Home
WebUI User's Guide
Read this guide for an introduction to the WebUI tools, concepts, and terminology.
Getting Started with Modern Client Management and BigFix Mobile
This section introduces the Modern Client Management (MCM) and BigFix Mobile concepts, terminology, and explains how to get started with using the features.
Unenroll devices
After unenrolling from MDM, you can no longer manage the device by BigFix MCM. MDM policies become ineffective on the unenrolled devices.

WebUI User's Guide
Read this guide for an introduction to the WebUI tools, concepts, and terminology.
- Welcome
  Welcome to BigFix WebUI. The WebUI delivers a powerful set of functions for BigFix operators. It simplifies BigFix workflows, speeds access to data, and improves flexibility, visibility, and performance.
- Meet the WebUI
  Take a quick tour of the WebUI screens, controls, and workflow.
- Get Started with Devices
  Use the Device screens to view and manage all the devices in your environment as determined by your permission levels. You can find specific devices, access device documents, select devices for deployment, generate and export device reports and do much more.
- Get Started with Patches
  Use the Patch screens to list patches, find specific patches, and view detailed patch information including known issues, vulnerable devices, and deployments.
- Get Started with Patch Policy
  A patch policy is a set of criteria that defines a patch list; that is, a collection of Fixlets that meet the patching criteria of a specific set of endpoints.
- Get Started with Software
  A BigFix software package is the collection of Fixlets used to install software on a device. The package includes the installation files, the Fixlets that install them, and information about the package itself.
- Get Started with Custom Content
  Use the Custom Content pages to view custom content, edit tasks, and view related information, including applicable devices and deployments.
- Get Started with BigFix Query
  Use the BigFix Query feature to retrieve data from endpoints through a dedicated query channel, where the memory available on each Relay minimizes the impact to normal BigFix processing.
- Take Action: The Deploy Sequence
  To deploy means to dispatch content such as applications, modules, updates, and patches to one or more endpoints. For example, by deploying a software, you install the software in the targeted endpoints. BigFix WebUI enables you to configure the content and the target devises to create a deployment and monitor the deployment status. The work flow including all the steps, processes, and activities that are required to create a deployment is collectively called as the Deploy Sequence.
- Get Started with Deployments
  Use the Deployment views to monitor and verify completion of BigFix deployments.
- Get Started with the Content App
  Use the Content App to work with Fixlets, tasks, and baselines on the BigFix sites. Search, filter, and deploy content using standard WebUI tools.
- Getting Started with Modern Client Management and BigFix Mobile
  This section introduces the Modern Client Management (MCM) and BigFix Mobile concepts, terminology, and explains how to get started with using the features.
  - Install and manage MCM and BigFix Mobile components
    You can set up MDM server through WebUI or by running the appropriate fixlets from the BESUEM content site. For instructions on setting up the MDM server through BESUEM fixlets, see MCM/Config/t_mdm_setup_mcm.html. You can find instructions on setting up through WebUI in this section.
  - Configure MCM and BigFix Mobile
    After the MCM components are set up, there are additional configuration options available to enable things like Bulk Enrollment for Windows, DEP policies for MacOS, or prestage installers for Windows and MacOS MDM endpoints.
  - Manage applications
    You can configure MDM server to install the BigFix agent and any other applications on Windows 10 and macOS devices at the time of enrollment or after devices have already enrolled.
  - Enroll devices
    You must enroll your devices to BigFix MCM to get them listed in WebUI and manage them through MDM.
  - Manage MCM and BigFix Mobile devices
    After the devices are enrolled to MDM successfully, the devices report to BigFix WebUI, and they are listed on the Devices page. Use the MCM application in the WebUI to view, manage, and control these MCM and BigFix Mobile devices.
  - Manage MCM and BigFix Mobile policies
    You can create and manage policies specific to Windows, Apple (macOS/iOS/iPadOS), and Android devices through BigFix WebUI.
  - Unenroll devices
    After unenrolling from MDM, you can no longer manage the device by BigFix MCM. MDM policies become ineffective on the unenrolled devices.
- Extending BigFix management capabilities
  BigFix 10 delivers a few significant new functions for enhancing the visibility and management of devices on your network regardless of whether the devices are physical or virtual.
- Support
  For more information about this product, see the following resources:

Unenroll devices

After unenrolling from MDM, you can no longer manage the device by BigFix MCM. MDM policies become ineffective on the unenrolled devices.

Unenrollment through WebUI

To unenroll devices through WebUI:

From the WebUI main page, click Devices.
From the listed devices, select the devices to unenroll.
From the action bar that appears in blue, select Administration > MDM Unenroll.The following page appears.
If you want to change the target, click Edit Devices. Review the information and click Deploy.

Unenrollment by device user

Windows: By default, MCM allows user-initiated unenrollment on all the enrolled Windows devices. If an organization wants to prevent users from unenrolling company-owned devices, that can be done through a custom policy. Add the custom policy to a policy group and deploy onto the MDM server. For code, see Custom policy to restrict device users from unenrolling fully-managed (company-owned) devices.

Apple: The ability for a user to unenroll themselves is configured in the DEP profile that was applied on the device. While configuring through Configure Automated Device Enrollment Policy page, if the Is MDM Removable option is selected, the Apple device user can unenroll. Otherwise the option is disabled and the user cannot unenroll. After user-initiated unenrollment, the items under the sections Apps and Restrictions become empty.

Android

Users cannot unenroll company owned devices (New or factory reset devices).

Users can unenroll BYOD Android device by deleting the work profile. To delete your work profile:

Go to Settings > Accounts > Remove work profile.
Tap Delete to confirm the removal of all apps and data within your work profile.
Ensure that the policy app ("Device Policy") is uninstalled and not present on your device.

After the work profile is deleted, all local data on the device within that profile is deleted.

You can also remove all apps and data (both personal and work) by factory-resetting your device.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.