- Getting started
- Supported features by device type
- Managing BlackBerry Dynamics apps in BlackBerry UEM
- BlackBerry devices powered by Android
- Device management options
- Managing devices beyond smartphones, tablets, and laptops
- Managing wearable devices
- Managing Apple TV devices
- What is the BlackBerry UEM Client?
- What is BlackBerry UEM Self-Service?
- BlackBerry Enterprise Mobility Suite services
- Log in to BlackBerry UEM
- Administrators
- Steps to set up UEM administration
- Setting console login options
- Customizing the appearance of the consoles
- Create website bookmarks in the consoles
- Change the language for automated email messages
- Creating and managing administrator roles
- Create an administrator
- Change role membership for administrators
- Set the session timeout parameters
- Delete an administrator
- Using profiles, variables, and email templates
- Wi-Fi, VPN, BlackBerry Secure Connect Plus, and other work connections
- Steps to set up work connections for devices
- Best practice: Creating work connection profiles
- Setting up work Wi-Fi networks for devices
- Setting up work VPNs for devices
- Setting up proxy profiles for devices
- Using enterprise connectivity and BlackBerry Secure Connect Plus for connections to work resources
- Steps to enable BlackBerry Secure Connect Plus
- Server and device requirements
- Load balancing and high availability for BlackBerry Secure Connect Plus
- BlackBerry Secure Connect Plus and the BlackBerry Connectivity Node
- Enabling and configuring enterprise connectivity and BlackBerry Secure Connect Plus
- Create an enterprise connectivity profile
- Enable BlackBerry Secure Connect Plus
- Specify the DNS settings for the BlackBerry Connectivity app
- Optimize secure tunnel connections for Android devices that use BlackBerry Dynamics apps
- Direct BlackBerry 10 work space traffic through BlackBerry Secure Connect Plus when a Wi-Fi network is available
- Troubleshooting BlackBerry Secure Connect Plus
- Setting up network connections for BlackBerry Dynamics apps
- Using BlackBerry 2FA for secure connections to critical resources
- Setting up single sign-on authentication for devices
- Filtering web content on iOS devices
- Managing email and web domains for iOS devices
- Create an AirPrint profile
- Configuring AirPlay profiles for iOS devices
- Controlling network usage for work apps on iOS devices
- Email, calendar, and contacts
- Setting up work email for devices
- Using Exchange Gatekeeping
- Setting up CardDAV and CalDAV profiles for iOS and macOS devices
- Certificates
- Steps to use certificates
- Integrating BlackBerry UEM with your organization's PKI software
- Connect BlackBerry UEM to your organization’s Entrust software
- Connect BlackBerry UEM to your organization’s Entrust IdentityGuard server to use smart credentials
- Connect BlackBerry UEM to your organization's OpenTrust software
- Connect BlackBerry UEM to your organization’s BlackBerry Dynamics PKI Connector
- Connect BlackBerry UEM to your organization’s app-based PKI solution
- Providing client certificates to devices
- Sending certificates to devices using profiles
- Choosing profiles to send client certificates to devices
- Sending CA certificates to devices
- Using user credential profiles to send certificates to devices
- Create a user credential profile to manually upload certificates
- Create a user credential profile to connect to your organization's PKI software
- Create a user credential profile to use Entrust smart credentials on devices
- Create a user credential profile to connect to your BlackBerry Dynamics PKI connector
- Renew certificates that are enrolled through the BlackBerry Dynamics PKI connector
- Creating user credential profiles for app-based certificates
- Create a user credential profile to use certificates from the native keystore on Android devices
- Using SCEP to send client certificates to devices
- Sending the same client certificate to multiple devices
- Specify the certificate used by an app
- Device policies, standards, and compliance
- Steps to set up your organization's policies and standards for devices
- Managing devices with IT policies
- Controlling BlackBerry Dynamics on users devices
- Enforcing compliance rules for devices
- Configuring the Enterprise Management Agent
- Limiting devices to a single app
- Controlling the software releases that are installed on devices
- Displaying organization information on devices
- Using location services on devices
- Turning off notifications outside of work hours
- Managing iOS features using custom payload profiles
- Configure the layout of apps on supervised iOS devices
- Setting up Windows Information Protection for Windows 10 devices
- Apps
- Adding apps to the app list
- Adding public apps to the app list
- Add a BlackBerry 10 app to the app list
- Add an iOS app to the app list
- Add an Android app to the app list if BlackBerry UEM is not configured for Android Enterprise devices
- Add an Android app to the app list if BlackBerry UEM is configured for Android Enterprise devices
- Add a Windows 10 app to the app list
- Add public BlackBerry Dynamics apps to the app list
- Adding internal apps to the app list
- Steps to add internal apps to the app list
- Specify the shared network location for storing internal apps
- Add an internal app to the app list
- Add an internal BlackBerry Dynamics app entitlement
- Upload BlackBerry Dynamics app source files
- Host an internal app for devices with an Android work profile in Google Play using the .apk file
- Host an internal app for Android Enterprise devices in BlackBerry UEMusing a .json file
- Update an internal app
