Features added in the previous releases

MCM and BigFix Mobile v3.3 updates

Automated SSL Certificate Management

Starting with MCM and BigFix Mobile v3.3, server and client SSL credentials required for secure communication are automatically generated and maintained. This eliminates the need for manual SSL certificate creation and upload during MDM Server installation.

Key Enhancements:

• SSL certificates and keys are now automatically created and securely stored within WebUI during MDM Server installation.

• The correct SSL credentials are automatically retrieved and installed when setting up the MDM Server and MDM Plugin.

• Users no longer need to generate or upload SSL credentials manually.

Note: Users who created SSL credentials using older methods (before the MCM v3.3 release) can still manage them through the Add, Update, and Remove Credentials options. This functionality will be deprecated soon, as manual credential management will no longer be required.

Podman Support

MCM and BigFix Mobile v3.3 supports Podman, a daemonless container runtime that enhances security and compatibility with RHEL 8+ environments. With this update, users can deploy and manage both MCM and BigFix Mobile using Podman instead of Docker. For setting up Podman, refer to Preparing Container Runtime Environment. For migration guidance, refer to Migrating from Docker to Podman.

Apple Account-Based User Enrollment

Starting with iOS 18 and macOS 15, Apple has deprecated Profile-Based User Enrollment, requiring a shift to Account-Based User Enrollment for BYOD (Bring Your Own Device) scenarios. With this update, BigFix MCM now supports Account-Based User Enrollment, ensuring compatibility with Apple's latest enrollment requirements. This update ensures MCM and BigFix Mobile remains a viable solution for managing BYOD Apple devices, preventing enrollment disruptions due to Apple’s policy changes.

Customer Considerations: Customers must set up and maintain a JSON configuration file on their domain server for service discovery.

For more information, refer to Apple Account-Based BYOD user enrollment.

Improved Wipe Action for Windows AutoPilot Enrollment

This update improves the Wipe Action for Windows AutoPilot enrollment, ensuring failed enrollments don’t leave devices locked.

Key Enhancements:

• Automatic Reset: If a device fails AutoPilot enrollment due to policy restrictions, it now resets automatically.

• Better Policy Enforcement: Devices restricted by Smart Group policies are properly wiped, preventing lockouts.

• Less Manual Effort: Users no longer need external recovery steps to fix locked devices.

Enhanced Android App Management in WebUI

This update improves Android device management by adding visibility and filtering options for installed applications in WebUI. For more information, refer to the Viewing and filtering installed applications section on the Manage applications page in WebUI User Guide.

Key Enhancements:

• View Installed Apps: The Device Information Grid now displays installed applications on Android devices.
• Filter Android Devices by Apps: Easily filter Android devices based on installed applications for better endpoint management.
• Improved Android Device Insights: Enhanced visibility helps administrators monitor and manage Android apps more effectively.

MCM and BigFix Mobile v3.2 hotfix updates

Enhanced Windows secure wipe

This hotfix introduces a secure Windows wipe feature that ensures data erasure even without a recovery partition. Unlike regular wipes, this "wipe protected" method guarantees a more secure wipe, rendering devices inoperable and necessitating a new install image. This enhancement ensures data privacy and security, aligning with industry standards for comprehensive device management, especially during employee transitions. For more information, refer to the Wipe action in Deploy MCM actions.

App deployment policy for macOS and Windows

Resolved an issue where customers required a Mobile license for accessing App Deployment Policy. With this hotfix, App deployment policy is now accessible for MacOS and Windows platforms without needing a Mobile license.

Deploy greater number of apps

Addressed the defect where selecting and saving huge number of apps in WebUI resulted in a "payload too large" error, with the page displaying blank. Now users can deploy a greater number of native and custom apps seamlessly through WebUI.

MCM and BigFix Mobile v3.2 updates

Enhanced App Catalog feature

Enhanced App Catalog feature to enable users to easily include additional app types into the app catalog. For more information, refer to Adding a Windows app.

Enhanced Application Configuration and Management

This release brings significant improvement to the application management feature. Both BigFix MCM and BigFix Mobile now support more complex use cases for deploying applications to MDM devices. For example, you can now install the same application with different configurations for different use cases. This supports various types of applications including macOS VPP apps, macOS private apps (MCM-hosted .pkg files), Windows public app store apps, Windows private apps (MCM-hosted .msi files). As a result, the following changes have been implemented:

• The App Store app policy, which previously only supported mobile platforms before MCM v3.2, has now been enhanced to support Windows and macOS. For details, refer to App Deployment Policy.
• App Deployment Policy allows to configure additional configuration options for Windows native apps.
• The mobile app configuration, which previously allowed you to configure managed configurations on mobile platforms before MCM3.2 has now been enhanced to support Windows and macOS managed configurations as well, For details, refer to App configuration.
• Policy Groups has been enhanced to support native macOS and Windows apps within App Deployment Policies, providing per-app deployment options.

