Home
WebUI User's Guide
Read this guide for an introduction to the WebUI tools, concepts, and terminology.
Modern Client Management and BigFix Mobile
This section guides you through BigFix Modern Client Management (MCM) and BigFix Mobile to understand the MCM concepts, terminologies, features, and functionality. You can find detailed instructions for managing the complete lifecycle of your MDM managed endpoints here.
Enroll devices
You must enroll your devices to BigFix MCM to get them listed in WebUI and manage them through MDM.
Apple Automated Device Enrollment
MCM and BigFix Mobile supports the Apple Automated Device Enrollment Program (DEP) — an online service to automate the enrollment and configuration of Apple devices.

WebUI User's Guide
Read this guide for an introduction to the WebUI tools, concepts, and terminology.
- Welcome
  Welcome to BigFix WebUI. The WebUI delivers a powerful set of functions for BigFix operators. It simplifies BigFix workflows, speeds access to data, and improves flexibility, visibility, and performance.
- Meet the WebUI
  Take a quick tour of the WebUI screens, controls, and workflow.
- Get Started with Devices
  Use the Device screens to view and manage all the devices in your environment as determined by your permission levels. You can find specific devices, access device documents, select devices for deployment, generate and export device reports and do much more.
- Get Started with Patch
  Use the Patch screens to list patches, find specific patches, and view detailed patch information including known issues, vulnerable devices, and deployments.
- Get Started with Patch Policy
  A patch policy is a set of criteria that defines a patch list; that is, a collection of Fixlets that meet the patching criteria of a specific set of endpoints.
- Get started with IVR
  Use the Insights for Vulnerability Remediation (IVR) application to view a list of all the vulnerabilities, remediate vulnerabilities and create customized IVR reports.
- Get Started with Software
  A BigFix software package is the collection of Fixlets used to install software on a device. The package includes the installation files, the Fixlets that install them, and information about the package itself.
- Get Started with Custom Content
  Use the Custom Content pages to view custom content, edit tasks, and view related information, including applicable devices and deployments.
- Get Started with BigFix Query
  Use the BigFix Query feature to retrieve data from endpoints through a dedicated query channel, where the memory available on each Relay minimizes the impact to normal BigFix processing.
- Take Action: The Deploy Sequence
  To deploy means to dispatch content such as applications, modules, updates, and patches to one or more endpoints. For example, by deploying a software, you install the software in the targeted endpoints. BigFix WebUI enables you to configure the content and the target devises to create a deployment and monitor the deployment status. The work flow including all the steps, processes, and activities that are required to create a deployment is collectively called as the Deploy Sequence.
- Get Started with Deployments
  Use the Deployment views to monitor and verify completion of BigFix deployments.
- Get Started with the Content App
  Use the Content App to work with Fixlets, tasks, and baselines on the BigFix sites. Search, filter, and deploy content using standard WebUI tools.
- Get Started with Extensions Management Application
  BigFix Extension Management application provides you the possibility to extend WebUI features beyond what is delivered in the products that you are currently entitled to. You can address specific use cases that are not currently fulfilled by the product by adding ad-hoc extensions to WebUI.
- Modern Client Management and BigFix Mobile
  This section guides you through BigFix Modern Client Management (MCM) and BigFix Mobile to understand the MCM concepts, terminologies, features, and functionality. You can find detailed instructions for managing the complete lifecycle of your MDM managed endpoints here.
  - Modern Client Management dashboard
    The MCM dashboard is the home page of the MCM application. It provides insights into every aspect of device management, device security, and device encryption of MDM managed devices.
  - MCM roles and permissions
    Use the WebUI Permissions service to take advantage of fine-grained control over permissions and preferences for users and groups of users in WebUI MDM.
  - Device inventory
    After the devices are enrolled to MDM successfully, the devices report to BigFix WebUI, and they are listed on the Devices page. You can use the Devices page in BigFix WebUI to view the list of all devices (as determined by permission levels). The devices list shows all the devices in the BigFix environment including the devices managed by MCM.
  - Health Check
    As a Master Operator, use the Health Checks page in the MCM application to monitor the health of your MCM deployments.
  - Select target devices
    You can easily filter and select a specific group of target devices that meet your conditions for carrying out MCM commands using the WebUI. These commands include tasks such as installing and updating components; deploying actions, policies, policy groups, and more.
  - Install and manage MCM and BigFix Mobile components - On-premises only
    MDM on-premises requires you to perform one-time MDM Server setup. You must have the required hardware and software set up prior to deploying MDM on-premises. Set up your environment through BigFix WebUI.
  - Install and manage ODJ service
    Offline Domain Join (ODJ) service is an "Add-on" service and is installed through WebUI after completing the initial MDM server installation.
  - Configuring BigFix MCM and BigFix Mobile
    After the MCM components are set up, there are additional configuration options available to enable features like Bulk Enrollment for Windows, DEP policies for macOS, or prestage installers for Windows and MacOS MDM endpoints.
  - Smart Groups
    Smart groups are dynamic user groups created and managed based on Active Directory group, user attributes, and device attributes. The members of a smart group are defined dynamically in WebUI, rather than being manually defined by an administrator. You can target multiple devices using smart groups that a user or a device is subscribed to and you can manage apps, device access, group membership and so on.
  - Enroll devices
    You must enroll your devices to BigFix MCM to get them listed in WebUI and manage them through MDM.
    - Bulk enrollment - Windows
      Read this section to understand the step-by-step procedure of Windows bulk enrollment.
    - User-initiated enrollment - Windows
      Read this section to learn how to enroll Windows devices as a Device User.
    - Autopilot enrollment
      Windows Autopilot helps an administrator to automatically enroll new or factory reset Windows devices that have been preconfigured to enroll in MDM on first boot.
    - Apple Automated Device Enrollment
      MCM and BigFix Mobile supports the Apple Automated Device Enrollment Program (DEP) — an online service to automate the enrollment and configuration of Apple devices.
      - Generate or upload public key
        You need the key in .pem format to define your MDM server in Apple Business Manager.
      - Upload MDM server token
        Through WebUI, you need to upload the server token (.p7m) obtained from Apple Business Manager to establish the communication and enroll Apple devices by Automated Device Enrollment.
      - Create Automated Device Enrollment Policy
        Learn how to create default policy for DEP enrollments.
      - Manage Automated Device Enrollment Policies
        Learn how to manage DEP policies.
  - Manage applications
    You can configure the MCM server to install the BigFix agent and other applications on , Windows, macOS, Android, and Apple mobile devices during enrollment or after the devices have been enrolled with MCM.
  - Manage devices
    After the devices are enrolled to MDM successfully, the devices report to BigFix WebUI, and they are listed on the Devices page. Use the MCM application in the WebUI to view, manage, and control these MCM and BigFix Mobile devices.
  - Manage policies
    You can create and manage policies specific to Windows, Apple (macOS/iOS/iPadOS), and Android devices through BigFix WebUI.
  - Deploy MCM actions
    With MCM and BigFix Mobile, you can perform the following MDM-specific actions:
  - Unenroll devices
    After unenrolling from MDM, you can no longer manage the device through BigFix MCM. MDM policies become ineffective on the unenrolled devices.
- Extending BigFix management capabilities
  BigFix 10 delivers a few significant new functions for enhancing the visibility and management of devices on your network regardless of whether the devices are physical or virtual.
- Support
  For more information about this product, see the following resources:

