Home
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
BigFix MCM
Read this section to learn enrolling and managing Windows and macOS desktop and laptop devices.
Enrolling Apple devices
You can get Apple devices enrolled in BigFix MCM in the following ways.
Apple BYOD enrollments
Allows device users to enroll their personally owned iOS or iPadOS devices with BigFix MCM so that the IT admin can manage the devices. Apple BYOD user enrollment separates work and personal data on the device, allowing employees to use their own device for work without compromising their privacy. With User Enrollment, the organization can manage work-related apps and data, but the user retains control over their personal apps and data.
Enrolling BYOD Apple devices (User enrollment)
Read this section to understand how the users can enroll BYOD Apple devices to MDM when the admin shares the enrollment URL.

Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
- Modern Client Management and BigFix Mobile
  This guide is intended for HCL BigFix Master Operators (MO) and those who administer BigFix deployments. If you are looking for information about using Modern Client Management (MCM) and BigFix Mobile, see the WebUI User's Guide.
- BigFix MCM
  Read this section to learn enrolling and managing Windows and macOS desktop and laptop devices.
  - Enrolling Windows devices
    You can get Windows 10 and Windows 11 devices enrolled in BigFix MCM in many ways.
  - Enrolling Apple devices
    You can get Apple devices enrolled in BigFix MCM in the following ways.
    - Enrolling through enrollment URL - Apple
      Read this section to understand how the users can enroll Apple devices to MDM when the admin shares the enrollment URL.
    - Apple Automated Device Enrollment
      MCM supports the Apple Automated Device Enrollment Program (DEP) — an online service to automate the enrollment and configuration of Apple devices.
    - Apple BYOD enrollments
      Allows device users to enroll their personally owned iOS or iPadOS devices with BigFix MCM so that the IT admin can manage the devices. Apple BYOD user enrollment separates work and personal data on the device, allowing employees to use their own device for work without compromising their privacy. With User Enrollment, the organization can manage work-related apps and data, but the user retains control over their personal apps and data.
      - Managed Apple ID
        A Managed Apple ID is an Apple ID that is created and managed by an organization or institution for its employees, students, or other members. It facilitates organizations to deploy and manage Apple devices, apps, and services.
      - Enrolling BYOD Apple devices (User enrollment)
        Read this section to understand how the users can enroll BYOD Apple devices to MDM when the admin shares the enrollment URL.
    - SCEP enrollment
      BigFix MCM supports certificate management and certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
  - Full Disk Encryption
    With BigFix MCM, you can centrally manage the native full-disk encryption technologies from Windows (BitLocker) and macOS (FileVault2) to secure data at rest.
  - OS update
    MDM administrators can remotely manage software updates such as software patches, minor or major versions. This can help secure or enhance the current operating system.
- BigFix Mobile
  BigFix Mobile enables you to enroll and manage Android, iOS, and iPadOS devices.
- SCEP Certificate-based authentication
  BigFix MCM supports certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- SAML-authenticated enrolment flow
  When you configure SAML as the authentication method, when a user hits the enrollment URL and click Enroll, the user is first authenticated via the identity provider before proceeding with the enrollment process.
- Application management
  Application management in BigFix MCM enables IT admins to centrally control, distribute, and maintain Windows and macOS applications. It allows IT administrators to streamline the deployment, update, and security of apps on enrolled devices.
- Email configuration management
  With BigFix MCM and BigFix Mobile, you have the ability to install and set up email application that can connect to your email system. This allows users to easily connect, verify their identity, and synchronize their work email accounts on their devices.
- VPN management
  BigFix MCM and BigFix Mobile enable organizations to manage and configure Virtual Private Network (VPN) settings on enrolled Android, Apple, and Windows devices, ensuring secure remote access to corporate networks.
- Wi-Fi configuration management
  BigFix MCM and BigFix Mobile offer WiFi configuration management, where administrators can control and configure the wireless network settings on MCM-enrolled devices. This helps organizations to maintain a secure and reliable wireless network infrastructure while providing flexibility for users to connect to authorized networks.
- Known limitations
  Read this topic to get familiarized with MCM v3.0 known limitations.
- Troubleshooting
  This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
- Frequently Asked Questions
  Read this section for commonly asked questions and their answers to manage the MCM deployments better.

Enrolling BYOD Apple devices (User enrollment)

Read this section to understand how the users can enroll BYOD Apple devices to MDM when the admin shares the enrollment URL.

Before you begin

Ensure you have the Managed Apple ID
Ensure you have the AD credentials which is the associated business manager account

About this task

Users must visit the enrollment URL that is shared by BigFix administrator (via email or chat). This enrollment URL is the FQDN of the MDM Server (For example, https://enroll-mdm.bigfix.com).

To enroll the Apple device in MDM, follow these steps:

Procedure

On the Apple device, launch a web browser and navigate to the MDM Server URL.
Enter a valid email address and password associated with the Active Directory deployment configured when the MDM Server was set up.
Select ownership type of the device as Personally Owned to enroll your BYOD device.
Note:
- Click the information button to read the information as to what an IT admin can and cannot do on a personally owned device.
- The option "Institutionally Owned" is the default option. When selected, it takes you through the device enrollment flow to enroll the company-owned device.
The text box to enter Managed Apple ID appears. Enter your managed Apple ID to install MDM profile.
Click Enroll to download the Apple enrollment profile.
OSX opens this Enrollment Profile and shows users the information about the MDM deployment they are about to enroll in. If things look okay, click Install to enroll the device in MDM.

Results

The MDM profile gets installed. User sees a personal profile and a company profile. The organization does not have access to the personal profile and hence cannot wipe, lock, or impose any control over the personal use of the device. The organization can manage only the company profile section.