System requirements
Steps to set up Office 365 modern authentication for BlackBerry Dynamics apps
Enable modern authentication for the Mail service in BEMS
Enable modern authentication for the Docs service in BEMS
- Configuring Docs for Rights Management Services
  - Steps to deploy Azure IP Rights Management Services support for the Docs service
- Enable modern authentication for the SharePoint storage service
Configure BlackBerry Work for iOS and Android app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Work
Configure BlackBerry Work for Windows and macOS app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Work for Windows and macOS
Configure BlackBerry Notes and BlackBerry Tasks app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Tasks and BlackBerry Notes
Additional configuration options
- Configure single sign-on for BlackBerry Dynamics apps in BlackBerry UEM
Troubleshooting

Associate a certificate with the
Azure
app ID for
BEMS

You can request and export a new client certificate from your CA server or use a self-signed certificate.

Complete one of the following tasks:

Certificate	Task
If you are using an existing CA server	Request the certificate. The certificate that you request must include the app name in the subject of the certificate. Where <`app name`> is the name you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication. Export the public key of the certificate as a .cer or .pem file. The public key is used for the Azure app ID that is created. Export the private key of the certificate as a .pfx file. The private key is imported to the BEMS dashboard.
If you are using a self-signed certificate	Create a self-signed certificate using the New-SelfSignedCertificate command. For more information, visit docs.microsoft.com and read New-SelfSignedCertificate. On the computer running Microsoft Windows , open the Windows PowerShell . Enter the following command: $cert=New-SelfSignedCertificate -Subject "CN=<`app name`>" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature . Where <`app name`> is the name you assigned the app in step 5 of . The certificate that you request must include the Azure app name in the subject field. Press Enter . Export the public key from the Microsoft Management Console (MMC). Make sure to save the public certificate as a .cer or .pem file. The public key is used for the Azure app ID that is created. On the computer running Windows , open the Certificate Manager for the logged in user. Expand Personal . Click Certificates . Right-click the <`user`>@<`domain`> and click All Tasks > Export . In the Certificate Export Wizard , click No, do not export private key . Click Next . Select Base-64 encoded X.509 (.cer) . Click Next . Provide a name for the certificate and save it to your desktop. Click Next . Click Finish . Click OK . Export the private key from the Microsoft Management Console (MMC). Make sure to include the private key and save it as a .pfx file. For instructions, visit docs.microsoft.com and read Export a Certificate with the Private Key. The private key is imported to the BEMS dashboard. On the computer running Windows , open the Certificate Manager for the logged in user. Expand Personal . Click Certificates . Right-click the <`user`>@<`domain`> and click All Tasks > Export . In the Certificate Export Wizard , click Yes, export private key. . Click Next . Select Personal Information Exchange – PKCS #12 (.pfx) . Click Next . Select the security method. Provide a name for the certificate and save it to your desktop. Click Next . Click Finish . Click OK .

Upload the public certificate that you exported in step 1 to associate the certificate credentials with the

Azure

app ID for

BEMS

In portal.azure.com, open the <app name> you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication.

Click

Certificates & secrets

In the

Certificates

section, click

Upload certificate

In the

Select a file

search field, navigate to the location where you exported the certificate in step 2.

Click

Add

Section:

Enable modern authentication for the Mail service in BEMS

Associate a certificate with the Azure app ID for BEMS

Associate a certificate with the
Azure
app ID for
BEMS