Install BigFix MDM Service for Apple
Learn how to install BigFix MDM Service for Apple through WebUI.
Before you begin
- You need an Apple Push Notification certificates PEM file that is obtained through the HCL vendor signing process and processed by Apple for this MDM Server deployment.
- You must have the necessary certificates and keys. See, MDM SSL certificates.
- You must have the BigFix Agent version 10.0.2 or later running on the MDM Server target.
- You must be a Master Operator to perform this task through WebUI.
About this task
To install BigFix MDM server for Apple endpoints:
- From the WebUI main page, select .
- On the Modern Client Management page, click Admin.
- On the Admin page, from the left navigation, under MDM Servers, select Install.
- Select Target Device. Click Select and select an appropriate target to install the MDM server on.
- Server Install Type: For Select OS, select
Apple.
- Install Parameters:
- Organization Name: Enter a string. While enrolling a device, the organization name entered here displayed to the end users.
- User Facing Hostname: For over the air enrolls, this is the hostname
of the server where users can visit to enroll in MDM. The value must
be a valid FQDN that is accessible from the Internet. For example,
mdmserver.deploy.bigfix.com.Note: https:// should not be included here.
- TLS Credentials: Enter the details of the MDM Server TLS
certificate and key contents.
- TLS Key Password: To decrypt the TLS Key, enter the password that was used while encrypting the TLS key.
- TLS Certificate: Click Upload File and browse through the location to select the TLS .crt file.
- TLS Key: Click Upload File and browse through the location to select the encrypted mdmserver.key that was previously saved. Refer to BigFix MDM Server TLS Certificate Content.
- MDM Server Authentication Certificate and Key Content:
Upload the MDM Server authentication certificate and key files.
- For Certificate Authority, click Upload File and browse through the file location to select the ca.cert.pem file.
- For MDM Server Certificate, click Upload File and browse through the file location to select the server.cert.pem file.
- For MDM Server Key, click Upload File and browse through the file location to select the server.key file.
- For Client Certificate, click Upload File and navigate and select client.cert.pem file.
- For Client Key, click Upload File and navigate and select client.key file.
- Apple Push Certificate and Key Content:
- Apple Push Key password: Enter the private key pass phrase that was used to encrypt the Push Certificate Private key as described in Generating APNs certificate.
- Apple Push Certificate: Click Upload File and browse through the file location to select the Push PEM file.
- Apple Push Key: Click Upload File and browse through the file location to select the encrypted Push key file as described in step 2 at Generating APNs certificate.
- User Agreement for Mac MDM Enrollment: This is optional. Enter a welcome message text for users to see prior to accepting enrollment into MDM. The message entered here is displayed to the end users to accept to proceed with enrollment of Apple devices through the enrollment process. This allows the organization to notify or warn device users of the terms and conditions of enrolling their devices. This message can include, for example, a warning about allowing remote management of the device or helpdesk contact information.
- Click Install.
Results: The action completes these activities:
- Downloads a set of docker images from software.bigfix.com which is needed for the MDM installation.
- Installs the services and certificates including the Plugin certificates, the TLS certificate, and the Apple Push certificate on which the server runs.
- Applies all required configurations.