network (VPN) settings on enrolled Android, Apple, and Windows devices, ensuring secure remote access to corporate networks.
- Wi-Fi configuration management
  BigFix MCM and BigFix Mobile offer WiFi configuration management, where administrators can control and configure the wireless network settings on MCM-enrolled devices. This helps organizations to maintain a secure and reliable wireless network infrastructure while providing flexibility for users to connect to authorized networks.
- Known limitations
  Read this topic to get familiarized with MCM v3.0 known limitations.
- Troubleshooting
  This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
- Frequently Asked Questions
  Read this section for commonly asked questions and their answers to manage the MCM deployments better.

Provisioning Apple mobile devices

You can get Apple mobile devices enrolled to BigFix Mobile in the following ways.

Enrolling through enrollment URL - Apple: Users can enroll their Apple mobile devices (iOS and iPadOS) over-the-air through an enrollment URL.
Apple Automated Device Enrollment: Administrators can configure and automate enrollment of out-of-the-box Apple mobile devices (iOS and iPadOS) that an organization purchases through Apple or authorized resellers to provide to employees. iPhone and iPad DEP enrollment is very similar to Mac DEP enrollment, with minor changes in options and screen flows. DEP profiles allow specification of which setup screens to skip during enrollment.
Apple BYOD enrollments: Device users can enroll their personally owned iOS or iPadOS devices with BigFix Mobile, so that the IT admin can manage the devices.

On enrollment

Appstore applications can be added to a Policy Group for delivery at the time of enrollment to iOS or iPadOS devices. In such cases, when presented with the DEP enrollment screen to supply an Apple ID, users should have an existing Apple ID to enter.
Note: Do not create a new ID during enrollment as then the Appstore apps cannot be delivered through the Group Policy at time of enrollment.

Post enrollment

After enrollment, under the Enrollment profile, you can see two new sections – Apps and Restrictions. This is where you can find out which policies, apps and restrictions have been applied through MDM, either at the time of enrollment, or after enrollment.

Screen-locked Devices

Even if the iPhone or iPad is turned on, the device will not respond to most requests (such as profile delivery, client refresh) unless the device is unlocked. If the screen is locked, the Apple Push notification server will check in and report the status as “NotNow”, meaning it is not able to process the requests.

Known issue

It is possible to target Apple actions against Apple devices that do not support the action. For example, an MDM shutdown command might target non-supervised Apple devices. In these situations, the action will fail.