Welcome
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
Jailbreak Detection
Jailbreak Detection enables administrators to identify compromised mobile devices enrolled in the MDM platform.
Jailbreak Detection overview
Understand the security implications of jailbroken or rooted devices and how BigFix MCM identifies these risks.

BigFix Documentation Homepage
Modern Client Management and BigFix Mobile
Welcome to the Modern Client Management and BigFix Mobile documentation, where you can find information about how to install, maintain, and use Modern Client Management and BigFix Mobile.
BigFix Mobile and MCM Overview
Discover how BigFix Mobile and Modern Client Management (MCM) extend unified endpoint management to mobile devices and modern OS platforms like iOS, Android, and Windows 10+, all from a single console.
Guides in PDF format
This section contains links to PDF versions of all the MCM and BigFix Mobile manuals.
Installing and Configuring BigFix Mobile and MCM
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
Deployment Guide
This document provides guidance for deploying the certificate enrollment infrastructure required for BigFix Mobile Configuration Management (MCM). It describes how to integrate BigFix MCM with Microsoft certificate services to enable device certificate enrollment using the Simple Certificate Enrollment Protocol (SCEP).
Quick Start
This quick start guide gets you up and running with your BigFix MCM and BigFix Mobile solution. It helps you secure, configure, and manage your mobile devices quickly and efficiently.
User Guide
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
- Modern Client Management and BigFix Mobile
  This guide is intended for HCL BigFix Master Operators (MO) and those who administer BigFix deployments. If you are looking for information about using Modern Client Management (MCM) and BigFix Mobile, see the WebUI User's Guide.
- BigFix MCM
  Read this section to learn enrolling and managing Windows and macOS desktop and laptop devices.
- BigFix Mobile
  BigFix Mobilesimplifies the management and security of Android, iOS, and iPadOS devices, enabling IT admins to seamlessly enroll, configure, and monitor mobile devices, ensuring compliance and protection of corporate data.
- Feature configuration
  The Feature Configuration page in BigFix WebUI enables you to target specific MDM servers and deploy advanced feature modules to managed endpoints. After uprading to MCM v3.6 or later, use the Feature Configuration page to activate specialized management capabilities like Geofencing, Battery Health monitoring, Jailbreak detection, and Remote Access for your MDM servers.
- SCEP Certificate-based authentication
  BigFix MCM supports certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- SAML-authenticated enrolment flow
  When you configure SAML as the authentication method, when a user hits the enrollment URL and click Enroll, the user is first authenticated via the identity provider before proceeding with the enrollment process.
- Application management
  App Management in BigFix Mobile and MCM provides a centralized way to distribute, update, and control applications across multiple device platforms. Administrators can deploy both public store apps and internal corporate apps, enforce policies, and secure company data while simplifying the app lifecycle for end users.
- Battery health and level monitoring
  The Battery Health feature provides visibility and proactive monitoring of mobile device battery performance to improve device reliability and minimize user productivity disruption. Monitoring is event-driven and avoids continuous polling mechanisms.
- Email configuration management
  With BigFix MCM and BigFix Mobile, you have the ability to install and set up email application that can connect to your email system. This allows users to easily connect, verify their identity, and synchronize their work email accounts on their devices.
- VPN management
  BigFix MCM and BigFix Mobile enable organizations to manage and configure Virtual Private Network (VPN) settings on enrolled Android, Apple, and Windows devices, ensuring secure remote access to corporate networks.
- Wi-Fi configuration management
  BigFix MCM and BigFix Mobile offer WiFi configuration management, where administrators can control and configure the wireless network settings on MCM-enrolled devices. This helps organizations to maintain a secure and reliable wireless network infrastructure while providing flexibility for users to connect to authorized networks.
- Jailbreak Detection
  Jailbreak Detection enables administrators to identify compromised mobile devices enrolled in the MDM platform.
  - Jailbreak Detection overview
    Understand the security implications of jailbroken or rooted devices and how BigFix MCM identifies these risks.
  - Scanning for Jailbroken Devices
    Identify compromised iOS and iPadOS devices by initiating an on-demand jailbreak detection scan.
  - Compliance, Remediation, and Policy Enforcement
    You can make devices compliant by defining automated policies and executing remediation actions and policy enforcement.
  - Compliance Enforcement Setting
    The Compliance Enforcement Setting page in the BigFix WebUI allows administrators to create automated links between a device's security status and a specific Policy Group. When a device is identified as "Potentially compromised" (Jailbroken or Rooted), the system automatically enforces the associated policy to mitigate risks.
- Geofencing
  Geofencing is a location-based technology that creates a virtual boundary (or “zone”) around a real-world area using GPS, Wi-Fi, cellular data, or RFID signals.
- Remote Access
  This procedure outlines the steps required to start a Remote Access session using Modern Client Management.
- BigFix MCM and Mobile Known Limitations
  This topic lists known limitations and restrictions in BigFix Modern Client Management (MCM) and BigFix Mobile for each version. Use this to understand feature gaps, known issues, or unsupported configurations relevant to your environment.
- Troubleshooting
  This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
- Frequently Asked Questions
  Read this section for commonly asked questions and their answers to manage the MCM deployments better.
Glossary
This glossary provides terms and definitions for the BigFix software and products.

Jailbreak Detection overview

Understand the security implications of jailbroken or rooted devices and how BigFix MCM identifies these risks.

What is Jailbreaking and Rooting?

Jailbreaking (iOS/iPadOS) and Rooting (Android) are processes that bypass the manufacturer's security restrictions to gain administrative or "root" access to the operating system. While this allows for greater customization, it compromises the device's built-in security sandbox.

Enterprise Security Risks

Compromised devices present significant vulnerabilities to corporate data, including:

Malware Susceptibility: Unauthorized apps can bypass security checks to install spyware or ransomware.
Data Exfiltration: Enterprise apps lose their encrypted isolation, allowing malicious tools to scrape sensitive data.
OS Vulnerability: Rooted devices often miss critical security patches or run outdated kernel versions.

Supported Operating Systems

The Jailbreak Detection is supported for the following platforms:

iOS / iPadOS
Android

How BigFix Detects Compromised Devices

The BigFix Agent app performs local inspections for specific "indicators of compromise" (IoCs), such as:

Presence of the Cydia, Sileo, or Zebra package managers.
Existence of the /bin/bash or /etc/apt directories on mobile platforms.
Unsigned system binaries or modified bootloaders.

Compliance Scenario

An organization can use the Scan for Jailbreak action to identify non-compliant devices. If a device returns a Positive status, an administrator can immediately trigger a Wipe or Lock action to protect corporate resources.

Best Practices

Important: Always combine Jailbreak scans with Policy Groups to automate the response to compromised endpoints.

Schedule scans during off-peak hours to minimize user impact.
Inform users that rooted devices are strictly prohibited by corporate policy via the App Catalog messaging.