Get the PDF

System requirements
Steps to set up Office 365 modern authentication for BlackBerry Dynamics apps
Configure BlackBerry Work for iOS and Android app settings for Office 365 modern authentication
Enable modern authentication for the Mail service in BEMS
Enable modern authentication for the Connect and Presence services in BEMS
Obtain an Azure app ID for the BEMS-Connect, BEMS-Presence, and BEMS-Docs component service
Enable modern authentication for the Docs service in BEMS
Configure BlackBerry Work for Windows and macOS app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Work for Windows and macOS
Configure BlackBerry Notes and BlackBerry Tasks app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Tasks and BlackBerry Notes
Configuring Good Enterprise Services in BlackBerry UEM
- Verify that Good Enterprise Services are available in BlackBerry UEM
- Add the BEMS instance to the Good Enterprise Services and BlackBerry Work entitlement app
Additional configuration options
- Configure single sign-on for BlackBerry Access in BlackBerry UEM
- Configure alternate login and Office 365 resource URLs
Troubleshooting

Import non-public certificates to
BEMS

You can use the following steps to import certificate authority certificates into the

Java

cacerts keystore as an alternative to uploading certificate authority certificates into the

BEMS

database using the Dashboard. Some

BEMS

features may not support verifying certificate trusts using certificates stored in the database (for example, the

Presence

service for on-premises

Skype for Business

using non-trusted application mode).

If necessary, verify the

Java

bin directory is correctly specified in your environment PATH.

In a command prompt, type

set | findstr "JAVA_HOME"

Press

Enter

In the command prompt, type

set | findstr "Path"

Press

Enter

Verify that the JAVA_HOME System variable is set to the correct

Java

directory and that the PATH System variable includes the path to the same

Java

directory. For instructions about setting the JAVA_HOME and PATH system variables, see .

Obtain a copy of the non-public CA certificate from the server that

BEMS

must communiate with. For more information, contact your administrator of your

Microsoft Exchange Server

, , or

Microsoft SharePoint

servers.

On the

BEMS

host, make a backup of the

Java

keystore file. By default, the

Java

keystore file is located at

%JAVA_HOME%\lib\security\cacerts

, where JAVA_HOME is confirmed in step 1.

Copy the non-public CA certificate to the

Java

keystore directory in step 3.

Open a command prompt and change directory to the

Java

keystore directory in step 3.

Type the following command to import the non-public CA certificate into the

Java

keystore:

keytool -importcert -trustcacerts -alias <your_cert_alias> -file <your_cert>.cer -keystore cacerts -storepass changeit

Where your_cert_alias is the unique name that you are assigning the certificate in the cacerts file. This alias cannot already exist in the cacerts file.

Where your_cert is the file name of the non-public certificate. If this is the path to the file, add quotation marks (" ") around the full path, filename, and extension.

Repeat Steps 2 to 6 for each non-public CA certificate.

In the

Windows

Service Manager, restart the

Good Technology Common Services

service.

Import non-public certificates to BEMS

Import non-public certificates to
BEMS