Managing MDM policies

You can manage the MDM policy of both macOS and Windows devices using BigFix WebUI.

  • Master operators and non-master operators that have the WebUI permission to view the MDM application, and permissions to Create, Edit, and Delete Non-Custom Policies can create or manage Passcode Policies, Kernel Policies, Full Disk Access Policies, restrictions policies, or certificate Policies Users that have the Create, Edit, and Delete MDM Custom Policies permission will see an additional option when creating policies to help them create custom policies.
  • Non-master operators must have the following permissions to manage MDM policies and actions:
    • Appropriate permissions to create, edit and delete MDM custom and non-custom policies
    • The "custom content" and "can create actions" permissions to deploy MDM actions and policies
    • Write permissions to specific custom content sites to have them be an option in the site dropdown when associating an MDM policy with a custom site.
    • Read permissions or be part of a role that has read permissions to the BESUEM site to get accurate device counts of the policies.
  • You cannot deploy multiple non-custom polices of same type to the targeted devices. You can deploy multiple custom policies to the targeted devices in one action.
To create an MDM policy to manage MDM settings, follow these steps:
  1. Open the MDM app.

  2. Click Create Policy.

The following are the policies that can be configured using BigFix WebUI:

Note: Certain MDM Policy types are operating system specific. Each policy type has the applicable operating system logos underneath to notify the users. If you find both Windows and macOS logos, it represents that the policy can be applied to both the operating systems.