Install BigFix MDM server for Windows endpoints

Learn how to install BigFix MDM server for Windows endpoints through WebUI.

Before you begin

These prerequisites must be met to install the BigFix MDM Server for Windows endpoints:
  • You require the necessary certificates and keys. See, MDM SSL certificates.
  • You must have a BigFix Agent running on the MDM Server target.
  • You must be a Master Operator to perform this task through WebUI

About this task

To install BigFix MDM server for Windows endpoints:
  1. From the WebUI main page, select Apps > MDM.
  2. On the MDM page, click Configure MDM.
  3. On the Configure MDM page, select Install MDM Server. The following page appears:
    Install MDM Server
  4. Select Target Device. Click Edit Devices and select an appropriate target to install the MDM server on.
  5. MDM Server Install Type: For Operating System, select Windows 10.
  6. MDM Install Parameters:
    • Organization Name: Enter a string. While enrolling a device, the organization name entered here displayed to the users along with the rest of the profile information.
    • User Facing Hostname: This is the hostname of the server that the enrolling devices must be pointing to. The value must be a valid URL. For example, mdmserver.deploy.bigfix.com.
  7. LDAP parameters: If you do not fill the LDAP parameters, the LDAP authentication is disabled for over-the-air enrollment requests.
    • LDAP URL: Valid format is https://<server>:<port>. For more information on LDAP URL formats, see https://ldap.com/ldap-urls/
    • LDAP Base DN: Valid format "dc=example,dc=org"
    • LDAP Bind User: The root point to bind to the server. For example, DC=mydomain,DC=mycompany,DC=com. "user@example.org"
    • LDAP Bind Password: The password entered here is encrypted and stored in the MDM_PARAM_4.enc file in the /var/opt/BESUEM/certs directory.
  8. MDM Server TLS Credentials: Enter the details of the MDM Server TLS certificate and key contents.
    1. MDM Server TLS Key Password: Enter a string to set TLS key password.
    2. MDM Server TLS Certificate: Click Choose File and browse through the location to select the generated TLS .crt file.
    3. MDM Server TLS Key: Click Choose File and browse through the location to select the generated TLS .key file.
      Tip: If you want to use self-signed certificates, to know how to generate .crt and .key files, see MDM SSL certificates.
  9. MDM Server Authentication Certificate and Key Content: Enter the details of the MDM Server authentication certificate and key contents.
    1. For MDM Server Certificate Authority, click Choose File and browse through the file location to select the generated ca.cert.pem file.
    2. For MDM Server Certificate, click Choose File and browse through the file location to select the generated server.cert.pem file.
    3. For MDM Server Key, click Choose File and browse through the file location to select the server.key file.
      Tip: For more information on how to generate .pem and .key files, see MDM SSL certificates.
  10. Click Deploy.
Results: This action completes these activities:
  1. Creates a directory.
  2. Downloads a set of docker images from software.bigfix.com which is needed for the MDM installation.
  3. Installs the services and certificates including the Plugin certificates and the TLS certificate on which the server runs.
  4. Applies all required configurations.