Install and manage MCM and BigFix Mobile components - On-premises only

MDM on-premises requires you to perform one-time MDM Server setup. You must have the required hardware and software set up prior to deploying MDM on-premises. Set up your environment through BigFix WebUI.

For details on prerequisites, setup instructions, and other information seeOn-premises deployment setup section of the Installation and Configuration Guide.

To set up and manage MDM components through BigFix WebUI:
  • Ensure that you are a Master Operator (MO)
  • From WebUI main page, click Apps > MCM and from the Modern Client Management page, click Admin

Install MDM server

Install MDM server: You can install standalone versions of Windows, Apple®, or Android MDM server. You can also add capabilities to the MDM server to manage a combination of these operating systems. Before installing MDM server, do the following:
  • Install Docker Engine, Docker Compose, and OpenSSL.
  • Install BES client on the target computer in which you want to install MDM server. This is because you need to install MDM server through WebUI or Fixlets.
Note: With MCM v3.0, you do not have to configure LDAP at the time of installing the MDM Server. You can configure this through the Manage Capability screen. This gives you the options to select your identity server and authentication method after installing the MDM Server.

Manage capability

For MDM servers with only one component installed (Windows, Apple, or Android), you can add the additional component. You can also configure the identity service. See Manage MDM server capability.

Install MDM Plugin

Install MDM Plugin: Installing MDM Plugins is required to set up a connection between the MDM Servers and the BigFix Plugin Portal. MDM Plugins communicate with the MDM Server through REST APIs and the AMQP protocol using client certificates. MDM Plugins are available to manage Apple, Windows, and Android devices.

Before installing MDM Plugin:
  • Ensure that the server host is running the Plugin Portal version 10.0.2 or later.
    Note:
    • To install any version of MDM Plugin, you need at least Plugin Portal v10.0.2.
    • For all the features from the latest MDM version to work, you need Plugin Portal v10.0.8 or greater.
  • Ensure BigFix agent version 10.0.2 or later is running locally. For details about installing the BigFix Client, see Installing the BigFix components.
  • Ensure you have the required credentials, specifically the CA cert, the client cert, and the client key that is generated from BESAdmin.sh. For details, see MDM SSL certificates.
  • Ensure you have a Trusted CA TLS certificate and MDM Push credentials of various forms for Apple, Windows and Android servers.

Manage server and client credentials

You need an appropriate set of server and client certificates and keys for the client applications (MDM Plugin, WebUI, ID Service) to securely communicate with a specific MDM Server. You can generate these certificates and keys through BESAdmin and upload them at the time of MDM server installation. After the initial installation, if you want to add, modify, or remove these credentials, you can do it through WebUI. For more information on how to add, update, or remove server and client credentials, see:

Update

Update MDM servers and Plugins as necessary. See update MDM components.

Uninstall

At any point in time, you can uninstall MDM components from WebUI. Note that uninstalling MDM components removes the capability to manage some or all the enrolled devices.