Deploy BigFix Agent

By deploying the BigFix agent to devices, BigFix administrators can use all the capabilities of BigFix on those devices.

Important: BigFix agent can be installed only on macOS and Windows devices. BigFix agent cannot be installed on IOS, iPadOS, or Android devices. Additionally, macOS and Windows BigFix Agent installation packages need to be prestaged on the MDM server before the Deploy BigFix Agent action to work. To learn how to prestage, see Prestage macOS BigFix installer and Prestage Windows BigFix Installer.
  • Master operators can deploy BigFix agent on an MCM device
  • Non-Master Operators (NMO) who have the Can use WebUI, Can Create Actions, and Custom Content permissions can deploy BigFix agent on MCM devices.
To deploy the BigFix agent, follow these steps:
  1. Select at least one macOS or Windows device that is managed only by MCM. (From the device list, users can filter devices that do not have BigFix agent installed by using the Agent Status > No filter.
    Note: The devices that are managed only by MCM are indicated by the MCM symbol next to it.
  2. From the blue action bar, click Administration > Install Agent.
  3. To add or remove devices, on the Deploy BigFix Agent page, click Edit Devices.
  4. Configure Relay authentication options.
    1. Mac Relay Authentication Options: This section is displayed if Mac endpoints are selected.
      • Configure Relay: Enter an IP address or a DNS name.
      • Passphrase: Enter the passphrase.
      • Include BigFix full disk policy: Select this check box to grant full-disk access privileges to BigFix.
    2. Windows Relay Authentication Options: This section is displayed if Windows endpoints are selected.
      • Select MSI to deploy: From this list, select the msi file that you have pre-staged on the MDM server.
  5. To deploy the BigFix Agent, click Deploy.
    • After the action is complete, both MDM and the BigFix Agent can manage the device.
    • The IP address and passphrase that are entered as part of configuring a relay are used only by macOS MDM endpoints. Windows MDM devices must have a prestaged MSI with a relay authorization that is already configured as part of the MSI.
    • Deploying the BigFix Agent works only if the installers for BigFix Agents are pre-staged on the MDM server. The BigFix WebUI requires at least one .pkg file for macOS and one .msi file for Windows devices. If installation packages are not on the MDM server, users receive a warning that says BigFix Agent actions will fail." The WebUI checks for .msi and .pkg files in the /var/opt/BESUEM/packages folder on the MDM server by default to see whether BigFix Agent packages are pre-staged correctly.