Install BigFix MDM Service for Windows

Learn how to install BigFix MDM Service for Windows to provide MDM service on Windows through WebUI.

Before you begin

This procedure is for a first time installation of an MDM Service on the MDM Server. If you have already installed one of the MDM Services, use Manage MDM server capability option to add an additional MDM service, as some of the configuration is common to all MDM Services and should not be re-supplied for each MDM Service installed.

These prerequisites must be met to install the BigFix MDM Service for Windows:
  • You must be a Master Operator to perform this task through WebUI.
  • You must have the wnscredentials.json file ready to upload. For the work flow to create this file, see Generating WNS credentials.
  • You must have a Trusted CA TLS certificate.
  • You must have the required credentials, specifically from the CA cert, the client cert, and the client key that is generated from BESAdmin.sh. For details, see MDM SSL certificates.

About this task

To install BigFix MDM Service for Windows:
  1. From the WebUI main page, select Apps > MCM.
  2. On the Modern Client Management page, click Admin.
  3. On the Admin page, from the left navigation, under MDM Servers, select Install.Install MDM Server
  4. Select Target Device. Click Select and select an appropriate target on which you want to install the MDM server.
  5. Server Install Type: For Select OS, select Windows to manage Windows devices.
  6. Install Parameters:
    • Organization Name: Enter a string. While enrolling a device, the organization name entered here is displayed to the end users.
    • User Facing Hostname: For over the air enrolls, this is the hostname of the server where users can visit to enroll in MDM. The value must be a valid FQDN that is accessible from the Internet. For example, mdmserver.deploy.bigfix.com.
      Note: https:// should not be included here.
  7. TLS Credentials: Upload the MDM Server TLS certificate and key files.
    1. TLS Key Password: Enter a string to set TLS key password.
    2. TLS Certificate: Click Upload File and browse through the location to select the TLS .crt file.
    3. TLS Key: Click Upload File and browse through the location to select the TLS .key file.
      Important: TLS key must be unencrypted.
  8. MDM Server Authentication Certificate and Key Content: Upload the MDM Server authentication certificate and key files.
    1. For Certificate Authority, click Upload File and browse through the file location to select the ca.cert.pem file.
    2. For MDM Server Certificate, click Upload File and browse through the file location to select the server.cert.pem file.
    3. For MDM Server Key, click Upload File and browse through the file location to select the server.key file.
      Tip: For more information on how to generate .pem and .key files, see MDM SSL certificates.
    4. For Client Certificate, click Upload File and navigate and select client.cert.pem file.
    5. For Client Key, click Upload File and navigate and select client.key file.
  9. WNS Credentials: This field appears when you select Windows as the operating system. Click Upload File and browse through the file location to select the wnscredentials.json file.
    Tip: For more information on how to generate wnscredentials.json file, see Generating WNS credentials.
  10. Click Install.
Results: This action completes these activities:
  1. Downloads a set of docker images from software.bigfix.com which is needed for the MDM installation.
  2. Installs the services and certificates including the Plugin certificates and the TLS certificate on which the server runs.
  3. Applies all required configurations.