Welcome
How-to guide
This section provides step-by-step instructions for setting up a BigFix environment, focusing on integration with third-party prerequisites such as Apple Business Manager and Google Play. It guides users through the necessary configuration steps to ensure seamless interoperability with these external services.
Delegation of Control to enable Offline Domain Join
This document provides step-by-step instructions for delegating control to a domain user, enabling them to perform offline domain joins beyond the default limit of 10 computers without requiring domain admin privileges. The process involves configuring permissions in Active Directory Users and Computers for the relevant Organizational Units. For further details on domain join installation and configuration, refer to the BigFix MCM Help Center.

BigFix Documentation Homepage
Modern Client Management and BigFix Mobile
Welcome to the Modern Client Management and BigFix Mobile documentation, where you can find information about how to install, maintain, and use Modern Client Management and BigFix Mobile.
BigFix Mobile and MCM Overview
Discover how BigFix Mobile and Modern Client Management (MCM) extend unified endpoint management to mobile devices and modern OS platforms like iOS, Android, and Windows 10+, all from a single console.
Guides in PDF format
This section contains links to PDF versions of all the MCM and BigFix Mobile manuals.
Installing and Configuring BigFix Mobile and MCM
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
Deployment Guide
This document provides guidance for deploying the certificate enrollment infrastructure required for BigFix Mobile Configuration Management (MCM). It describes how to integrate BigFix MCM with Microsoft certificate services to enable device certificate enrollment using the Simple Certificate Enrollment Protocol (SCEP).
How-to guide
This section provides step-by-step instructions for setting up a BigFix environment, focusing on integration with third-party prerequisites such as Apple Business Manager and Google Play. It guides users through the necessary configuration steps to ensure seamless interoperability with these external services.
- Apple Business Manager Quick Start Guide for DEP
  The purpose of this document is to provide a quick start into the Apple Business Manager (ABM) portal steps required to get macOS devices enrolled into MCM and iOS and iPadOS devices enrolled to BigFix Mobile using Apple Device Enrollment Program (DEP).
- How to create a Microsoft developer account
  You need Microsoft developer account to create WNS credentials. WNS credentials is needed to install or upgrade Windows MDM server and utilize BigFix MCM features.
- Windows Autopilot configuration guide
  This guide provides step-by-step instructions for configuring Windows Autopilot, tailored for BigFix Admins and IT teams. It covers both manual setup in the Azure portal and automated configuration using the autopilotcli tool, ensuring a streamlined deployment process.
- Windows Errors
  This topic provides a list of common errors encountered when enrolling Windows endpoints using Windows MDM through BigFix MCM. It includes links to detailed information on Windows MDM errors, WinHTTP errors, XML parsing errors, and Windows BITS client errors.
- Sample Android Custom Policies
  This topic provides sample Android custom policies in JSON format for use with BigFix WebUI, covering configurations such as kiosk mode, Wi-Fi restrictions, app verification, and VPN setup. Each policy can be modified to meet organizational requirements and includes guidance for uploading and assigning policies. Reference links to official documentation are provided for further customization and policy details.
- Configure NDES server for SCEP
  Learn how to configure the Network Device Enrollment Service (NDES) on a Windows Server to enable Simple Certificate Enrollment Protocol (SCEP) infrastructure. This topic outlines installation prerequisites, provides a step-by-step guide, and offers troubleshooting resources for common NDES issues.
- Okta integration with LDAP
  Integrating Okta with an LDAP server allows users to authenticate to Okta using their LDAP credentials. This integration is required to enable SAML authentication for device enrollment.
- Azure AD registration and configuration
  MCM integrates with Azure Active Directory to enable identity and access management features, including conditional access, role-based access control, and identity governance. These capabilities help you manage and secure access to applications and resources. Refer to the linked documentation for detailed configuration steps.
- Okta configuration for enabling Device Trust
  BigFix Mobile enables Device Trust integration with Okta, allowing secure access from trusted devices. Configuration involves setting up Okta for domain and management hints, followed by managed app policies for deployment. Refer to the linked documentation for detailed setup instructions.
- Windows custom policies
  You can find sample Windows policies on this page. You can create custom policy through WebUI using these sample policies.
- Delegation of Control to enable Offline Domain Join
  This document provides step-by-step instructions for delegating control to a domain user, enabling them to perform offline domain joins beyond the default limit of 10 computers without requiring domain admin privileges. The process involves configuring permissions in Active Directory Users and Computers for the relevant Organizational Units. For further details on domain join installation and configuration, refer to the BigFix MCM Help Center.
Quick Start
This quick start guide gets you up and running with your BigFix MCM and BigFix Mobile solution. It helps you secure, configure, and manage your mobile devices quickly and efficiently.
User Guide
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
Glossary
This glossary provides terms and definitions for the BigFix software and products.

Delegation of Control to enable Offline Domain Join

This document provides step-by-step instructions for delegating control to a domain user, enabling them to perform offline domain joins beyond the default limit of 10 computers without requiring domain admin privileges. The process involves configuring permissions in Active Directory Users and Computers for the relevant Organizational Units. For further details on domain join installation and configuration, refer to the BigFix MCM Help Center.

About this task

Below steps are required to be performed on the domain controller from Active Directory Users and Computers console. Execute below steps on all the required Organizational Units (OUs) to which the computers are Hybrid AD joined.

Procedure

Right click on the Organizational Unit (OU) and select Delegate Control option to open the Delegation of Control wizard
Add the user, for whom the Offline Domain Join permission should be enabled.
Choose custom task option to delegate
Select only computer objects and allow create, delete objects.
Grant full control and complete the wizard

For complete information about Domain join installation and configuration, refer to the BigFix MCM Help Center at Domain join installation and configuration