Installing BigFix MDM Server for Apple endpoints

You can install the BigFix MDM server for Apple endpoints using the task Install BigFix Apple MDM Server.

These prerequisites must be met to install the BigFix MDM Server for Apple endpoints:
  • You must have the required certificates and keys. See, MDM SSL Certificates.
  • You must have a BigFix Agent running on the MDM Server target.
Note: An Apple Push Certificate PEM file that is obtained through the HCL vendor signing process and processed by Apple is needed for this MDM Server deployment.

In the Install BigFix Apple MDM Server task, provide this information:
  1. Enter the organization name. While enrolling a device, the organization name is displayed to the users along with the rest of the profile information.
  2. Enter the user-facing hostname. This is the hostname of the server that the enrolling devices should be pointing to. The value must be a valid URL. For example, mdmserver.deploy.bigfix.com.
  3. Enter the MDM API password that you want to use (it can be anything, and this is not visible externally anywhere after it is configured).
  4. Enter LDAP parameters. This is used for authorization to enroll users for MDM over the air. This limits enrollment to your MDM server to authorized users only. Omitting all LDAP parameters disables the need for LDAP authentication in to enroll for MDM.
    Note: LDAP Authentication is turned on by default.
  5. Enter the Apple Push certificate and key contents.
    1. Enter the Apple Push key password.
    2. In the Apple Push Certificate PEM content section, enter the entire text contents of Push PEM file.
    3. In the Apple Push Key content section, enter the entire text contents of Push key file.
  6. Enter the details of the MDM Server TLS certificate and key contents.
    1. Enter a string to set TLS key password.
    2. In the MDM Server TLS Certificate content section, enter the entire text contents of the generated TLS .crt file.
    3. In the MDM Server TLS Key content section, enter the entire text contents of the generated TLS .key file.
      Tip: If you want to use self-signed certificates, to know how to generate .crt and .key files, see MDM SSL Certificates.
  7. Enter the details of the MDM Server authentication certificate and key contents.
    1. In the MDM Server Certificate Authority content section, enter the entire text contents of the generated ca.cert.pem file.
    2. In the MDM Server Certificate content section, enter the entire text contents of the generated server.cert.pem file.
    3. In the MDM Server Key content section, enter the contents of server.key file.
      Tip: For more information on how to generate .pem and .key files, see MDM SSL Certificates.
  8. Enter message text for an end user agreement. This is an optional field. The message entered here is displayed to the end users to accept to proceed with enrollment of Apple devices through the enrollment process. This allows the organization to notify or warn device users of the terms of enrolling their devices. This message can include, for example, a warning about allowing remote management of the device or helpdesk contact information.
  9. Deploy the task to targeted systems.