Welcome
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
Troubleshooting
This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
Android device enrollment and reporting delays
If you are experiencing significant delays in Android devices reporting to the BigFix WebUI MCM portal or during enrollment/unenrolling, consider the following troubleshooting steps:

BigFix Documentation Homepage
Modern Client Management and BigFix Mobile
Welcome to the Modern Client Management and BigFix Mobile documentation, where you can find information about how to install, maintain, and use Modern Client Management and BigFix Mobile.
BigFix Mobile and MCM Overview
Discover how BigFix Mobile and Modern Client Management (MCM) extend unified endpoint management to mobile devices and modern OS platforms like iOS, Android, and Windows 10+, all from a single console.
Guides in PDF format
This section contains links to PDF versions of all the MCM and BigFix Mobile manuals.
Installing and Configuring BigFix Mobile and MCM
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
Quick Start
This quick start guide gets you up and running with your BigFix MCM and BigFix Mobile solution. It helps you secure, configure, and manage your mobile devices quickly and efficiently.
User Guide
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
- Modern Client Management and BigFix Mobile
  This guide is intended for HCL BigFix Master Operators (MO) and those who administer BigFix deployments. If you are looking for information about using Modern Client Management (MCM) and BigFix Mobile, see the WebUI User's Guide.
- BigFix MCM
  Read this section to learn enrolling and managing Windows and macOS desktop and laptop devices.
- BigFix Mobile
  BigFix Mobilesimplifies the management and security of Android, iOS, and iPadOS devices, enabling IT admins to seamlessly enroll, configure, and monitor mobile devices, ensuring compliance and protection of corporate data.
- SCEP Certificate-based authentication
  BigFix MCM supports certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- SAML-authenticated enrolment flow
  When you configure SAML as the authentication method, when a user hits the enrollment URL and click Enroll, the user is first authenticated via the identity provider before proceeding with the enrollment process.
- Application management
  App Management in BigFix Mobile and MCM provides a centralized way to distribute, update, and control applications across multiple device platforms. Administrators can deploy both public store apps and internal corporate apps, enforce policies, and secure company data while simplifying the app lifecycle for end users.
- Email configuration management
  With BigFix MCM and BigFix Mobile, you have the ability to install and set up email application that can connect to your email system. This allows users to easily connect, verify their identity, and synchronize their work email accounts on their devices.
- VPN management
  BigFix MCM and BigFix Mobile enable organizations to manage and configure Virtual Private Network (VPN) settings on enrolled Android, Apple, and Windows devices, ensuring secure remote access to corporate networks.
- Wi-Fi configuration management
  BigFix MCM and BigFix Mobile offer WiFi configuration management, where administrators can control and configure the wireless network settings on MCM-enrolled devices. This helps organizations to maintain a secure and reliable wireless network infrastructure while providing flexibility for users to connect to authorized networks.
- BigFix MCM and Mobile Known Limitations
  This topic lists known limitations and restrictions in BigFix Modern Client Management (MCM) and BigFix Mobile for each version. Use this to understand feature gaps, known issues, or unsupported configurations relevant to your environment.
- Troubleshooting
  This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
  - Apple profile displayed as unverified
    Read this section to troubleshoot if the Apple mobile displays the deployed Apple profile as “Unverified.”
  - Android Kiosk not connected to Internet
    Read this section to troubleshoot Android Kiosk Wi-Fi connection issues.
  - Android KIOSK policy not working
    After upgrading the MDM Server to version 3.3, the KIOSK policy failed to display installed applications for devices enrolled in version 3.2 due to a missing "statusReportingSettings" parameter in custom policies. Adding this parameter with "applicationReportsEnabled": true and redeploying the policy resolves the issue, ensuring installed applications are correctly shown in the WebUI.
  - BigFix Agent deployment issues
    The MCM Deploy Agent action fails because of an incorrect path in the MDM Server Analysis.
  - Enrollment fails with 401 authentication error
    Learn how to resolve the issue when the enrollment fails with 401 authentication error when there is no issue with LDAP.
  - Endpoint not disconnected from AD after unenrollment
    Read this page to remove an ODJ-enrolled endpoint from Active Directory (AD) on unenrollment to prevent it from accessing network resources.
  - Generating Encryption Recovery Key Escrow fails
    Read this page to troubleshoot Encryption Recovery Key Escrow generation failure when the BigFix Server is installed on RHEL 10.0.
  - Health Check MDM Plugin Status is not displayed properly
    Read this section to troubleshoot when WebUI Health Check MDM Plugin Status section keeps loading for longer time and does not display the required information.
  - Policy is deployed, but is not effective on the device
    This page provides information to troubleshoot the issue if a policy is deployed but is not effective on the device.
  - Setting the Home Page for MicroSoft Edge on Windows
    You can set the home page for Microsoft Edge on Windows 10 and Windows 11 devices by using the restriction policy through the WebUI.
  - Verify if PPKG generation point is set for bulk enrollment
    To troubleshoot bulk enrollment issues, ensure if the targeted device is designated as the provisioning package generation point.
  - MCM Device Correlation Issues
    Troubleshooting MCM device correlation issues in BigFix WebUI.
  - Apple Enrollment issues – HTTP 401 Error
  - Android device enrollment and reporting delays
    If you are experiencing significant delays in Android devices reporting to the BigFix WebUI MCM portal or during enrollment/unenrolling, consider the following troubleshooting steps:
  - "Allow Simple Passcodes" remains enabled on iOS devices
    When the "Allow Simple Passcodes" option is unchecked in BigFix for iOS devices, the setting may still show as enabled because the policy does not explicitly set the `allowSimple` property to false. To resolve this, administrators must create and deploy a custom policy XML that explicitly sets `allowSimple` to false, ensuring the device reflects the intended restriction.
- Frequently Asked Questions
  Read this section for commonly asked questions and their answers to manage the MCM deployments better.
Glossary
This glossary provides terms and definitions for the BigFix software and products.

Android device enrollment and reporting delays

If you are experiencing significant delays in Android devices reporting to the BigFix WebUI MCM portal or during enrollment/unenrolling, consider the following troubleshooting steps:

Upgrade Components: Ensure BigFix MDM and plugin components are up to date with the latest versions.
Check Firewall Rules: Ensure that all required Google API URLs (listed in the BigFix documentation for Android, specifically `oauth2.googleapis.com`, `accounts.google.com`, `cloudresourcemanager.googleapis.com`, `androidmanagement.googleapis.com`, `iam.googleapis.com`, `pubsub.googleapis.com`, `www.googleapis.com`) are whitelisted and accessible on TCP port 443 from the Android MDM server.
Verify DNS Resolution:
- Execute sudo docker exec -it androidmdm nslookup oauth2.googleapis.com`on the MDM server (or Podman if applicable).
- If DNS resolution fails, ensure the MDM server is configured to use a DNS server accessible from its network (especially if in a DMZ).
Test Connectivity to Google APIs:
- Execute sudo docker exec -it androidmdm nc -zv oauth2.googleapis.com 443 on the MDM server (or Podman if applicable).
- Confirm that the connection shows as "open".
Review MDM and Plugin Logs: Check `android_mdm.log` and `MDMPlugin.log` for specific error messages related to Google API connectivity, as these logs provide more detailed information than `android-mdm_opstate.json`.
Reinstall Android Plugin: If the `plugin opstate.json` shows errors, consider reinstalling the Android plugin.