Deploying MDM policies

Deploying MDM policies in BigFix 10 MDM allows administrators to lock down and configure MDM devices. MDM policies are deployed to manage the devices effectively through MDM.

  • Master Operators can perform all actions. The following notes applies only to users other than Master Operators:
    • Only users that have access to the MDM application via BigFix WebUI can deploy MDM policies. Access can be configured by going to the to WebUI PPS app as a Master Operator.
    • Only non-master operators with permission Create,Edit, and Delete Non-Custom Policies can create native MDM policies (Kernel Extensions, Passcode Policy, certificate policies, Restrictions policies, Full Disk Access).
    • Only users with permission Can Create Actions in the BigFix Console can deploy MDM policies. These users also need permissions in the BigFix custom sites associated with view/edit/deploy the policies unless the policies were created in the master action site. For more information about permissions, see MDM Permissions.
    • You can deploy an MDM policy only to MDM managed endpoints. Deploying MDM policies to device groups with non-MDM devices will fail.
    • WebUI will prevent users generating actions that do not apply to the right device type. For example, WebUI prevents deploying MDM policies to native BigFix agent devices or cloud devices.
    • If you attempt to deploy an MDM policy on a correlated device with both a native BigFix representation and an MDM representation, it will result in deploying the MDM policy only to the MDM device.
Follow these steps to deploy MDM policies:
  1. Go to the Devices list.
  2. Select the device(s) to which you want to deploy the MDM policies.
  3. Click Deploy button.
  4. Select Deploy MDM Policy from the dropdown list.

  5. Click Edit Policies to select the pre-configured policies.
  6. Click Deploy to deploy the MDM policy to the selected device(s).
    Note: Non-master operators need visibility on the sites where policies were created. If non-master operators do not see the right MDM policies in this deployment workflow, they should check their BigFix site permissions.