Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Work 3.1
  3. BlackBerry Work, Notes, and Tasks Administration Guide for BlackBerry UEM
  4. Managing BlackBerry Work
  5. Configure BlackBerry Work app settings
  6. BlackBerry Work app configuration settings

BlackBerry Work
 app configuration settings

App Settings tab
Description
Autodiscover
If you select the "Enable automated Autodiscover" option, 
BlackBerry Work
 automatically discovers the 
Exchange ActiveSync
 server. 
Due to possible security vulnerabilities, it is not recommended that you select this option.
Authorized Email Domains
Select the "Display warning while sending message if the number of unauthorized recipient email domain(s) is" option if you want to display a warning message to users that attempt to send a message to the number of unauthorized domains specified in the drop-down list.
Select the "Display warning for received messages if the sender's email domain is unauthorized" option if you want to display a warning to users when they receive messages from senders that are not listed in the Authorized email domains list.
If you select either of the options above, specify a list of authorized email domains. Use a comma separated list, with no spaces, to specify authorized email domains. You can edit the sample text displayed in the warning message field.
External Email Marking
If you select the "Prepend tag to subject on external mails" option, the subject lines of email messages sent outside of the user's domain are prepended with the text specified in the Text to prepend field.
Avatar Photos
If you select the "Enable avatar photos" option, contact photographs are displayed in 
BlackBerry Work
. If this option is not selected, the user's initials are displayed instead of a photograph.
Presence Service
If you select the "Enable presence service" option, users can see the online status of their instant messaging contacts. Available settings:
  • Other Platforms: Select this option if your environment is configured to use 
    Microsoft Lync
    Cisco Jabber
    Skype for Business
     On-prem using trusted application mode, or 
    Skype for Business Online
    .
    If you want to configure 
    Skype for Business Online
    , you must configure the 
    Office 365
     Settings on the Advanced Configuration tab.
  • Skype for Business
     On-Prem - Non-trusted Application Mode
If this setting was enabled previously, the default setting is "Other platforms" and the drop-down shows "Select". 
Email Search
If you select the "Enable searching emails on server" option, users can search email messages on the server.
Diagnostics
If you select the "Allow users to perform app diagnostics" option, users can perform app diagnostics from the 
BlackBerry Dynamics Launcher
 on their devices.
BlackBerry Gatekeeping Service
If you select the "Use BlackBerry Gatekeeping Service" option, unauthorized devices are prevented from using 
Exchange ActiveSync
 unless they are explicitly added to the allowed list using the 
BlackBerry Gatekeeping Service
. To use the 
BlackBerry Gatekeeping Service
, you must create a gatekeeping configuration for the 
Microsoft Exchange Server
 or 
Microsoft Office 365
 and assign an email profile to users that has the automatic gatekeeping server selected. For details on how to configure the 
BlackBerry Gatekeeping Service
, see Controlling which devices can access Exchange ActiveSync.
Genoa Transformer Service for 
Domino
If you select the "Use Genoa Transformer Service to connect to IBM Domino" option, meeting invitations are received on devices as meetings.ics files instead of invite.ics. 
Notifications tab
Description
Select level of detail in Email notification
Select the level of detail that users see in email notifications. 
Available settings:
  • No notifications: Users don't receive notifications when email messages are received. 
  • No details in notification: Users see the default message notifications, "You have received a new message" and "You have received an invitation," in the email preview.
  • Sender only: Users see the sender's name in clear text with the default message notification in the email preview.
  • Sender and Message: Users see the sender's name and a preview of the email  message.
  • Sender, Subject, and Preview (
    Android
     only): Users see the Sender name, Subject of the email message, and a preview of the email message.  
The default setting is "Sender and Subject."
Select level of detail in Calendar notifications
Select the level of detail that users see in calendar notifications.
Available settings:
  • No notifications: Users don't receive notifications when calendar invitations are received. 
  • No details in notification: Users see the default message notifications, "You have received a new message" and "You have received an invitation," in the email preview.
  • Meeting Time only: Users see the meeting time in clear text with the default message notification.
  • Meeting Time and Subject: Users see the meeting time and subject of the meeting in the email preview.
