Provision New Devices

(imported topic written by SystemAdmin)

Can TEM for Mobile provision a new device?

We want to be able to have a user provide us their cell # or personal email address (which they recieve on their cell). Using that info we want to be able to send them a ssl cert for user identification and provision their device for Exchange email access. Is this withing the capabilities and how much of this would be out of the box vs custom scripting?


(imported comment written by BenKus)

Hi John,

Yes. This is an out-of-the-box capability for Apple iOS devices (the answer for Android varies by Android version and which email client you are using).

For Apple iOS, it would work like this (assuming you already set up your

Management Extender for Apple iOS


  1. You send the user a link (in email or SMS or ask the user to do it manually) to

install the IBM Mobile Client app

(alternately they can skip the app and do the web-based enrollment if you prefer).

  1. After the device is enrolled, it becomes manageable in BigFix just like any other agent.

  2. You can have policy actions that will target any new applicable iOS device that will setup their enterprise access (email, VPN, WiFi) as well as enforce your security settings, enable any restrictions that you require to protect your data (maybe turn on encrypted backups?), deploy apps, etc.

Hope that helps,


(imported comment written by SystemAdmin)

Ben - do you support provisioning on Windows Phone 7.x devices as well? Our environment is iOS and WP7.

(imported comment written by BenKus)

Windows Phone 7 can’t run any reasonable management agent and so it must be managed through activesync.


(imported comment written by Michael.Roesch)

Hi Ben,

sorry to warm up this old thread, but what do you mean by “You can have policy actions”? Where and how do I set this up?



(imported comment written by BenKus)

Hi Michael,

What I meant by that was that when you target an action (any action), you can target it “by property”. For instance, if you have a password policy for iOS, you can apply it “by property” to “all computers” and remove the expiration date and then new devices will get the policy after they register (see

for more info…)

Does that answer your question?