Enhanced Identity Management

With this enhancement, you now have the ability to filter devices by Primary User and Enrollment Type directly from the Device list. This feature is also available on any other page where you need to select devices for targeting and performing an MDM task. For more details and instructions, refer toSelect target devices.

Email configuration management

BigFix MCM and BigFix Mobile now supports Email configuration management. This provides Admin users with the ability to install and set up email applications on Android, Apple, and Windows devices. With this, users can verify their identity, connect to the corporate email system, and synchronize their work email accounts seamlessly. For more information and step-by-step instructions, refer to Email configuration management.

Virtual Private Network (VPN) configuration management

With this release, BigFix MCM and BigFix Mobile introduces VPN configuration management. This equips organizations to manage and configure VPN settings on the enrolled Apple and Windows devices, ensuring secure remote access to corporate networks. IT admins can control which apps use the VPN and enforce a connection requirement for network access. For more detailed information, refer to VPN management.

WiFi configuration management

BigFix MCM and BigFix Mobile offers WiFi configuration management, allowing administrators to control and configure wireless network settings on enrolled Windows and Apple devices. This feature provides organizations with a secure and reliable wireless network infrastructure, while also offering flexibility for users to connect to authorized networks. For more detailed information, refer to Wi-Fi configuration management.

App policies to uninstall or block Windows and Android apps

• You can uninstall Windows Store apps using the remove policy action.
• Using custom policy, you can prevent an app from being installed on Android devices. For more information, see Application management.

Miscellaneous updates

• MDM debug tool has been enhanced to return decoded output for Windows and Android to make it easier to debug. This response used to display base64 encoded value previously.
• Variable substitution in Windows policies: You can use the following variables in your custom policies, which will be substituted with actual data while deploying the policy on to the Windows devices.

  • {{UserName}} :- Users name will be fetched from the configured identity service and substituted in the policy on deployment

  • {{EmailAddress}} :- User email will be substituted in policy

  • {{UserPrincipalName}} :- User principal name will be substituted in policy

• Enhanced BESMDMldaputil to more effectively troubleshoot LDAP and Azure connectivity. The following new options are added to the functionality:
  • -gu : get all users in a group
  • -sg : Set groups in AD/AAD
  • -ma : Get master attribute list
  • -sa : Set attributes
  • -ua : Set user attributes in AD/AAD
  • -ubg : Get user bitmap group
  • -ug : List all group names of the user
  Pagination to limit the number of records displayed is supported for -f, -gu, and -ug options. For more details, refer to Troubleshooting LDAPS connection.

MCM and BigFix Mobile v3.1 updates

Mobile App Catalog

The Mobile App Catalog provides a central point for maintenance of all supported MCM Mobile Applications. When a macOS or Windows application is uploaded to the app catalog, it is automatically staged on the MDM servers. Previously it had to be uploaded and then staged from the Admin section of MCM WebUI. Settings can be defined globally where all the applications will inherit them. This can be overwritten at application level and only apply to individual applications. For more information, see App Catalog.

Mobile Application Configuration

App Config Support allows specific mobile Application configuration to be defined and pushed at the time the app is installed through MDM. This allows it to be installed with the correct internal configuration already in place. For more information, see App configuration.

Okta Device Trust​

The Device Trust feature from BigFix Mobile prevents unmanaged devices from accessing enterprise services. It provides an extra layer of security to your organization's application access and protects against potential threats from compromised devices. For more information, see Device trust.

Kiosk Mode Support for Phones and Tablets​

Kiosk Mode allows locking a device to only be able to run one, or a small set of applications. It turns an Android or Apple phone or tablet into a dedicated device that can only run the specified app(s). Kiosk devices are powerful and interactive self-service terminals designed to streamline and enhance user experiences in various settings. These dedicated devices provide a simplified and intuitive interface for users to access specific applications, information, or services. Kiosks are commonly found in retail stores, airports, hotels, healthcare facilities, educational institutions, and other public spaces. For more information, see Kiosk management.

BigFix 11 SHA-384 Signed Content Support

MCM v3.1 has been tested for BigFix 11. BESUEM and BESUEM Mobile sites are republished with SHA-384 signatures. Part of the MCM v3.1 publishing process will add the SHA-384 signing process to the site content.​

MCM and BigFix Mobile v3.0 updates

Windows Active Directory and Hybrid Domain Join

BigFix MCM supports Active Directory and Hybrid Domain Join through Offline Domain Join (ODJ) service. Hybrid Domain Join enables organizations to leverage existing on-premises Active Directory infrastructure while taking advantage of the benefits of cloud-based authentication and management. When enabled, users can sign in to their devices using their on-premises credentials, and then access cloud-based resources without having to enter additional credentials. For setup and configuration information, see Domain join installation and configuration.

Custom Templates

With MCM v3.0 release, WebUI provides a set of custom policy templates suitable for Windows, Apple, and Android that you can directly save or modify to create custom policies. For more information on how to create custom policies through available custom templates, see Custom from Template.