  • Meeting Time, Subject and Location: Users see the meeting time, subject, and location of the meeting in the email preview.
  • Meeting Time, Subject, Location, and Preview (
    Android
     only): Users see the meeting time, subject, location, and a preview of the meeting description in the email preview. 
The default setting is "Meeting Time, Subject, and Location."
Select the "Show only generic notifications when app is locked (
Android
 only)" option to show only generic information in notifications if the app is locked.
Select the "Show notifications on connected wearable devices (
Android
 Wear only) option to display notifications on wearable 
Android
 devices. 
Select the "Enable widgets for 
BlackBerry Work
 app" to allow users to add widgets to 
iOS
 and 
Android
 devices. By default, this setting is enabled. If the widget policy is blocked and then unblocked, users must remove and then add the widget again to unblock it.
Additional options for notifications on 
Android
 Wear devices
Select whether there are additional notifications for 
Android
 Wear devices.
Available settings:
  • Notification for VIP Contacts
  • Notification for anyone 
  • Notification with voice reply for anyone 
When using a device outside of a controlled wireless network, wearables require higher communications security with respect to encryption, information integrity, and non-repudiation. Since wearable computers are quite small, most do not come equipped with higher security features and any data that is sent and received is vulnerable. Consequently, 
BlackBerry Work
's support for wearables is confined to notifications and reminders.
Apple Watch
 app
Select the "Enable 
BlackBerry Work
app on 
Apple Watch
 option to communicate between the device and the 
Apple Watch
This feature doesn't use the 
BlackBerry Dynamics
 Secure Container to secure the storage or communication between the device and 
Apple Watch
iOS
 App Icon Badge
Select the "Allow user to choose between “Unread Mails” and "New Mails" as their default Badge count on the App Icon" option to allow users to choose between displaying a badge count for unread and new email messages as their default badge count on the app icon. If this option is not selected, the app icon badge reflects the number of new email messages that were received since the user last closed the app, and the user cannot select “Unread Mails” as a badge count preference.
S/MIME tab
Description
Enhanced Security
Select the "Periodically require PIN entry to access SMIME capabilities" option if you want users to be required to periodically enter a PIN to use S/MIME.
Sending
In the "Default signing algorithm" drop-down list, select the algorithm to use for signing sent messages. 
In the "Default encryption algorithm" drop-down list, select the encryption algorithm to use.
Select the "Require all emails to be signed" and "Require all emails to be encrypted"  if you require that emails must be signed and/or encrypted.
Select the "Perform name checking for outgoing encrypted emails (verify email address in certificate matches recipient email address)" option to perform name checking. Name checking verifies that the email address in the certificate matches recipient's account.
Receiving
In the "Automatically download the body of S/MIME emails" drop-down list, select how the body of S/MIME email messages is downloaded. 
Wi-Fi
 is supported on 
Android
 devices only. If you select this option, 
iOS
 devices are set to "Never."
Select the "Perform name checking (verify email address in certificate matches user's account)" option to perform name checking. Name checking verifies that the email address in the certificate matches user's account.
Certificate Management
Specify when to clear the public certificate cache. By default, this setting is Weekly.   
Revocation Checking when the OCSP server is available
Select the "Enable revocation checking" option to enable revocation checks and specify the depth of certificate checking. Available settings:
  • Check entire certificate chain
  • Check user / client certificate only
Select the "Use AIA extension in certificate if present" option to use the AIA extension in certificates if present.
In the "Default OCSP URL" field, specify the default OCSP URL to use if the AIA extension cannot be used or it is not present in a certificate.
Address Book tab
Description
Address Book Sync
Select the "Allow syncing BlackBerry Contacts to device" option to synchronize contacts to devices and choose the fields that are synchronized. 
In the "Maximum length for notes" field, specify the maximum length for the notes field. By default, the maximum is 1024 characters.
Select the "Even if 
iCloud
 is enabled, allow syncing BlackBerry Contacts to device" option to allow synchronization to occur when 
iCloud
 is enabled.
Caller ID (BETA)
Select the "Allow device to use BlackBerry Contacts for Caller ID" option if you want to allow 
BlackBerry Work
 to access the user's 
BlackBerry Work
 contact list to display contact name for incoming and outgoing phone calls.
