Manage policies
You can create and manage policies specific to Windows, Apple (macOS/iOS/iPadOS), and Android devices through BigFix WebUI.
User permissions and capabilities
- Custom Policies
-
Users with permission to create, edit, and delete MDM custom policies will see an additional option that allows them to create custom policies
- Master Operators
-
Only master operators have the authority to manage DEP (Device Enrollment Program) and Disk Encryption Policy policies.
- Non-Master Operators
-
To manage MCM and BigFix Mobile policies and actions, non-master operators must have the following permissions:
- Appropriate permissions to create, edit, and delete MCM custom and non-custom policies.
- The "Can Create Actions" and "Custom Content" permissions set in the BigFix Console to deploy MCM actions and policies.
- The NMO must have Writer permission for at least one custom site to view it in the "Assign Policy to Site" dropdown menu and link an MDM policy to it.
- The NMO must have Reader permission, or be part of a role with
Reader permission, for the BESUEM site to access accurate device
counts for the policies.Note: For information on how to create a custom site and assign permissions, read Creating Custom Sites.
Policies Configurable via WebUI
The following are the policies that can be configured using BigFix WebUI:
Certain policy types are operating system specific. Each policy type has the applicable operating system logos underneath to notify the users. If you find more than one logo, it represents that the policy can be applied to more than one operating system, specific to those logos.
Policy type | Scope | Available for the OS |
---|---|---|
Passcode policy |
Create passcode policy for low security requirement |
macOS / iOS / iPadOS, , Android |
Create kernel extension white list policy to load code dynamically into the macOS Kernel | macOS | |
Full Disk Access | Create policy to encrypt disc space | macOS |
Upload Custom Policy | Create custom policy | macOS / iOS / iPadOS, , Android |
Restrictions Policy | Create restriction policy | macOS / iOS / iPadOS, , Android |
Certificates Policy | Create policy certificates | macOS, |
Disk Encryption Policy | Create policy to apply disc encryption | macOS, |
Appstore App Policy | Create policy to deploy app store apps on MDM endpoints | iOS / iPadOS, Android |
OS Update Policy | Create policy to manage OS updates | iOS / iPadOS, Android |
- You cannot deploy multiple non-custom polices of same type to the targeted devices.
- You can deploy multiple custom policies to the targeted devices in one action.
Steps to create a policy
- Open the MCM app.
- Click Create Policy.
- On the page where the policies are listed, select the Supported Operating Systems to display only the policy types that are supported for the selected operating systems. From the filtered list, select the policy type that you want to create.