Manage policies

You can create and manage policies specific to Windows, Apple (macOS/iOS/iPadOS), and Android devices through BigFix WebUI.

User permissions and capabilities

Master operators and non-master operators who have WebUI permissions to view the MCM application, along with the ability to create, edit, and delete non-custom policies, can manage the following policies via WebUI:
Custom Policies

Users with permission to create, edit, and delete MDM custom policies will see an additional option that allows them to create custom policies

Master Operators

Only master operators have the authority to manage DEP (Device Enrollment Program) and Disk Encryption Policy policies.

Non-Master Operators
To manage MCM and BigFix Mobile policies and actions, non-master operators must have the following permissions:

Policies Configurable via WebUI

The following are the policies that can be configured using BigFix WebUI:

Certain policy types are operating system specific. Each policy type has the applicable operating system logos underneath to notify the users. If you find more than one logo, it represents that the policy can be applied to more than one operating system, specific to those logos.

Policy type Scope Available for the OS
Passcode policy

Create passcode policy for low security requirement

macOS / iOS / iPadOS, , Android

Kernel Extension Whitelists

Create kernel extension white list policy to load code dynamically into the macOS Kernel macOS
Full Disk Access Create policy to encrypt disc space macOS
Upload Custom Policy Create custom policy macOS / iOS / iPadOS, , Android
Restrictions Policy Create restriction policy macOS / iOS / iPadOS, , Android
Certificates Policy Create policy certificates macOS,
Disk Encryption Policy Create policy to apply disc encryption macOS,
Appstore App Policy Create policy to deploy app store apps on MDM endpoints iOS / iPadOS, Android
OS Update Policy Create policy to manage OS updates iOS / iPadOS, Android
Note:
  • You cannot deploy multiple non-custom polices of same type to the targeted devices.
  • You can deploy multiple custom policies to the targeted devices in one action.

Steps to create a policy

To create a policy, follow these steps:
  1. Open the MCM app.
  2. Click Create Policy.
  3. On the page where the policies are listed, select the Supported Operating Systems to display only the policy types that are supported for the selected operating systems. From the filtered list, select the policy type that you want to create.