BigFix 11.0 Patch 2 is now available!

The BigFix Team is pleased to announce the release of version 11 Patch 2 (11.0.2.125) of BigFix Platform. The main features in this release are as follows:

New BigFix Explorer component to extend the power of BigFix!

With this release BigFix Platform introduces BigFix Explorer.
This new component provides REST API access to BigFix data in an easier, more scalable and more resilient way.
It is designed to detach the datastore engine from Console and Web Reports and use it as a standalone service to query the BigFix Server data using Session Relevance expressions.
For details, see Introduction and Explorer.

Added Microsoft Entra ID as Identity provider

BigFix Platform now allows to use Microsoft Entra ID (formerly known as Microsoft Azure AD) as Identity Provider, to support the Single-Sign-On and Multi-Factor-Authentication use cases. This allows the user directory on Entra ID to be used for accessing the BigFix Console, Web Reports and WebUI.
For details, see Integrating with Microsoft Entra ID and Identity Provider Permissions.

IPv6 validation completion

Extensive validation scenarios were run, and problems addressed, to ensure that BigFix platform components run both in IPv6-only and concurrent IPv6+IPv4 configuration. For details, see IPv4 and IPv6 protocols concurrent support.

Removed init.d dependencies for RHEL and SUSE platforms

With this release BigFix services are no longer dependent on init.d for RHEL, SUSE and derived platforms. For details, see Managing the BigFix Services.

Enhanced Archive Manager capabilities

A new set of REST APIs named “Archive Manager” is available to list, retrieve or remove the files uploaded by the Archive Manager on the BigFix Server. Additional customization is also possible with respect to Archive Manager file cleanup policy. For details, see Archive Manager and Automatic Server Clean Up.

VMware Plugin enhancements

The VMware Plugin has been extended with inspectors and action commands to improve the management capabilities for both host and guest systems. For details, see Introduction to Cloud Plugins, Configuring cloud plugins, VMware Asset Discovery Plugin Inspectors and VMware Plugin Commands.

Inspector Updates

Added client inspector type to support 128-bit signed integers

  • A new client inspector type named “large integer” was created to support the 128-bit signed integers. For details, see large integer.

Added client inspector constructor to support BigFix Explorer

  • A new client inspector constructor named “explorer service” was created to provide access to the BESExplorer service, if available on the local system. For details, see service.

Added client inspector properties.

  • New client inspector properties named “display name of” and “linux of” were added to return the OS name in a human readable format and to verify if the computer is running Linux. For details, see operating system.

Library and driver upgrades

  • The jQuery library was upgraded to Version 3.7.1.
  • The libcURL library was upgraded to Version 8.6.0.
  • The Microsoft ODBC Driver was upgraded to Version 17.10.5.1.
  • The OpenSSL library was upgraded to Version 3.1.5.
  • The sqlite library was upgraded to Version 3.45.1.
  • The zlib library was upgraded to Version 1.3.1.

Additional information about this release

References

Pre-Upgrade Considerations

Important considerations to keep into account before upgrading to BigFix Platform Version 11 are:

  • BigFix Version 10.0.7 is the minimum version supporting the upgrade of the BigFix server components to Version 11

  • You must enable the “Enhanced Security” before upgrading BigFix Platform to Version 11

  • The minimum TLS supported protocol in BigFix V11 is TLS 1.2

  • The SHA1 hashing algorithm for content and action signature will no longer be supported. SHA1 is still supported for file download in actionscript.

For details, see the BigFix Platform V11 Overview Page

  • The unixODBC RPM package is a prerequisite for the Server components on Linux systems (see Server Requirements). This applies to installations with a DB2 database.

  • The msodbcsql17 RPM package is a prerequisite for the Server components on Linux systems (see Server Requirements). This applies to installations with a MSSQL database.

For details, see Upgrade paths (Windows) and Upgrade paths (Linux)

  • For detailed information on the specific changes to minimum supported versions of operating systems and databases for BigFix 11, see Detailed system requirements.

  • Before getting started with the upgrade process, stop any active application that is connected to the BigFix database (such as Web Reports, WebUI, BigFix Inventory, or BigFix Compliance).

Useful links

· BigFix downloads and release information

· BigFix 11 Platform Documentation

· Upgrade Windows considerations

· Upgrade Linux considerations

· Detailed system requirements

A blog that discusses the benefits of BigFix 11 is available here

Upgrade Fixlets are available in BES Support version 1488 (or later).

– HCL BigFix – Platform Team

14 Likes

Do you know if this addresses the limitation when using SAML where RestAPI doesn’t work unless the account is a local account?

Hello, nothing has changed in the authentication for the rest apis, so the current behaviour still stands.
Thank you

3 Likes

Does adding Microsoft Entra ID as Identity provider allow BigFix to pull down other device attributes from Entra ID such as Group details? We are looking for a solution for cloud-only devices that have been provisioned with AutoPilot, InTune and additional software deployed with BigFix for zero-touch deployments.

1 Like

Hello, sorry I had missed your question.
If I understand correctly, you are looking to bring in group info from Entra ID when a computer is enrolled through AutoPilot.
The changes introduced in 11.0.2 pertain to the use of Entra ID as Identity Provider for accessing the BigFix user interfaces (Console, Web Reports and WebUI).
As it relates to enrolling agents with AutoPilot, you can refer to BigFix Modern Client Management capability that is available in our Lifecycle, Compliance, Workspace and Enterprise offerings.

We are aware of those solutions. However, we are already using Intune and a device cannot be managed by multiple MDM solutions. We need to keep using Intune with BigFix or look for other solutions. Thank you!

Are you asking about being able to target a Bigfix task to a Entra Group or be able to identify/Group machines in BigFix by group membership in Entra groups? That would be great wouldn’t it. We can do that with on-premise AD groups if the machine is on-premise domain joined but it would be nice to be able to get group membership for devices from Entra for targeting purposes.

We also use Intune as our MDM, but we use BigFix for just about everything else.

This is exactly the use case as these devices are not hybrid joined.Glad we are not alone.

What we have started doing is using a PowerShell script that is targeted to the Entra group that tags the registry of the device and then have Bigfix target that registry tag to deploy apps/configurations or for reporting or grouping machines.

We are doing the same thing but this is very manual as we need to build these tags for every group.

There is an idea opened recently on the Ideas Portal, that appears to be related to this conversation.

BigFix Integration with Entra ID (AzureAD)

It needs upvoting to increase the chances of it being implemented by HCL, if so.

1 Like

I was the one who added this idea. I hope it gains some votes and traction.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.