GAL Search
Specify the maximum number of results to display when searching the global address list (GAL).
Recipients
Specify whether caching is enabled. When caching is enabled, the cache is used to offer autocomplete suggestions for recipients during email composition.
Interoperability
Description
Camera and Device Photo Gallery permissions
Specify whether to allow access to the device camera, the photo gallery, or both. Available settings:
  • Allow access to camera and device photo gallery 
  • Allow access to camera only
  • No access to camera or device photo gallery
The default value is "Allow access to camera and device photo gallery." 
Voice
Select the "Tap a phone number to dial using native phone" option to allow users to use the native phone app on a device or select the "Tap a phone number to dial using entitled and installed GD VOIP apps" option to allow VOIP apps.
SMS
Select the "Tap SMS icon to initiate SMS using native SMS apps" option to specify whether to allow users to initiate their native SMS apps by tapping the SMS icon or select the "Tap SMS icon to initiate SMS using entitled and installed GD SMS apps" option to specify that users must use 
BlackBerry Dynamics
 SMS apps.
Misc
Specify whether to allow access to the user's native browser or native maps app.
Launch 3rd Party App (
iOS
 only)
Select the "Enable integration with 3rd party RSA SecurID app using CTF token seed" to enable two-factor authentication integration with a third-party 
RSA SecurID
 app using a CTF token seed.
Select the "Enable launching to 3rd party native apps (iOS only policy)" option to enable launching third-party native apps. When you enable native apps, enter the App URL scheme in the field. 
BlackBerry Work
 supports CTF-based and file-based provisioning using 
BlackBerry Access
, as well as CTF-based provisioning using a native
RSA SecurID
 app. For more information about configuring 
RSA
 soft-token authentication and provisioning the token seed record your organization sends to users, see the BlackBerry Access Administration Guide.
Launch 3rd Party App Universal link (
iOS
 only, BETA)
Universal links allow 
iOS
 users to be automatically redirected to an installed app without going through 
Safari
 when they click links in a website. If the app isn’t installed on the device, the link opens the website in 
Safari
.
You can specify a list of universal links that users can open from 
BlackBerry Work for iOS
. If you add a universal link to this list, the link will redirect to the appropriate app if it is installed on a user's device. If a user clicks on a universal link that is not added to this list, the link will not be redirected to an app and will open in 
Safari
, even if the app is installed on a user's device.
To add multiple URLs, insert a carriage return between each URL that you want to add.
Allow 3rd Party App to Send Mail
Select the "Enable sending mail from BlackBerry Work via mailto:/gmmmailto:/gwmailto:" option to specify whether email messages can be sent using mailto:/gmmmailto:/gwmailto
File Transfer Privileges
Select the "Enable exporting to 3rd-party native apps" option to specify whether to allow the transfer of files to third-party native apps on the user's device. You can allow and disallow specific apps by app ID.
Select the "Enable Importing from 3rd-party native apps (iOS 12 and below and Android)" option to allow the import of files from third-party native apps on the user's device. You can allow and disallow specific apps by app ID.
Select the "Enable Importing from 3rd-party native apps (iOS 13 and above only)" option to allow the import of files from third-party native apps on the user's device. 
Skype for Business
If you are currently using 
Skype for Business
 2015 or later in your environment, you can allow users to add meetings and join meetings directly from their calendars.
Select the "Allow to create Skype For Business meetings in calendar" option to allow users to add 
Skype for Business
 meetings to their calendars.
Select the "Allow launching into Skype for Business app on mobile" option to allow users to make voice and video calls and to be able to join 
Skype for Business
 meetings directly from a calendar invitation. The meeting is automatically opened in the 
Skype for Business
 client and users must have the 
Skype for Business
 client installed on their devices. 
In the 
Domain of Skype for Business meeting link
 field, enter the fully qualified domain name or the domain-only portion of the 
Skype for Business
 meeting server to allow internal users to use the Join meeting button in the event details. For example, meet.example.com or example.com. By entering this domain name, 
BlackBerry Work
 can locate which meeting link to capture from the meeting invitation if it is different from the user's email address domain.