User-based endpoint targeting and enrollment

With MCM v3.0, you can target specific set of users and end-user devices to deploy specific MDM policies and actions. BigFix MCM integrates Active Directory Group Membership and Attributes to create Smart Groups. Smart Groups in association with Policy Groups evaluate applicable users and endpoints (based on group membership, attributes, device type, enrollment type and so on) to target and deploy policies and actions during enrollment or post enrollment. For information on how to create Smart Groups through WebUI, see Smart Groups.

Secure certificate deployment through Simple Certificate Enrollment Protocol (SCEP)

IT admins can now automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption by integrating SCEP with BigFix MCM. To understand the SCEP enrollment flow, see SCEP enrollment. To configure SCEP, see Simple Certificate Enrollment Protocol (SCEP) configuration.

Apple User Enrollment for BYOD

With MCM v3.0, device users can enroll their own Apple devices. This allows the organizations to securely manage the work profile on those devices while the device users can enjoy the privacy on their personal profile as organizations cannot wipe, lock, or otherwise impose control over their personal profile. For more information, see Apple BYOD enrollments.

Apple VPP Apps and Books Support

IT Admins can manage custom apps, Apple Appstore apps to User Enrolled devices, and company licensed-app store apps on all MCM enrolled Apple devices, as MCM is now integrated with the Apps and Books (VPP) capabilities in Apple Business Manager. For more information, see Apple VPP Apps.

SAML-authenticated enrollment

BigFix MCM and BigFix Mobile support Security Assertion Markup Language (SAML) authentication to enroll devices. The user's SAML credentials are used to authenticate their identity to complete the enrollment process. With MCM v3.0 release, Okta is tested and supported as a SAML identity provider with AD/Open LDAP and Azure AD as identity services. For more information, see SAML-authentication configuration.

Android - Additional features supported

Cross-profile management: BigFix Mobile supports Android crossprofile management through which organizations can protect and control data sharing from work profile to personal profile in the same device. For more information, see Cross-profile management.

Password Wipe: From MCM v3.0 onwards, Password Wipe support is extended for Android mobile devices. For instructions, see Passcode Wipe.

Other enhancements

• Primary User Assignment: You can now assign or modify primary user for a device through User Assignment action. When a device has primary user info, it can be easily managed through Smart Groups. If you want to assign primary user for huge number of devices, contact HCL Support at BigFixServices@hcl.in
• Enrollment UI Rebranding: You can change the appearance of the Enrollment UI and Android Server Configuration UI by changing the color, image, logo, brand name and so on. For instructions, see Rebranding user interfaces.

MCM and BigFix Mobile v2.1.3 updates

MCM and BigFix Mobile v2.1.1 updates

This section lists updates on features that are applicable for both MCM and BigFix Mobile in this release.

MCM and BigFix Mobile v2.1 updates

This section lists updates on features that are applicable for both MCM and BigFix Mobile in this release.

Added operating systems Support

This version additionally supports the following operating systems:

• Android 12
• iOS/iPadOS 15
• Windows 11
• macOS Monterey 12

MCM 2.1 Updates

BigFix Mobile 2.1 Updates

This section lists updates on features that are applicable for BigFix Mobile in this release.

Android dedicated device support

From UEM 2.1 release, BigFix Mobile supports Android dedicated devices. Now, you can enroll and manage company-owned devices in Kiosk mode. For more information, see Dedicated device management section in Android mobile management.

Android Advanced feature set support

This release supports the following Android features:

• Verify Apps enforcement - Scans all the apps installed on Android device for harmful software before and after they are installed to ensure that malicious apps can not compromise corporate data. For more information, see Verify Apps enforcement.
• VPN Management: Allows IT admins to ensure that data from certain apps always goes through the VPN specified. They can also apply a setting such that device is connected to the network only when VPN is connected. For more information, see VPN management
• WiFi Configuration management:
  • Allows IT admins to silently provision enterprise WiFi configuration on managed devices.
  • Allows IT admins to lock down WiFi configurations on managed devices, restricting the users from creating new configurations or modifying the existing corporate configurations.
  For more information, see WiFi configuration management.

• Private app management: IT Admins can add and manage private apps for Android Enterprise devices via Managed Google Play. For more information see, Private and custom app deployment.

• Hardware Security management: IT Admins can lock down hardware elements of a company-owned device to ensure data and device security. For more information see, Android hardware security

Advanced Android Zero Touch enrollments

• Android Zero Touch enrollments are made much more easier with Zero Touch Automatic configurations. Also, IT admin to automate much of the device enrollment process. See Automatic zero-touch configuration.
• With Sign-in URLs, IT admins can limit enrollments to specific accounts or domains. See User-authenticated zero-touch enrollment configuration.

EMM Managed Android Enterprise account

Creating Android Enterprise account is simpler than before, as the organizations do not need a Google account. For more information, see Managed Google Play Accounts enterprise.

Clear passcode for iOS/iPadOS

UEM 2.1 release includes a WebUI action to facilitate system admins to remotely wipe passcode on iOS and iPadOS devices. If device users forget their Apple device password, this feature helps them to get back and use the devices, For instructions, see Deploy MCM actions of the WebUI User Guide.