Deploy MCM policies

Deploying MCM policies enables administrators to configure and manage MCM devices.

  • Master Operators can perform all actions. The following notes applies only to users other than Master Operators:
    • Only users having access to the MDM application via BigFix WebUI can deploy MDM policies. Master Operator can configure access permissions through WebUI Permission service.
    • Only non-master operators with the permission Create,Edit, and Delete Non-Custom Policies can create native MDM policies (Kernel Extensions, Passcode Policy, Certificate policies, Restrictions policies, Full Disk Access).
    • Only users with the permission Can Create Actions in the BigFix Console can deploy MDM policies. These users also need permissions in the BigFix custom sites associated with view/edit/deploy the policies unless the policies were created in the master action site. For more information about permissions, see MDM Permissions.
    • You can deploy an MDM policy only to MDM managed endpoints. Deploying MDM policies to device groups with non-MDM devices will fail.
    • WebUI will prevent users generating actions that do not apply to the right device type. For example, WebUI prevents deploying MDM policies to native BigFix agent devices or cloud devices.
    • If you attempt to deploy an MDM policy on a correlated device with both a native BigFix representation and an MDM representation, it will result in deploying the MDM policy only to the MDM device.
Follow these steps to deploy MDM policies:
  1. Go to the Devices list.
  2. Select one or more devices to which you want to deploy the MDM policies.
  3. Click Deploy button.
  4. Select Deploy MDM Policy from the drop down list.

  5. Click Edit Policies to select the policy you want to deploy.
  6. Click Deploy to deploy the MDM policy to the selected devices.
    Note: Non-master operators need visibility on the sites where policies were created to deploy them. If non-master operators do not see the right MDM policies in this deployment workflow, they must check their BigFix site permissions.