Home
WebUI User's Guide
Read this guide for an introduction to the WebUI tools, concepts, and terminology.
Modern Client Management and BigFix Mobile
This section guides you through BigFix Modern Client Management (MCM) and BigFix Mobile to understand the MCM concepts, terminologies, features, and functionality. You can find detailed instructions for managing the complete lifecycle of your MDM managed endpoints here.
Manage policies
You can create and manage policies specific to Windows, Apple (macOS/iOS/iPadOS), and Android devices through BigFix WebUI.
Restrictions Policy
With restriction profiles, you can control (enable or disable) many device capabilities of corporate devices and prevent many potential security threats. This prevents end users from using certain device features, such as using the camera. This is supported on MacOS, iOS, iPadOS, Android, and Windows.

WebUI User's Guide
Read this guide for an introduction to the WebUI tools, concepts, and terminology.
- Welcome
  Welcome to BigFix WebUI. The WebUI delivers a powerful set of functions for BigFix operators. It simplifies BigFix workflows, speeds access to data, and improves flexibility, visibility, and performance.
- Meet the WebUI
  Take a quick tour of the WebUI screens, controls, and workflow.
- Get Started with Devices
  Use the Device screens to view and manage all the devices in your environment as determined by your permission levels. You can find specific devices, access device documents, select devices for deployment, generate and export device reports and do much more.
- Get Started with Patch
  Use the Patch screens to list patches, find specific patches, and view detailed patch information including known issues, vulnerable devices, and deployments.
- Get Started with Patch Policy
  A patch policy is a set of criteria that defines a patch list; that is, a collection of Fixlets that meet the patching criteria of a specific set of endpoints.
- Get Started with Software
  A BigFix software package is the collection of Fixlets used to install software on a device. The package includes the installation files, the Fixlets that install them, and information about the package itself.
- Get Started with Custom Content
  Use the Custom Content pages to view custom content, edit tasks, and view related information, including applicable devices and deployments.
- Get Started with BigFix Query
  Use the BigFix Query feature to retrieve data from endpoints through a dedicated query channel, where the memory available on each Relay minimizes the impact to normal BigFix processing.
- Take Action: The Deploy Sequence
  To deploy means to dispatch content such as applications, modules, updates, and patches to one or more endpoints. For example, by deploying a software, you install the software in the targeted endpoints. BigFix WebUI enables you to configure the content and the target devises to create a deployment and monitor the deployment status. The work flow including all the steps, processes, and activities that are required to create a deployment is collectively called as the Deploy Sequence.
- Get Started with Deployments
  Use the Deployment views to monitor and verify completion of BigFix deployments.
- Get Started with the Content App
  Use the Content App to work with Fixlets, tasks, and baselines on the BigFix sites. Search, filter, and deploy content using standard WebUI tools.
- Modern Client Management and BigFix Mobile
  This section guides you through BigFix Modern Client Management (MCM) and BigFix Mobile to understand the MCM concepts, terminologies, features, and functionality. You can find detailed instructions for managing the complete lifecycle of your MDM managed endpoints here.
  - Modern Client Management dashboard
    The MCM dashboard is the home page of the MCM application. It provides insights into every aspect of device management, device security, and device encryption of MDM managed devices.
  - MCM roles and permissions
    Use the WebUI Permissions service to take advantage of fine-grained control over permissions and preferences for users and groups of users in WebUI MDM.
  - Device inventory
    After the devices are enrolled to MDM successfully, the devices report to BigFix WebUI, and they are listed on the Devices page. You can use the Devices page in BigFix WebUI to view the list of all devices (as determined by permission levels). The devices list shows all the devices in the BigFix environment including the devices managed by MCM.
  - Health Check
    As a Master Operator, use the Health Checks page in the MCM application to monitor the health of your MCM deployments.
  - Install and manage MCM and BigFix Mobile components - On-premises only
    MDM on-premises requires you to perform one-time MDM Server setup. You must have the required hardware and software set up in prior to deploy MDM on-premises. Set up your environment through BigFix WebUI.
  - Configuring BigFix MCM and BigFix Mobile
    After the MCM components are set up, there are additional configuration options available to enable features like Bulk Enrollment for Windows, DEP policies for macOS, or prestage installers for Windows and MacOS MDM endpoints.
  - Manage applications