- Update an internal app for Android devices with a work profile in BlackBerry UEM using a .json file
- Adding or changing an app configuration
- Adding app shortcuts
- Adding public apps to the app list
- Preventing users from installing specific apps
- Managing apps on the app list
- Delete an app from the app list
- Change whether an app is required or optional
- Device notifications for new and updated apps
- App behavior on iOS devices
- App behavior on Android devices
- App behavior on Android Enterprise devices
- App behavior on Samsung KNOX devices
- App behavior on BlackBerry devices
- App behavior on Windows 10 devices
- Managing app groups
- View the status of apps and app groups assigned to user accounts
- View which apps are assigned to user groups
- Viewing and customizing the apps list
- Update the app list
- Update app permissions for Android Enterprise apps
- Accept app permissions for Android Enterprise apps
- Set runtime app permissions for Android work apps
- Managing BlackBerry Dynamics apps
- Managing apps protected by Microsoft Intune
- Managing Apple VPP accounts
- Rank app installation
- Viewing personal app lists
- Rating and reviewing apps
- Managing the Work Apps icon for iOS devices
- Managing notifications for apps on supervised iOS devices
- Set the organization name for BlackBerry World
- Managing apps on BlackBerry OS devices
- Preparing to distribute BlackBerry Java Applications
- Configuring application control policies
- Application control policies for unlisted applications
- Creating software configurations
- Install BlackBerry Java Applications on a BlackBerry OS device at a central computer
- View the users that have a BlackBerry Java Application installed on their BlackBerry OS devices
- Reconciliation rules for conflicting settings in software configurations
- Adding apps to the app list
- Users and groups
- Steps to create groups and user accounts
- Creating user roles
- Creating and managing user accounts
- Create a user account
- Creating user accounts from a .csv file
- View a user account
- Add notes to a user account
- Manage multiple user accounts at one time
- Send an email to users
- Send a BlackBerry UEM Self-Service password to multiple users
- Edit user account information
- Synchronize information for a directory user
- Remove services from a user
- Enable services for a user
- Delete a user account
- Add users to user groups
- Remove a user from a user group
- Change which user groups a user belongs to
- Assign a profile or IT policy to a user account
- Add a client certificate to a user account
- Change a client certificate for a user account
- Renew or remove a BlackBerry Dynamics certificate for a user account
- Add a client certificate to a user credential profile
- Change a client certificate for a user credential profile
- Assign an app to a user account
- Assign an app group to a user account
- Assign a BlackBerry OS IT policy, profile, or software configuration to a user account
- View the resolved BlackBerry OS IT policy rules that are assigned to a user account
- Creating and managing user groups
- Creating directory-linked groups
- Create a local group
- View a user group
- Change the name of a user group
- Delete a user group
- Add nested groups to a user group
- Remove nested groups from a user group
- Assign a profile or IT policy to a user group
- Assign an app to a user group
- Assign an app group to a user group
- Assign a BlackBerry OS IT policy, profile, or software configuration to a user group
- Creating and managing shared device groups
- Create a shared device group
- Activate a shared device
- View the check-out history for a user
- Edit the user membership for a shared device group
- Remove a device from a shared device group
- Delete a shared device group
- Assign an app to a shared device group
- Assign an IT policy or a profile to a shared device group
- Creating device groups
- Viewing and customizing the user list
- Device activation
- Steps to activate devices
- Requirements: Activation
- Managing activation passwords
- Specify the default settings for activation passwords
- Allowing users to activate multiple devices with different activation types
- Manually expire an activation password
- Set an activation password and send an activation email message
- Send an activation email to multiple users
- Allow users to set activation passwords in BlackBerry UEM Self-Service
- Turn on user registration with the BlackBerry Infrastructure
- Enable user notification when a device has been activated
- Supporting Android Enterprise activations
- Supporting Windows 10 activations
- Creating activation profiles
- Activation step-by-step for users
- Activate multiple devices using KNOX Mobile Enrollment
- Activate multiple devices using zero-touch enrollment for Android Enterprise devices
- Activating iOS devices that are enrolled in DEP
- Steps to activate devices that are enrolled in DEP
- Register iOS devices in DEP and assign them to the BlackBerry UEM server
- Assign an enrollment configuration to iOS devices
- Add an enrollment configuration
- Remove an enrollment configuration that is assigned to iOS devices
- Delete an enrollment configuration
- Change the settings for an enrollment configuration
- View the settings for an enrollment configuration that is assigned to a device
- View user details for an activated device
- Activating iOS devices using Apple Configurator 2
- Using Activation Lock on iOS devices
- Restricting unsupervised iOS devices
- Activating BlackBerry 10 devices using the BlackBerry Wired Activation Tool
- Tips for troubleshooting device activation
- Device activation can't be completed because the server is out of licenses. For assistance, contact your administrator.
