Feature configuration

The Feature Configuration page in BigFix WebUI enables you to target specific MDM servers and deploy advanced feature modules to managed endpoints. After uprading to MCM v3.6 or later, use the Feature Configuration page to activate specialized management capabilities like Geofencing, Battery Health monitoring, Jailbreak detection, and Remote Access for your MDM servers.

Prerequisites

Before configuring and activating these advanced features, the following prerequisites must be met:
1. Google Cloud Platform (GCP) Account
  • An active Google Cloud Platform account is a mandatory prerequisite. If you do not have one, you must navigate to the Google Cloud Console to sign up and complete the registration process.
  • Service Account and Permissions: A dedicated GCP Service Account (e.g., bigfix-mcm-service-account) must be created with specific IAM roles to authorize secure communication. Required roles include:
    • API Keys Admin
    • Artifact Registry Writer
    • Cloud Run Editor
    • Firebase Admin
    • Firebase Develop Admin
    • Pub/Sub Editor
    • Secret Manager Admin
    • Service Account Key Admin
    • Service Account User
    • Viewer
  • Required Google Cloud APIs: The following APIs must be enabled in your Google Cloud Project to allow the automation to interact with the necessary services. For more detailed information on the required GCP services, refer to GCP Services Reference Guide.
    • Cloud Run Admin API To deploy and manage the Cloud Run services.
    • Pub/Sub API To create and manage topics and subscriptions.
    • Secret Manager API To store and retrieve sensitive configuration and keys.
    • Firebase Management API To programmatically register Android/iOS apps and manage Firebase resources.
    • API Keys API To generate, restrict, and manage Google Maps API keys.
    • Artifact Registry API To store and retrieve container images for Cloud Run.
    • Identity Toolkit API Required if the automation configures Firebase Authentication (e.g., Anonymous Auth).
    • Service Usage API Necessary for the automation to enable services and check quotas/status.
    • Maps JavaScript API and Places API Required to display the map.
2. Firebase Project Creation

A Firebase project must be created and linked to your GCP project. This project is essential for managing app communication and delivering real-time notifications via Firebase Cloud Messaging (FCM). Refer to the official documentation at https://firebase.google.com/docs/projects/use-firebase-with-existing-cloud-project.

  • The Firebase project name should match your Google Cloud Project name.
  • After creating Firebase project, initialize the Firebase Authentication:
    • Go to Firebase Console > Authentication and Click on Get Started
3. Billing and Cloud Run Costs
Billing must be enabled in the Google Cloud Console as part of the account registration.
Note: The Cloud Run service, which acts as a bridge for location updates and data exchange, involves operational costs based on usage.
  • Android Enterprise ID: To manage Android devices, you must share your Enterprise ID.

    • Where to find it: In the BigFix WebUI, navigate to Apps > MCM > App Catalog > Add > Android > Public Apps.

      Click the profile settings icon to retrieve your Organization ID / Enterprise ID.

  • Android SHA File: Contact the BigFix MCM Admin team to request your unique SHA key fingerprint file. This must be uploaded during the configuration process.
  • iOS/iPadOS Credentials: You must obtain a .p12 certificate from the HCL/BigFix team. This is required for the Firebase project integration after deployment.
  • Postgres password for db
  • As a prerequisite for the deployment process, a Docker repository in Artifact Registry must be created manually.
    Note: To Create the Repository:
    1. In the Google Cloud Console, navigate to Artifact Registry > Repositories.
    2. Click Create Repository.
    3. Configure the repository with the following details:
      • Name: bigfix-docker-repo(must match exactly)
      • Format: Docker
      • Location: asia-south1 (or the region specified in your deployment configuration)
    4. Click Create.
    Important
    • The repository name must exactly match bigfix-docker-repo.
    • Ensure the repository is created before starting deployment to avoid failures during the setup process.

MCM v3.6 Activation Logic

Important: After upgrading to MCM v3.6, the specialized management capabilities remain inactive until the feature configuration deployment is processed. To activate the features, configure and deploy the feature configuration settings via this page.

Default Feature Set

In version MCM v3.6, the following features are selected by default. To ensure system integrity and full management capability, users cannot modify or deselect these options during deployment:

Feature Description
Geofencing Tracks device location based on defined physical boundaries.
Battery Health Monitors real-time battery performance and health metrics.
Jailbreak Detects compromised or rooted status on mobile devices.
Remote Access Provides secure remote troubleshooting capabilities.

Configuration Steps

  1. In the Target Devices for Server section, click Select. Choose the MDM server(s) from the list that will host these features.
  2. In the MDM Features section, select the checkboxes for the capabilities you want to enable:
    • Geofencing: Track device location based on defined boundaries.
    • Battery Health: Monitor real-time battery performance.
    • Jailbreak: Detect compromised or rooted devices.
    • Remote Access: Provide secure remote troubleshooting sessions.
  3. Configure App Push Notifications based on your target platforms:
    • For Android: Select the checkbox and provide the required SHA key authentication.
    • For iOS: Select the checkbox to enable APNs Auth Configuration.
    Important: You must obtain the SHA fingerprint and APNs certificate from the HCL Admin team. For iOS, the APNs certificate must be uploaded to Firebase after deployment. Refer to How to Upload an APNs File to Firebase for iOS
  4. Database Configuration: Postgres password for db connection
  5. Customer GCP Configuration: Upload service account JSON file
  6. Region: An artifact registry with name bigfix-docker-repo needed to be created by client for automation. And specify the region on the cloud console and same region needs to be selected on this page.
  7. Click Deploy to apply the configuration to the selected servers.

Post-Deployment Requirements

Upon clicking Deploy, the BigFix UEM App is automatically installed on target devices. This app is essential for feature support.

Notice: For iOS and iPadOS devices, you must manually upload the .p12 certificate received from the HCL Admin team to your Firebase project to enable push notifications after the deployment is complete.

Once deployment is complete, verify the feature status by navigating to the BigFix WebUI Health Check page.