BigFix - Upgrade MCM to 3.1
BigFix MCM/MDM 3.1 was just release last month with lots of great new features. BigFix Lifecycle and Compliance customers this is something you own as part of your license.
This guide will step you through the upgrade process so your organization can start taking advantage of....
Smart Groups using Active Directory Targeting of users, groups and active directory attributes.?Now with BigFix you can now target your deployments to say all of the Human Resource managers in a certain geography, with specific devices properties (say M1 Macs).?This feature allows almost endless granularity of targeting and provides administrators even more flexibility.
Okta Device Trust - The Device Trust feature from BigFix Mobile prevents unmanaged devices from accessing enterprise services. It provides an extra layer of security to your organization's application access with multi-factor authentication and protects against potential threats from compromised devices. For more information, see Device trust.
Mobile App Catalog - The Mobile App Catalog provides a central point for maintenance of all Mobile Applications. It’s a simply matter of a few clicks to add new applications and deploy them as part of a policy. For more information, see App Catalog.
Pre-Staged apps – there are a few improvements for these.?When a macOS or Windows application is uploaded to the app catalog, it is automatically staged on the MDM servers. Previously it had to be uploaded and then staged from the Admin section of MCM WebUI. Settings can be defined globally where all the applications will inherit them. This can be overwritten at application level and only apply to individual applications.?
Offline Domain Join – Now with BigFix Autopilot enrolled machines can now join the legacy domain as part of the process.?Now no matter where the machine was provisioned (On Prem OSD or Enrollment) it can be joined to your azure domain and legacy domain
Enhanced Apple Volume Purchase Program?(VPP) support – This allows your organization to take advantage of Apples Volume Purchase program and allow you manage apps purchased through apple. License usage will be automatically updated when apps are deployed and again when the app is removed, returning the license to the pool.?
Some of the other great features include
? Apple User Enrollment (BYOD)?
? More secure Apple corporate device enrollment (Authenticated DEP Enrollment )
? Identify Management integration for Enrollment - (OpenLDAP, Active Directory, Azure Active Directory (plus OIDC MFA), and Okta SAML MFA)
? User and Device certificate deployment (SCEP/NDES Solution)
? Custom Templates?
? Passcode Wipe for Mobile Devices
? MacOS Update Enhancements?
If you are looking to install MCM for the first time you can read this guide for installing 2.0 which should be the same setup for 3.1
Upgrading your MCM Server
1.????In Web UI go to Apps- MCM
2.????Select the Admin Tab
3. ?Select MDM Server – Update
4.???Select your MDM Server and select the Deploy button
Upgrading the Plugin Server
1.???Select MDM Plugins – Update
2.???Select Your Plugin Server and Deploy
Adding Credentials for you MDM Server to user the User Certificates
1.???Select MDM Plugins – Add Credentials
2.???Enter your internal server address and add the certificates you generated with the BESadmin tool when you first installed MDM
Syncing BigFix to your Active Directory for Smart Groups
1.???Select MDM Servers – Manage Capability
2.?Input your Ldap Credentials
Creating a Smart Group
02. Some organizations have thousands of active directory groups so add the groups you would like to use for your smart groups by typing in the group name and adding them to the list and add it to the groups list and hit save. Currently there is a limit of 64 groups so only add the groups you need to target.
03. Next we select the active directory attributes we want to target as well
Select Smart Groups – Define Attributes
04. Add the attributes you want to utilize and add them to the list and hit save
05. Go to Smart Groups – Manage Smart Groups
领英推荐
06 Select Create Smart Groups
07. Give the Group a Name
Add the Active Directory Group here we selected BigFix – Server Team
Select Attribute Rules and select User or Device for the Attribute you want to use
Here we selected display name contains iPad.
So this will target everyone in the BigFix – Server Team who has an iPad enrolled.
Adding Apps to your App Catalog
2. Select Add – iOS /iPadOS
3. Search for the app you want to add and select it.?This will search the apple app store for the app
04. Press the Select Button to Add it to your list of apps you want to deploy or set policies around
05. Now you can create a Policy to easily deploy the apps Select Policies
06. Create Policy
07. Select Appstore Apps
08. Give your Policy a Name
Select iOS
Select the Settings for the App such as Preventing Backup, Assuming Management, or Removed when the device is unenrolled.
09. Select the Apps you want to deploy as part of the Policy
10. Save your Policy
11. Now you can Deploy your Policy or Add it to a Policy Group, For this example I am just going to deploy it to the smart group we created earlier. Select Deploy Policy
12. Select Edit Devices
13. Select Target by Group
12. Select the Smart Group we created earlier and Select OK
13. Select Deploy
14. The iPads in the BigFix Server Team will now receive the policy to install Webex on their iPads
Hit install
15. Webex will now install and show up on the iPad