Docs and Attachments tab
Description
Docs Repository
Specify whether to enable a file repository on the device, local or server docs repositories, and 
Box
, and whether to force users to save pending uploads.
Note: By default users are alerted about any pending uploads every 24 hours. If Forced Pending Uploads Policy is selected, users are blocked from taking any document related actions in 
BlackBerry Work
 until all files are successfully uploaded to the server.
Sending Attachments
Specify whether to allow outgoing attachments and specify the maximum size and the file extensions that are allowed or disallowed.
Receiving/Opening Attachments
Specify whether to allow incoming attachments and specify a maximum size and the file extensions that are allowed or disallowed.
Classification tab
Description
Email classification
Specify whether to enable email classification markings, such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY. To edit the XML classes, select and delete the code that you want to remove. For more information on classifications, including an example, see Email classifications .
After you have enabled email classifications, you can select the "Require all emails to have Email Classification" option to force all email messages to include a classification setting.
Basic Configuration tab
Description
Security Settings
Select the "Use Kerberos Constrained Delegation in place of login/password" option to specify whether 
Kerberos
 Constrained Delegation will be used for logging in to 
Microsoft Exchange
. If this option is not selected, NTLM/Basic authentication will be used. 
Select the "Use client certificate in place of login/password" option to specify whether clients must have individual login certificates (SSL) uploaded to the 
BlackBerry UEM
 management console. These certificates are used for login instead of basic credentials (username/password).
Enterprise Server Settings
In the Server List Reshuffle Period (minutes) field, specify the frequency that the server list, if present, is reshuffled for load balancing purposes.
In the Server List Quarantine Period (minutes) field, specify how long 
BlackBerry Work
 waits before retrying if 
BlackBerry UEM
 is not working.
Client Settings
In the Sync Email Body Size (Kb) field, specify the size, in KB, of the partial message body downloaded from the server if the user selects the option to download partial message content. 
Select the "Use BEMS to perform AutoDiscover of the EAS/EWS endpoint for the user" option to specify that the client will use the 
BlackBerry
 Server Autodiscover service to determine the EAS/EWS endpoint for the user. 
Select the "Create and consume rights-managed email messages option" to specify that Information Rights Managements (IRM) must be enabled for user mailboxes on 
Microsoft Exchange
.
Other Settings
In the Send Feedback Email Address field, specify the email address where client feedback email messages are sent. Add multiple comma delimited recipients as needed. 
In the Report Phishing Email Address field, specify whether users can report emails as phishing. The reported emails are forwarded to the email address provided in this field then moved to Trash folder.
Account Setup
When the "Skip Email Short Form Setup" option is selected, users must input their 
Microsoft Active Directory
 usernames, passwords, and domains during device activation.
ActiveSync
 and Auto Discover Authentication Methods (
iOS
 Only)
Specify the authentication methods to use. If only certain authentication methods are supported from 
Microsoft Exchange
, set those values to minimize the user setup time. (For example, if Auto Discover and 
ActiveSync
 IIS Auth Settings are set to allow only NTLM and Basic, then de-select Negotiate in above app setting.) If none are selected, the default 
Microsoft Exchange
 setting is used. If using client-based authentication, check none of the options.
Exchange Web Services Authentication Methods (
iOS
 Only)
Specify the authentication methods to use. If only certain authentication methods are supported from 
Microsoft Exchange
, set those values to minimize the user setup time. (For example, if EWS IIS Auth Setting is set to allow only NTLM, then select only NTLM above for an optimal setup experience.) If none are selected above, the default 
Microsoft Exchange
 setting is used. If using client-based authentication, check none of the options.
Exchange Web Services Settings
Specify the 
Microsoft Exchange Web Services
 URL endpoint (for example, https://mydomain.com/EWS/Exchange.asmx). If you select the "Disable Exchange Web Services" option, all 
Microsoft Exchange Web Services
 activities, including calendar forward and calendar attachment, are disabled. 
Exchange ActiveSync
 Settings
In the Default Domain field, specify the 
Windows NT
 Domain to try automatically when logging in. If your server uses newer UPN (email@host.com) style login instead of the older (domain\user) style login, this field should be left blank. 
