Welcome
Installation and Configuration
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
MCM and BigFix Mobile server and components installation
This guide provides instructions for installing the MCM and BigFix Mobile server along with its components, ensuring proper setup and configuration.
On-premises deployment setup
Understand the prerequisites and preparation required to install the BigFix MDM server and BigFix PlugIn Portal on-premise.
Managing certificates and keys for MDM server installation
To enable secure communication in a BigFix MCM deployment, various certificates and credentials are required for the MDM Server. These include SSL certificates for internal communication, TLS certificates for external security, and credentials for push notification services.

BigFix Documentation Homepage
Modern Client Management and BigFix Mobile
Welcome to the Modern Client Management and BigFix Mobile documentation, where you can find information about how to install, maintain, and use Modern Client Management and BigFix Mobile.
Overview
This section guides you through BigFix Modern Client Management (MCM) and BigFix Mobile to understand the MCM concepts, terminologies, features, and functionality.
Guides in PDF format
This section contains links to PDF versions of all the MCM and BigFix Mobile manuals.
Installation and Configuration
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
- MCM and BigFix Mobile server and components installation
  This guide provides instructions for installing the MCM and BigFix Mobile server along with its components, ensuring proper setup and configuration.
  - Audience
    This guide is for administrators and IT managers who want to install and configure BigFix MCM and BigFix Mobile. It details prerequisites for each of the scenario and provides installation instructions that allow you to deploy the program in your environment. It also includes information about configuring and maintaining BigFix MCM and BigFix Mobile components.
  - Planning the installation
    Read this section before you begin to install or update any of the BigFix MCM or BigFix Mobile product features. Effective planning and an understanding of the key aspects of the installation process can help ensure a successful installation.
  - On-premises deployment setup
    Understand the prerequisites and preparation required to install the BigFix MDM server and BigFix PlugIn Portal on-premise.
    - Prerequisites and requirements
      Before installing BigFix MCM and BigFix Mobile, verify that your system meets all prerequisites, including hardware specifications, network configurations, database requirements, and container runtime setup. Proper preparation ensures a seamless installation and optimal performance.
    - Managing certificates and keys for MDM server installation
      To enable secure communication in a BigFix MCM deployment, various certificates and credentials are required for the MDM Server. These include SSL certificates for internal communication, TLS certificates for external security, and credentials for push notification services.
      - Apple Push Notification certificates
        The Apple Push Notification (APN) certificate is essential for Mobile Device Management (MDM) services to communicate with Apple devices. This document provides a step-by-step guide on obtaining, renewing, and managing APN certificates to ensure uninterrupted service.
      - WNS Credentials
        BigFix Windows MDM service must be authenticated with Windows Notification Service (WNS) credentials. Once authenticated, the Windows MDM service receives a token that it can use to initiate communication with the Windows MDM devices.
      - Google Enterprise Credentials
        Google Enterprise Credentials are needed to utilize Android Management functionalities.
    - Installing BigFix PlugIn Portal
      The PlugIn Portal provides the server infrastructure for MCM and BigFix Mobile.
    - Installing MDM services
      You can set up MDM services for Windows, Apple, and/or Android through WebUI.
    - Installing MDM Plugin
      You need MDM Plugin to set up a connection between the MDM Servers and the BigFix Plugin Portal. MDM Plugin communicate with the MDM Server through REST APIs and the AMQP protocol using client certificates.
  - On-premises Upgrade
    Learn how to upgrade BigFix MCM and Mobile deployments to the latest version, including updating the MDM Server and MDM Plugins. Ensure prerequisites like Plugin Portal version and Podman installation are met, and follow specific steps to maintain functionality during the upgrade process.
  - Configuring BigFix MCM and BigFix Mobile
    After the MCM components are set up, there are additional configuration options available to enable features like Bulk Enrollment for Windows, DEP policies for macOS, or prestage installers for Windows and MacOS MDM endpoints.
  - Reference Information
    This section contains more detailed information about some of the essential installation aspects.
  - Troubleshooting
    This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
- Identity service configuration
  Starting from UEM3.0, MCM extends the capability to identify and manage devices based on users. The users can be identified based on their associated attributes including names, roles, group memberships, distribution list memberships, or physical locations. The devices identified based on users can then be targeted and managed through various configurations to provide conditional access and ensure compliance, endpoint security, and App protection.
- Simple Certificate Enrollment Protocol (SCEP) configuration
  BigFix MCM supports certificate management and certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- Domain join installation and configuration
  Read this section to learn the prerequisites and the tasks to install ODJ service to set up your environment to enroll Windows devices and join Active Directory domain or both Active Directory and Azure AD domain.
- SAML-authentication configuration
  MCM and BigFix Mobile supports Security Assertion Markup Language (SAML) authentication to enroll devices to protect sensitive data and ensure secure access to corporate resources.
Quick Start
This quick start guide gets you up and running with your BigFix MCM and BigFix Mobile solution. It helps you secure, configure, and manage your mobile devices quickly and efficiently.
User Guide
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
Glossary
This glossary provides terms and definitions for the BigFix software and products.

Managing certificates and keys for MDM server installation

To enable secure communication in a BigFix MCM deployment, various certificates and credentials are required for the MDM Server. These include SSL certificates for internal communication, TLS certificates for external security, and credentials for push notification services.

Starting with BigFix MCM 3.3, SSL certificates are automatically generated and managed within WebUI, eliminating the need for manual creation and upload. However, TLS certificates and push notification credentials must still be obtained from third-party sources and uploaded manually.

SSL certificates and keys

MCM v3.3 and Later

The required SSL certificates and keys are automatically generated and stored within WebUI.
No manual creation or upload is required during MDM Server installation.

Prior to MCM v3.3

For users who previously created SSL credentials using older methods (prior to MCM v3.3), the following options remain available.

Add Credentials – Allows manually adding SSL credentials.
Update Credentials – Enables replacing existing SSL credentials.
Remove Credentials – Deletes previously uploaded SSL credentials.

These manual management options will be deprecated in a future release, as they are no longer required for MCM deployment.

BigFix MDM server TLS certificate and key

TLS certificates are required to secure external communication between the MDM Server and managed devices. These certificates must be obtained from a trusted Certificate Authority (CA) and provided in the form of a chain.. The TLS certificate chain is deployed through the MDM Server installation in the WebUI.

TLS certificates are updated through Fixlet 702: BigFix MDM Server - Stage External TrustedCA TLS Certificates.

BigFix MDM server installation requires the following information:

MDM Server TLS certificate chain with a .crt or .pem extension
MDM Server TLS private key with a .key extension
MDM Server TLS private key password

Note: Depending on the trusted CA you use, if this information is in a format other than the required format, you need to work offline to get it in the required format before installing the MDM server.

See additional notes at BigFix MDM Server TLS Certificate Content.

Other required certificates

To add feedback about this topic, select the following checkbox:

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners Four, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site. Personal data should not be shared in this comment box. See our Privacy Statement to understand how personal data is used.