Apple Automated Device Enrollment

MCM and BigFix Mobile supports the Apple Automated Device Enrollment Program (DEP) — an online service to automate the enrollment and configuration of Apple devices.

Through Apple Automated Device Enrollment, you can enroll a large number of Apple devices effortlessly without user intervention. On the Apple Business Manager portal, BigFix administrators can preconfigure which devices can be assigned to which MDM Servers, so that as part of initial device setup, devices can automatically enroll in MCM and BigFix Mobile.

For more information on Apple Automated Device Enrollment such as how to qualify for the program and links for Apple Business Manager, see Apple support site.

All Apple devices, as part of initial configuration, reach out to Apple Business Manager to see if they have been preassigned to a specific MDM Server to get enrolled. If Apple Business Manager finds configuration for a device that maps to a specific profile, it sends that profile to the device. The device processes the enrollment info, make the required settings, and then reaches out to the defined MDM Server within the profile to do an MDM enrollment. If there is no specific device to Apple Automated Device Enrollment profile mapping, a device gets the Automated Device Enrollment profile assigned to the MDM Server that is marked as an auto-assigner.

For instructions on configuring ABM or MCM server for Automated Device Enrollment, see the BigFix Wiki page Apple Business Manager Quick Start Guide for DEP

Note: All the Automated Device Enrollment profile configuration files (.crt, .key, .enc, and .p7M ) are stored in the /var/opt/BESUEM/certs directory on the MDM server.

Once all these configurations are done, when a user powers up the Apple device for the initial OS setup and connects to Internet, Apple server receives a notification, recognizes the Automated Device Enrollment profile account, and redirects the device to the appropriate MDM server. The Setup Assistant on the Apple devices takes the users through the activation process.

After the devices are enrolled, you can manage MDM devices through WebUI.