- Please check your username and password and try again
- Profile failed to install. The certificate "AutoMDMCert.pfx" could not be imported.
- Error 3007: Server is not available
- Unable to contact server, please check connectivity or server address
- iOS or macOS device activations fail with an invalid APNs certificate
- Users are not receiving the activation email
- Device commands and controls
- Sending commands to users and devices
- Deactivating devices
- Locate a device
- View available updates for iOS devices
- Update the OS on supervised iOS devices
- Creating device support messages
- Allowing BlackBerry 10 users to back up device data
- Maintenance, monitoring, and reporting
- Using log files
- Auditing events in BlackBerry UEM
- Creating event notifications
- Manage BlackBerry Dynamics jobs
- Using SNMP to monitor BlackBerry UEM
- Using dashboard reports
- Logging phone call and SMS/MMS activity for Android Enterprise and Samsung KNOX Workspace devices
- View and save a device report
- Exporting app deployment reports
- Activity and compliance violation reports for BlackBerry Dynamics apps
- Monitoring the performance of the BlackBerry Work app
- Profile settings
- Email profile settings
- IMAP/POP3 email profile settings
- Wi-Fi profile settings
- VPN profile settings
- SCEP profile settings
- Compliance profile settings
- BlackBerry Dynamics profile settings
- BlackBerry Dynamics connectivity profile settings
- Enterprise connectivity profile settings
- Enterprise Management Agent profile settings
- Windows Information Protection profile settings
- Microsoft Intune app protection profile settings
- Policy reference spreadsheet
- BlackBerry Docs
- BlackBerry UEM 12.10
- BlackBerry UEM Administration
- Profile settings
- Wi-Fi profile settings
- iOS and macOS: Wi-Fi profile settings
iOS and macOS: Wi-Fi profile settings
iOS
and macOS
: Wi-Fi
profile settingsmacOS
applies profiles to user accounts or devices. You can configure a Wi-Fi
profile to apply to one or the other.iOS and : macOS Wi-Fi profile setting | Description |
|---|---|
Automatically join network | This setting specifies whether a device can automatically join the Wi-Fi network. |
Apply profile to | This setting specifies whether the Wi-Fi profile is applied to the user account or the device.Possible values:
This setting is valid only for macOS . |
Associated proxy profile | This setting specifies the associated proxy profile that a device uses to connect to a proxy server when the device is connected to the Wi-Fi network. |
Network type | This setting specifies a configuration for the Wi-Fi network.Hotspot configurations apply only to iOS and macOS devices. To configure Wi-Fi settings for BlackBerry , Android , and Windows Phone devices, create a separate Wi-Fi profile.Possible values:
The default value is "Standard." |
Displayed operator name | This setting specifies the friendly name of the hotspot operator. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
Domain name | This setting specifies the domain name of the hotspot operator. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." The "SSID" setting is not required when you use this setting. |
Roaming consortium OIs | This setting specifies the organization identifiers of roaming consortiums and service providers that are accessible through the hotspot. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
NAI realm names | This setting specifies the NAI realm names that can authenticate an iOS device.This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
MCC/MNCs | This setting specifies the MCC/MNC combinations that identify mobile network operators. Each value must contain exactly six digits. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
Allow connecting to roaming partner networks | This setting specifies whether a device can connect to roaming partners for the hotspot. This setting is valid only if the "Network type" setting is set to "Hotspot 2.0." |
Security type | This setting specifies the type of security that the Wi-Fi network uses.If the "Network type" setting is set to "Hotspot 2.0," this setting is set to " WPA2-Enterprise ."Possible values:
The default value is "None." |
WEP key | This setting specifies the WEP key for the Wi-Fi network. The WEP key must be 10 or 26 hexadecimal characters (0-9, A-F) or 5 or 13 alphanumeric characters (0-9, A-Z).Examples of hexadecimal key values are ABCDEF0123 or ABCDEF0123456789ABCDEF0123. Examples of alphanumeric key values are abCD5 or abCDefGHijKL1. This setting is valid only if the "Security type" setting is set to "WEP personal." |
Preshared key | This setting specifies the preshared key for the Wi-Fi network.This setting is valid only if the "Security type" setting is set to " WPA-Personal " or "WPA2-Personal ." |
Protocols | |
Authentication protocol | This setting specifies the EAP methods that the Wi-Fi network supports. You can select multiple EAP methods.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," or "WPA2-Enterprise ."Possible selections:
|
Inner authentication | This setting specifies the inner authentication method for use with TTLS. This setting is valid only if the "Authentication protocol" setting is set to "TTLS." Possible values:
The default value is "MS-CHAPv2." |
