Feature configuration

The Feature Configuration page in BigFix WebUI enables you to target specific MDM servers and deploy advanced feature modules to managed endpoints. After uprading to MCM v3.6 or later, use the Feature Configuration page to activate specialized management capabilities like Geofencing, Battery Health monitoring, Jailbreak detection, and Remote Access for your MDM servers.

Prerequisites

Before configuring and activating these advanced features, the following prerequisites must be met:

  • Android SHA File: Contact the BigFix MCM Admin team to request your unique SHA key fingerprint file. This must be uploaded during the configuration process.
  • iOS/iPadOS Credentials: You must obtain a .p12 certificate from the HCL/BigFix team. This is required for the Firebase project integration after deployment.
  • Required Google Cloud APIs: The following APIs must be enabled in your Google Cloud Project to allow the automation to interact with the necessary services.
    • Cloud Run Admin APITo deploy and manage the Cloud Run services.
    • Pub/Sub APITo create and manage topics and subscriptions.
    • Secret Manager APITo store and retrieve sensitive configuration and keys.
    • Firebase Management APITo programmatically register Android/iOS apps and manage Firebase resources.
    • API Keys APITo generate, restrict, and manage Google Maps API keys.
    • Artifact Registry APITo store and retrieve container images for Cloud Run.
    • Identity Toolkit APIRequired if the automation configures Firebase Authentication (e.g., Anonymous Auth).
    • Service Usage APINecessary for the automation to enable services and check quotas/status.
  • GCP Service Account: A Google Cloud Platform service account with the following list of roles and permissions must be available to facilitate communication.
    • Artifact Registry Administrator
    • Cloud Build Editor
    • Cloud Run Admin
    • Firebase Admin
    • Firebase Cloud Messaging Admin
    • Logging Admin
    • Maps API Admin
    • Pub/Sub Admin
    • Secret Manager Admin
    • Service Account Key Admin
    • Service Account User
    • Storage Admin
    • Vertex AI Administrator
    • Viewer
    • Firebase Admin SDK Administrator Service Agent
    • Firebase Authentication Admin
    • Service Account Token Creator
  • Postgres password for db
  • An artifact registry with name bigfix-docker-repo needed to be created by client for automation.

MCM v3.6 Activation Logic

Important: After upgrading to MCM v3.6, the specialized management capabilities remain inactive until the feature configuration deployment is processed. To activate the features, configure and deploy the feature configuration settings via this page.

Default Feature Set

In version MCM v3.6, the following features are selected by default. To ensure system integrity and full management capability, users cannot modify or deselect these options during deployment:

Feature Description
Geofencing Tracks device location based on defined physical boundaries.
Battery Health Monitors real-time battery performance and health metrics.
Jailbreak Detects compromised or rooted status on mobile devices.
Remote Access Provides secure remote troubleshooting capabilities.

Configuration Steps

  1. From BigFix WebUI MCM app, navigate to Admin > MDM Servers > Feature Configuration.
  2. Click Select under Target Devices for Server to designate the devices receiving the configuration.
  3. Under App Push Notification Configuration, perform the following:
    • Android: Upload the SHA key authentication file obtained from the BigFix team.
    • iOS: Acknowledge the APNs configuration requirement.
  4. Click Deploy.

Post-Deployment Requirements

Upon clicking Deploy, the BigFix UEM App is automatically installed on target devices. This app is essential for feature support.

Notice: For iOS and iPadOS devices, you must manually upload the .p12 certificate received from the HCL Admin team to your Firebase project to enable push notifications after the deployment is complete.
  1. In the Target Devices for Server section, click Select. Choose the MDM server(s) from the list that will host these features.
  2. In the MDM Features section, select the checkboxes for the capabilities you want to enable:
    • Geofencing: Track device location based on defined boundaries.
    • Battery Health: Monitor real-time battery performance.
    • Jailbreak: Detect compromised or rooted devices.
    • Remote Access: Provide secure remote troubleshooting sessions.
  3. Configure App Push Notifications based on your target platforms:
    • For Android: Select the checkbox and provide the required SHA key authentication.
    • For iOS: Select the checkbox to enable APNs Auth Configuration.
    Important: You must obtain the SHA fingerprint and APNs certificate from the HCL Admin team. For iOS, the APNs certificate must be uploaded to Firebase after deployment. Refer to How to Upload an APNs File to Firebase for iOS
  4. Database Configuration: Postgres password for db connection
  5. Customer GCP Configuration: Upload service account JSON file
  6. Region: An artifact registry with name bigfix-docker-repo needed to be created by client for automation. And specify the region on the cloud console and same region needs to be selected on this page.
  7. Click Deploy to apply the configuration to the selected servers.

Once deployment is complete, verify the feature status by navigating to the BigFix WebUI Health Check page.