Deploying BigFix Agents

By deploying the BigFix Agent to devices, BigFix administrators can use all the capabilities of BigFix on those devices.

  • Master operators can deploy a BigFix Agent on an MDM device
  • Users other than master operators who have the Can use WebUI, Can Create Actions, and Custom Content permissions can deploy a BigFix Agent on MDM devices.
To deploy the BigFix Agent, follow these steps:
  1. Select at least one device that is managed only by an MDM agent. (Users can also get a list of devices that don’t have the BigFix Agent installed by using the BigFix Agent Status > Not Installed filter.
    Note: The devices that are managed by only MDM are indicated by the MDM symbol next to it.
  2. Click Deploy.
  3. From the list, select Deploy BigFix Agent.

  4. To add or remove devices, on the Deploy BigFix Agent page, click Edit Devices.

  5. Configure Relay authentication options.
    1. Mac Relay Authentication Options: This section is displayed if Mac endpoints are selected.
      • Configure Relay: Enter an IP address or a DNS name.
      • Password: Enter the password.
      • Include BigFix full disk policy: Select this check box to grant full-disk access privileges to BigFix.
    2. Windows Relay Authentication Options: This section is displayed if Windows endpoints are selected.
      • Select MSI to deploy: From this list, select the msi file that you have pre-staged on the MDM server.
  6. To deploy the BigFix Agent, click Deploy.
    • After the action is complete, both MDM and the BigFix Agent can manage the device.
    • The IP address and password that are entered as part of configuring a relay are used only by macOS MDM endpoints. Windows MDM devices must have a prestaged MSI with a relay authorization that is already configured as part of the MSI.
    • Deploying the BigFix Agent works only if the installers for BigFix Agents are pre-staged on the MDM server. The BigFix WebUI requires at least one .pkg file for macOS and one .msi file for Windows devices. If installation packages are not on the MDM server, users receive a warning that says BigFix Agent actions will fail." The WebUI checks for .msi and .pkg files in the /var/opt/BESUEM/packages folder by default to see whether BigFix Agent packages are pre-staged correctly.