Get the PDF

System requirements
Steps to set up Office 365 modern authentication for BlackBerry Dynamics apps
Configure BlackBerry Work for iOS and Android app settings for Office 365 modern authentication
Enable modern authentication for the Mail service in BEMS
Enable modern authentication for the Connect and Presence services in BEMS
Obtain an Azure app ID for the BEMS-Connect, BEMS-Presence, and BEMS-Docs component service
Enable modern authentication for the Docs service in BEMS
Configure BlackBerry Work for Windows and macOS app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Work for Windows and macOS
Configure BlackBerry Notes and BlackBerry Tasks app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Tasks and BlackBerry Notes
Configuring Good Enterprise Services in BlackBerry UEM
- Verify that Good Enterprise Services are available in BlackBerry UEM
- Add the BEMS instance to the Good Enterprise Services and BlackBerry Work entitlement app
Additional configuration options
- Configure single sign-on for BlackBerry Access in BlackBerry UEM
- Configure alternate login and Office 365 resource URLs
Troubleshooting

Obtain an
Azure
app ID for
BEMS
with credential or passive authentication

If you need to obtain multiple

Azure

app IDs (for example,

Docs

BlackBerry Work

, and

BlackBerry Connect

), it is recommended that you create a separate app ID for each app.

In the left column, click

Azure Active Directory

Click

App registrations

Click

New registration

In the

Name

field, enter a name for the app.

Select a supported account type.

In the

Redirect URI

section, in the drop-down list, select

Web

and enter

https://localhost:8443

Click

. The new registered app appears.

In the

Manage

section, click

API permissions

Click

Add a permission

In the

Select an API

section, click

Microsoft APIs

tab.

Click

Exchange

Set the following permissions for

Microsoft Exchange Web Services

Delegated permissions: Access mailboxes as the signed-in user via Exchange Web Services (

EWS > EWS.AccessAsUser.All

)

Select the

Add permissions

Click

Add a permission

Click

Microsoft Graph

. If the

Microsoft Graph

API permission is not listed, add

Microsoft Graph

Set the following permissions for

Microsoft Graph

Delegated permissions: Sign in and read user profile (

User > User.Read

Click one of the following:

If the

Microsoft Graph

API permission existed in the API permissions list, click

Update permissions

If you needed to add the

Microsoft Graph

API permission, click

Create

Click

Add a permissions

Click

Grant admin consent

. Click

Yes

This step requires tenant administrator privileges.

To allow autodiscovery to function as expected, set the authentication permissions.

In the

Manage

section, click

Authentication

Under the

Implicit grant

section, select the

ID Tokens

checkbox.

In the

Default client type

, select

Yes

Click

Save

Click

Overview

. Copy the Application (client) ID
. The Application (client) ID is displayed in the main Overview
page for the specified app. This is used as the Client application ID
when you enable modern authentication and configure

BEMS

to communicate with

Microsoft Office 365

Section:

Enable modern authentication for the Mail service in BEMS

Obtain an Azure app ID for BEMS with credential or passive authentication

Obtain an
Azure
app ID for
BEMS
with credential or passive authentication