System requirements
Steps to set up Office 365 modern authentication for BlackBerry Dynamics apps
Configure BlackBerry Work for iOS and Android app settings for Office 365 modern authentication
Enable modern authentication for the Mail service in BEMS
Enable modern authentication for the Connect and Presence services in BEMS
Obtain an Azure app ID for the BEMS-Connect, BEMS-Presence, and BEMS-Docs component service
Enable modern authentication for the Docs service in BEMS
Configure BlackBerry Work for Windows and macOS app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Work for Windows and macOS
Configure BlackBerry Notes and BlackBerry Tasks app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Tasks and BlackBerry Notes
Configuring Good Enterprise Services in BlackBerry UEM
- Verify that Good Enterprise Services are available in BlackBerry UEM
- Add the BEMS instance to the Good Enterprise Services and BlackBerry Work entitlement app
Additional configuration options
- Configure single sign-on for BlackBerry Access in BlackBerry UEM
- Configure alternate login and Office 365 resource URLs
Troubleshooting

Associate a certificate with the
Azure
app ID for
BEMS

You can request and export a new client certificate from your CA server or use a self-signed certificate. The private key must be in .pfx format to upload to the

BEMS

dashboard. For more information, see Configure BEMS to communicate with the Microsoft Exchange Server or Microsoft Office 365. The public key can be exported as a .cer or .pem file to upload to

Microsoft Azure

Complete one of the following tasks:

Certificate	Task
If you are using an existing CA server	Request the certificate. The certificate that you request must include the app name in the subject of the certificate. Where <`app name`> is the name you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication. Export the public key of the certificate as a .cer or .pem file. The public key is used for the Azure app ID that is created. Export the private key of the certificate as a .pfx file. The private key is imported to the BEMS dashboard.
If you are using a self-signed certificate	Create a self-signed certificate using the New-SelfSignedCertificate command. For more information, visit docs.microsoft.com and read New-SelfSignedCertificate. On the computer running Microsoft Windows , open the Windows PowerShell . Enter the following command: $cert=New-SelfSignedCertificate -Subject "CN=<`app name`>" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature . Where <`app name`> is the name you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication. The certificate that you request must include the Azure app name in the subject field. Press Enter . Export the public key from the Microsoft Management Console (MMC). Make sure to save the public certificate as a .cer or .pem file. The public key is used for the Azure app ID that is created. On the computer running Windows , open the Certificate Manager for the logged in user. Expand Personal . Click Certificates . Right-click the <`user`>@<`domain`> and click All Tasks > Export . In the Certificate Export Wizard , click No, do not export private key . Click Next . Select Base-64 encoded X.509 (.cer) . Click Next . Provide a name for the certificate and save it to your desktop. Click Next . Click Finish . Click OK . Export the private key from the Microsoft Management Console (MMC). Make sure to include the private key and save it as a .pfx file. For instructions, visit docs.microsoft.com and read Export a Certificate with the Private Key. The private key is imported to the BEMS dashboard. On the computer running Windows , open the Certificate Manager for the logged in user. Expand Personal . Click Certificates . Right-click the <`user`>@<`domain`> and click All Tasks > Export . In the Certificate Export Wizard , click Yes, export private key. . Click Next . Select Personal Information Exchange – PKCS #12 (.pfx) . Click Next . Select the security method. Provide a name for the certificate and save it to your desktop. Click Next . Click Finish . Click OK .

Upload the public certificate (.pem or .cer file) that you exported in step 1 to associate the certificate credentials with the

Azure

app ID for

BEMS

In portal.azure.com, open the <app name> you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication.

Click

Certificates & secrets

In the

Certificates

section, click

Upload certificate

In the

Select a file

search field, navigate to the location where you exported the certificate in step 2.

Click

Add

Section:

Enable modern authentication for the Mail service in BEMS

Associate a certificate with the Azure app ID for BEMS

Associate a certificate with the
Azure
app ID for
BEMS