Jump to main content
HCL Logo Product Documentation
Customer Support Community
Customer Support HCLSoftware U Community Forums Customer Idea Portal
Modern Client Management and BigFix Mobile
  1. Home icon
  2. Welcome
  3. Deployment Guide

    This document provides guidance for deploying the certificate enrollment infrastructure required for BigFix Mobile Configuration Management (MCM). It describes how to integrate BigFix MCM with Microsoft certificate services to enable device certificate enrollment using the Simple Certificate Enrollment Protocol (SCEP).

  4. NDES Installation and Configuration

Product logo

  • BigFix Documentation Homepage
  • Modern Client Management and BigFix Mobile

    Welcome to the Modern Client Management and BigFix Mobile documentation, where you can find information about how to install, maintain, and use Modern Client Management and BigFix Mobile.

  • BigFix Mobile and MCM Overview

    Discover how BigFix Mobile and Modern Client Management (MCM) extend unified endpoint management to mobile devices and modern OS platforms like iOS, Android, and Windows 10+, all from a single console.

  • Guides in PDF format

    This section contains links to PDF versions of all the MCM and BigFix Mobile manuals.

  • Installing and Configuring BigFix Mobile and MCM

    Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.

  • Deployment Guide

    This document provides guidance for deploying the certificate enrollment infrastructure required for BigFix Mobile Configuration Management (MCM). It describes how to integrate BigFix MCM with Microsoft certificate services to enable device certificate enrollment using the Simple Certificate Enrollment Protocol (SCEP).

    • Deployment architecture

      The following diagram illustrates the deployment architecture for integrating BigFix MCM with the certificate enrollment infrastructure. It shows the key components involved in the certificate enrollment workflow, including Active Directory, Microsoft Certificate Authority (CA), Network Device Enrollment Service (NDES), NDES Proxy, LDAP Proxy, and BigFix components.

    • Infrastructure prerequisites

      Before configuring certificate enrollment for BigFix MCM, ensure that the required infrastructure components and access permissions are available. The certificate enrollment workflow relies on integration between Active Directory, Microsoft Certificate Services, NDES, and BigFix components.The following prerequisites should be verified before proceeding with the configuration steps described in this guide.

    • Active Directory setup

      Active Directory provides the directory services required for integrating Microsoft Certificate Authority (CA) and Network Device Enrollment Service (NDES). The following steps ensure that the Active Directory environment is properly prepared before configuring the certificate enrollment infrastructure.

    • Certificate Authority (CA) Configuration

      The Microsoft Certificate Authority (CA) is responsible for issuing certificates requested through Network Device Enrollment Service (NDES) using the Simple Certificate Enrollment Protocol (SCEP).This section describes the required configuration on an existing Enterprise Certificate Authority to support certificate enrollment.

    • SCEP Certificate Template Configuration

      A custom certificate template must be created to support SCEP-based certificate enrollment with required security and key configurations.

    • NDES Installation and Configuration

    • NDES Proxy Configuration

    • LDAP Proxy Configuration

    • BigFix Configuration for Certificate Enrollment

    • SCEP Profile Configuration in BigFix

    • Communication Ports and Network Flow

    • Certificate Enrollment Flow

  • Quick Start

    This quick start guide gets you up and running with your BigFix MCM and BigFix Mobile solution. It helps you secure, configure, and manage your mobile devices quickly and efficiently.

  • User Guide
  • Administrator Guide

    Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.

  • Glossary

    This glossary provides terms and definitions for the BigFix software and products.

 Feedback

NDES Installation and Configuration

7.1 Install Network Device Enrollment Service (NDES)17

7.2 Configure NDES Service Account17

7.3 Configure CA Integration18

7.4 Configure HTTPS Binding for NDES19

7.4.1 Obtain or Generate SSL Certificate19

7.4.2 Bind Certificate to IIS20

7.5 Verify NDES SCEP Endpoints21

7.5.1 Verify Admin Endpoint21

7.5.2 Verify Capabilities (GetCACaps)21

7.6 Configure and Verify NDES Challenge Password21

7.6.1 Increase Challenge Password Pool Size22

7.6.2 Restart Services

  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences