Manage MCM and BigFix Mobile policies

You can create and manage policies specific to Windows, Apple (macOS/iOS/iPadOS), and Android devices through BigFix WebUI.

  • Master operators and non-master operators that have the WebUI permission to view the MCM application, and permissions to Create, Edit, and Delete Non-Custom Policies can create or manage the following policies:Users who have the Create, Edit, and Delete MDM Custom Policies permission will see an additional option when creating policies to help them create custom policies.
  • Only Master Operators can manage DEP policies.
  • Non-master operators must have the following permissions to manage MCM and BigFix Mobile policies and actions:
    • Appropriate permissions to create, edit and delete MCM custom and non-custom policies
    • The "custom content" and "can create actions" permissions to deploy MCM actions and policies
    • Write permissions to specific custom content sites to have them be an option in the site drop down when associating an MDM policy with a custom site.
    • Read permissions or be part of a role that has read permissions to the BESUEM site to get accurate device counts of the policies.
CAUTION: When you update to MCM 2.0 from previous versions, run the DB script immediately before creating any new policies under MCM 2.0. Otherwise, the policies created in the previous versions might not work.

The following are the policies that can be configured using BigFix WebUI:

Certain policy types are operating system specific. Each policy type has the applicable operating system logos underneath to notify the users. If you find more than one logo, it represents that the policy can be applied to more than one operating system, specific to those logos.

Policy type Scope Available for the OS
Passcode policy

Create passcode policy for low security requirement

macOS / iOS / iPadOS, Windows 10, Android

Kernel Extension Whitelists

Create kernel extension whitelist policy to load code dynamically into the macOS Kernel macOS
Full Disk Access Create policy to encrypt disc space macOS
Upload Custom Policy Create custom policy macOS / iOS / iPadOS, Windows 10, Android
Restrictions Policy Create restriction policy macOS / iOS / iPadOS, Windows 10, Android
Certificates Policy Create policy certificates macOS, Windows 10
Disk Encryption Policy Create policy to apply disc encryption macOS, Windows 10
Appstore App Policy Create policy to deploy app store apps on MDM endpoints iOS / iPadOS, Android
OS Update Policy Create policy to manage OS updates iOS / iPadOS, Android
You cannot deploy multiple non-custom polices of same type to the targeted devices. You can deploy multiple custom policies to the targeted devices in one action.
To create a policy, follow these steps:
  1. Open the MCM app.

  2. Click Create Policy.

  3. On the Pick MDM Policy Type page, pick a policy type to proceed.