    You can configure MDM server to install the BigFix agent and any other applications on Windows 10 and Windows 11 and macOS devices at the time of enrollment or after devices have already enrolled.
  - Enroll devices
    You must enroll your devices to BigFix MCM to get them listed in WebUI and manage them through MDM.
  - Manage devices
    After the devices are enrolled to MDM successfully, the devices report to BigFix WebUI, and they are listed on the Devices page. Use the MCM application in the WebUI to view, manage, and control these MCM and BigFix Mobile devices.
  - Manage policies
    You can create and manage policies specific to Windows, Apple (macOS/iOS/iPadOS), and Android devices through BigFix WebUI.
    - Policy Groups
      Policy Groups enable you to combine policies, apps, and a BigFix Agent in a single group and deploy it onto the MDM server or onto enrolled devices.
    - Passcode policy
      Passcode policies allow BigFix administrators to lock down various password/inactivity settings on Windows, macOS, iOS, iPadOS, and Android MDM devices.
    - Kernel Extension Whitelists
      Kernel Extensions provide developers the ability to load code dynamically into the macOS Kernel. This allows access to internal kernel interfaces allowing complex apps to function properly.
    - System Extension Whitelists
      System extensions allow software like network extensions and endpoint security solutions to extend the functionality of macOS without requiring kernel-level access.
    - Full Disk Access
      You can create a Full Disk Access policy using this section. Creating a Full Disk policy allows the BigFix Agent (and other applications) to function smoothly on OSX devices. Applications configured with a full disk policy are granted complete disk access on OSX.
    - Restrictions Policy
      With restriction profiles, you can control (enable or disable) many device capabilities of corporate devices and prevent many potential security threats. This prevents end users from using certain device features, such as using the camera. This is supported on MacOS, iOS, iPadOS, Android, and Windows.
      - Android restriction settings
      - iOS and iPadOS restriction settings
        You can set restrictions, including modifying a device and its features, on iPhone and iPad devices enrolled in a mobile device management (MDM) solution.
      - macOS restriction settings
        You can set restrictions to modify a device and its features, for MDM enrolled macOS devices.
      - Windows restriction settings
    - Certificates Policy
      Learn how to upload .pem and .der certificates to MDM server and deploy them on MDM endpoints.
    - Disk Encryption Policy
      User can create and deploy a Full Disk Encryption (FDE) policy just like any other MDM policy.
    - Upload Custom Policy
      You can upload your custom policy file in .xml, .mobileconfig, or syncML format.
    - Appstore App Policy
      BigFix Mobile enables you to configure application policies to install applications from the App store on the Android, iOS, and iPadOS devices.
    - OS Update Policy
      Through the OS update policy you can manage system updates for the Android and iOS/iPadOS devices.
  - Deploy MCM actions
    With MCM and BigFix Mobile, you can perform the following MDM-specific actions:
  - Unenroll devices
    After unenrolling from MDM, you can no longer manage the device by BigFix MCM. MDM policies become ineffective on the unenrolled devices.
- Extending BigFix management capabilities
  BigFix 10 delivers a few significant new functions for enhancing the visibility and management of devices on your network regardless of whether the devices are physical or virtual.
- Support
  For more information about this product, see the following resources:

Restrictions Policy

With restriction profiles, you can control (enable or disable) many device capabilities of corporate devices and prevent many potential security threats. This prevents end users from using certain device features, such as using the camera. This is supported on MacOS, iOS, iPadOS, Android, and Windows.

About this task

To create a restrictions policy, complete the following steps.

Procedure

From the WebUI main page, select Apps > MCM.
On the Modern Client Management page, on the right side corner, click the Create Policy button.
From the list of policy types, select Restrictions. The following page appears.
In the Generic Settings section, do the following:
1. Enter name and description of the policy.
2. Select operating system.
3. All operating systems have specific set of restrictions policies. Navigate to the specific settings for each of the operating systems selected on the left side navigation panel. Once there, you can set the operating system specific settings for your restrictions policy.
4. In the Assign Policy to Site dropdown, select Master action site.
Click Save. The restriction policy is created.

You can verify your policy and can click Deploy Policy to deploy it to selected devices.

Results

A restriction policy is created for the selected operating system with the configured settings.

What to do next

Add the created restriction policy to a policy group to deploy onto the eligible devices.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.