In the ActiveSync Server field, specify the default 
Microsoft Exchange
 Server to connect to (for example, cas.mydomain.com). 
In the Autodiscover URL field, specify the auto discover URL if known. This speeds up the auto discover setup process (for example, https://autodiscover.<
mydomain
>.com/autodiscover/autodiscover.xml).
In the Autodiscover Connection Timeout in Seconds (iOS only) field, specify the timeout setting for 
iOS
 devices.
Advanced Settings
Specify additional configuration parameters in this text area. Contact 
BlackBerry
 Support for more details.
Advanced Configuration tab
Description
ActiveSync
 User Name Formats (
iOS
 Only)
Select the username formats that can be used to authenticate with your 
Exchange ActiveSync
 server. Available settings:
  • UPN
  • Domain\UserId
  • SMTP
To simplify user setup time, select only the username formats that are supported by your 
Exchange ActiveSync
 server.
If you do not select an option, all options are allowed.
Exchange Web Services User Name Formats (
iOS
 Only)
Select the username formats that can be used to authenticate with 
Microsoft Exchange Web Services
. Available settings:
  • UPN
  • Domain\UserId
  • SMTP
To simplify user setup, select only the username formats that are supported by 
Microsoft Exchange Web Services
.
If you do not select an option, all options are allowed.
TLS Certificate Settings
Specify the user credential profile that contains the TLS certificate to be used to connect to 
Microsoft Exchange
. The name of the profile that you specify here must match the name of the user credential profile that was created in the 
BlackBerry UEM
 management console.
For more information on user credential profiles, see Using user credential profiles to send certificates to devices.
Email Sync Window
In the "Maximum Email Sync Window Allowed" drop-down list, specify the number of days in the past to synchronize email messages to devices. If the setting on a device allows for more days than the server setting, the server setting is used and email messages that are older than the server setting are removed from the device. If the setting on the device allows fewer days than the server setting, the setting on the device remains the same. The user can change the setting on the device to fewer days than the server setting.
Background Authorization (
iOS
 only)
Select a time to allow the 
BlackBerry Work
 app to synchronize email in the background periodically. Decreasing the duration between the time that email synchronizes ensures that the user's inbox is up to date when they open the app.
Shared Mailboxes
Select the "Enable access to Shared Mailboxes" option if you want to allow users to add a user mailbox that they are a delegate for, or a shared mailbox that they have been granted access to, in 
BlackBerry Work
. If this option is disabled after shared mailboxes have been added, existing shared mailboxes are removed, and they are not restored if the setting is enabled again. Also, if a user attempts to add a shared mailbox when this option is disabled, they will not be able to add the mailbox and will see a message in the 
BlackBerry Work
 app stating that they must contact their administrator.
For users to be able to receive notifications for user mailboxes that have been delegated, 
BEMS
 2.10 or later is required. For users to be able to receive notifications from their shared mailboxes, 
BEMS
 2.12 or later is required.
Office 365
 Settings
Select the "Use 
Office 365
 Settings" option to configure options for 
Microsoft Office 365
. If selected, specify the following:
  • Select the "Use 
    Office 365
     Modern Authentication" option to use modern authentication instead of basic authentication. Modern authentication enables 
    BlackBerry Work
     to use sign-in features such as Multi-Factor Authentication, SAML-based third-party Identity Providers, and smart card and certificate-based authentication.
  • In the 
    Azure
     App ID field, specify the 
    Microsoft Azure
     app ID for 
    BlackBerry Work
    . For information on how obtain an 
    Azure
     ID, see Obtain an Azure app ID for BlackBerry Work.
  • In the 
    Office 365
     Sign On URL field, specify the web address that 
    BlackBerry Work
     should use when signing in to 
    Office 365
    . If you do not specify a value, 
    BlackBerry Work
     will use https://login.microsoftonline.com during setup.
  • In the "
    Office 365
     Tenant ID" field, specify the tenant ID of 
    Office 365
     server that you want 
    BlackBerry Work
     to connect to during setup. If you do not specify a value, a value of "common" is used.
  • In the "
    Office 365
     Resource" field, specify the URL of the 
    Microsoft Exchange Online
     server. 
