Skip to content
Big Picture

Endpoint Management Tools

Big Picture integrates with endpoint management tools to enable IT-controlled software deployment. When tenant policy is set to MANAGED_BY_IT mode, Big Picture provides artifacts and metadata for endpoint management tools to deploy software.

How Endpoint Management Integration Works

Section titled “How Endpoint Management Integration Works”

Endpoint management tools integrate with Big Picture when tenant policy requires IT-managed deployment:

  1. Tenant policy — Tenant policy set to MANAGED_BY_IT mode
  2. Artifact metadata — Big Picture provides artifacts and deployment metadata
  3. IT deployment — Endpoint management tools deploy software using provided metadata
  4. Update decisions — Big Picture continues to govern releases and update policies

Big Picture does not replace endpoint management tools. Instead, it provides release governance and update decisions while endpoint management tools handle deployment scheduling and execution.

MANAGED_BY_IT Mode

Section titled “MANAGED_BY_IT Mode”

When tenant policy is set to MANAGED_BY_IT:

  • Big Picture client does not self-update
  • Artifacts and metadata are provided for IT deployment
  • Update decisions indicate available releases
  • IT tools query Big Picture for release information

This mode enables IT teams to control deployment timing and methods while maintaining vendor-controlled release governance.

Supported Tools

Section titled “Supported Tools”

Big Picture provides integration support for:

  • Microsoft Intune — Windows app deployment via Intune Management Extension
  • Microsoft SCCM — Configuration Manager deployment
  • Other tools — Any tool that can consume artifact URLs and metadata

Integration Pattern

Section titled “Integration Pattern”

Query Release Information

Section titled “Query Release Information”

Endpoint management tools query Big Picture for available releases:

Terminal window
curl -X GET "${BP_BASE_URL}/v1/tenants/${TENANT_ID}/update-decisions" \
  -H "Authorization: Bearer $BP_API_TOKEN"

Retrieve Artifact Metadata

Section titled “Retrieve Artifact Metadata”

Tools retrieve artifact metadata including URLs, checksums, and platform information:

{
  "product_id": "prod_xyz789",
  "current_version": "1.0.0",
  "available_version": "1.1.0",
  "artifacts": [
    {
      "artifact_id": "art_abc123",
      "platform": "windows",
      "arch": "x86_64",
      "installer_type": "msi",
      "download_url": "https://...",
      "sha256": "abc123...",
      "size_bytes": 12345678,
      "requires_admin": true
    }
  ]
}

Deploy Software

Section titled “Deploy Software”

Tools download artifacts and deploy using their standard deployment methods.

Microsoft Intune Integration

Section titled “Microsoft Intune Integration”

Intune integrates with Big Picture to deploy Win32 apps when MANAGED_BY_IT mode is enabled.

Integration Overview

Section titled “Integration Overview”
  • Big Picture provides artifacts and metadata for Intune Win32 app packaging
  • Intune deploys apps using Intune Management Extension (IME)
  • Mirrors can be hosted inside regulated networks
  • Big Picture exports packages/metadata for Intune workflows

Use Cases

Section titled “Use Cases”
  • Enterprise customers requiring IT-controlled deployment
  • Regulated environments with strict deployment controls
  • Organizations using Intune for endpoint management

Microsoft SCCM Integration

Section titled “Microsoft SCCM Integration”

SCCM integrates with Big Picture to deploy software when MANAGED_BY_IT mode is enabled.

Integration Overview

Section titled “Integration Overview”
  • Big Picture provides artifacts and metadata for SCCM deployment
  • SCCM deploys software using standard SCCM deployment methods
  • Mirrors can be hosted inside regulated networks
  • Big Picture exports packages/metadata for SCCM workflows

Use Cases

Section titled “Use Cases”
  • Enterprise customers using SCCM for endpoint management
  • Regulated environments requiring IT-controlled deployment
  • Organizations with existing SCCM infrastructure

Configuration

Section titled “Configuration”

Tenant Policy

Section titled “Tenant Policy”

Configure tenant policy to enable MANAGED_BY_IT mode:

Terminal window
curl -X PUT "${BP_BASE_URL}/v1/tenants/${TENANT_ID}/policy" \
  -H "Authorization: Bearer $BP_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "update_action": "MANAGED_BY_IT"
  }'

API Access

Section titled “API Access”

Endpoint management tools require API access:

  • Service account with license:read and mirrors:read scopes
  • API token stored securely in endpoint management tool
  • Network access to Big Picture API endpoints

Best Practices

Section titled “Best Practices”
  1. Policy configuration — Set tenant policy to MANAGED_BY_IT when IT deployment is required
  2. Metadata consumption — Use Big Picture metadata for deployment decisions
  3. Artifact verification — Verify artifact checksums before deployment
  4. Network access — Ensure endpoint management tools can access artifact URLs
  5. Mirror configuration — Configure mirrors for regulated environments

Troubleshooting

Section titled “Troubleshooting”

Artifacts not accessible — Verify artifact URLs are accessible from endpoint management tool networks

Metadata not available — Check tenant policy is set to MANAGED_BY_IT

Deployment failures — Verify artifact checksums and installer compatibility

Section titled “Related Documentation”