  • In the Redirect URI field, specify the URI that you entered in the 
    Microsoft Azure
     portal.
  • In the "Exchange User Name Format" section, select UPN to use a UPN user name format instead of SMTP when authenticating with 
    Microsoft Exchange Online
    . Depending on your environment, if your users are configured with UPNs that are different from their email address, you might need to enable "Use explicit UPN" property. This requires 
    BlackBerry UEM
     12.11 or later. For more information, see the BlackBerry UEM Configuration content.  To enable the UPN feature for 
    BlackBerry Work
    Docs
    , this feature requires 
    BlackBerry Work
     2.21 or later.  
  • Select the "Use Office 365 Modern Authentication for Presence" option to use modern authentication with the 
    Presence
    service. The "Enable presence service" option must also be selected.
  • In the "Office 365 Presence Resource" field, enter the app ID for your 
    Presence
    service. For more information about how to get an app ID for your 
    Presence
    service, see Obtain an Azure app ID for the Connect, Presence, and Docs component service.
  • Select the "Proxy 
    Office 365
     Modern Authentication requests (
    Android
     only)" setting to force all 
    Office 365
     Modern Authentication requests to go through the 
    BlackBerry Proxy
     instead of connecting directly to the Internet
Performance Reporting tab
Description
Enable Performance Reporting
Select this option, to specify whether to monitor performance of the BlackBerry Work app.  
HTTP Connection Error
Select the "Enable reporting of HTTP connection errors" options to specify whether to report HTTP connection errors between BlackBerry Work and the specified application servers.
HTTP Response Time
Select the "Report HTTP responses taking long time" option to specify whether to report HTTP responses that are taking longer than the specified time. Enter the application server addresses to monitor.
HTTP Status Code
Select the "Report HTTP status codes received" option to specify whether to report a specified HTTP status code. Enter the application server addresses to monitor 
Don't send reports for duration (in seconds)
Specify the amount of time to wait before sending another report.
Deprecated tab
Description
Use heritage settings 
Select the "Devices should use values described below for 
Presence
 and 
Docs
 servers. Selecting this option requires that the following configurations are completed:
  • BlackBerry Work
     is added to the 
    BlackBerry Dynamics
     Connectivity Profile App Servers section. For more information, visit support.blackberry.com/community to read article 47950.
  • Specifying the preferred 
    Presence
     Server configuration
  • Specifying preferred 
    Docs
     Server configuration
Preferred 
Presence
 Server Configuration
Type the FQDN of the computers that host the 
BEMS-Presence
 service. If you have multiple servers, separate the names using commas, not spaces (for example, domain01.example.com:8443,domain02.example.com:8443).
Preferred 
Docs
 Server Configuration
Type the FQDN of the computers that host the 
BEMS-Docs
 service. If you have multiple servers, separate the names using commas, not spaces (for example, domain01.example.com:8443,domain02.example.com:8443).
Exchange ActiveSync
 16.0 Protocol (Moved to the Deprecated tab)
If supported by your 
Microsoft Exchange
 server, specify whether to use 
Exchange ActiveSync
 version 16 for synchronization between 
Microsoft Exchange
 and 
BlackBerry Work
 version 2.14 or earlier.
This setting must be enabled if you want to allow users to be able to synchronize their Drafts folder to 
BlackBerry Work
 version 2.14 or earlier. For more information on how to synchronize the Drafts folder, see KB50339 Synchronizing draft messages in 
BlackBerry Work
.
This policy does not apply to 
BlackBerry Work
 version 2.15 or later as this version will automatically upgrade to 
Exchange ActiveSync
 version 16 if supported by your organization's 
Microsoft Exchange
 server. After upgrading to  
BlackBerry Work
 version 2.15, users will see a message that tells them that  
BlackBerry Work
 must resynchronize with their  
Microsoft Exchange
 server. Documents stored in Local Docs and user preferences are retained and are not impacted. After the resynchronization completes, users will be able to synchronize their Drafts folder to 
BlackBerry Work
.
Security Settings
Select the "Disable SSL Cetificate Checking" option to disable SSL Certificate verification for 
Exchange ActiveSync
/
Microsoft Exchange Web Services
 in test environments.