Use PAC | This setting specifies whether the EAP-FAST method uses a Protected Access Credential. This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST." |
Provision PAC | This setting specifies whether the EAP-FAST method allows PAC provisioning. This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST" and the "Use PAC" setting is selected. |
Provision PAC anonymously | This setting specifies whether the EAP-FAST method allows anonymous PAC provisioning. This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST," the "Use PAC" setting is selected, and the "Provision PAC" setting is selected. |
Authentication | |
Outer identity for TTLS, PEAP, and EAP-FAST | This setting specifies the outer identity for a user that is sent in clear text. You can specify an anonymous username to hide the user's real identity (for example, anonymous). The encrypted tunnel is used to send the real username to authenticate with the Wi-Fi network. If the outer identity includes the realm name to route the request, it must be the user's actual realm (for example, anonymous@example.com).This setting is valid only if the "Authentication protocol" setting is set to "TTLS," "PEAP," or "EAP-FAST." |
Use password included in Wi-Fi profile | This setting specifies whether the Wi-Fi profile includes the password for authentication.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," or "WPA2-Enterprise ." |
Password | This setting specifies the password that an iOS device uses to authenticate with the Wi-Fi network.This setting is valid only if the "Use password included in Wi-Fi profile" setting is selected. |
Username | This setting specifies the username that an iOS device uses to authenticate with the Wi-Fi network. If the profile is for multiple users, you can specify the %UserName% variable.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," or "WPA2-Enterprise ." |
Authentication type | This setting specifies the type of authentication that a device uses to connect to the Wi-Fi network.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," or "WPA2-Enterprise ."Possible values:
The default value is "None." |
Type of certificate linking | This setting specifies the type of linking for the client certificate associated with the Wi-Fi profile.This setting is valid only if the "Authentication type" setting is set to "Shared certificate." Possible values:
The default value is "Single reference." |
Shared certificate profile | This setting specifies the shared certificate profile with the client certificate that a device uses to authenticate with the Wi-Fi network.This setting is valid only if the "Type of certificate linking" setting is set to "Single reference." |
Client certificate name | This setting specifies the name of the client certificate that a device uses to authenticate with the Wi-Fi network.This setting is valid only if the "Type of certificate linking" setting is set to "Variable injection." |
Associated SCEP profile | This setting specifies the associated SCEP profile that a device uses to obtain a client certificate to authenticate with the Wi-Fi network.This setting is valid only if the "Authentication type" setting is set to "SCEP." |
Associated user credential profile | This setting specifies the associated user credential profile that a device uses to obtain a client certificate to authenticate with the Wi-Fi network.This setting is valid only if the "Authentication type" setting is set to "User credential." |
Trust | |
Certificate common names expected from authentication server | This setting specifies the common names in the certificate that the authentication server sends to the device (for example, *.example.com). This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," or "WPA2-Enterprise ." |
Type of certificate linking | This setting specifies the type of linking for the trusted certificates associated with the Wi-Fi profile.This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," or "WPA2-Enterprise ."Possible values:
The default value is "Single reference." |
CA certificate profiles | This setting specifies the CA certificate profiles with the trusted certificates that a device uses to establish trust with the Wi-Fi network.This setting is valid only if the "Type of certificate linking" setting is set to "Single reference." |
Trusted certificate names | This setting specifies the names of the trusted certificates that a device uses to establish trust with the Wi-Fi network.This setting is valid only if the "Type of certificate linking" setting is set to "Variable injection." |
Trust user decisions | This setting specifies whether a device prompts the user to trust a server when the chain of trust can't be established. If this setting is not selected, only connections to trusted servers that you specify are allowed. This setting is valid only if the "Security type" setting is set to "WEP enterprise," " WPA-Enterprise ," or "WPA2-Enterprise ." |
Enable QoS marking profile | This setting specifies whether you can enable L2 and L3 marking for traffic sent through the Wi-Fi network.This setting is valid only for devices running iOS 10 and later. |
Use QoS for FaceTime calls | This setting specifies whether audio and video traffic for FaceTime calls can use L2 and L3 marking.This setting is valid only for devices running iOS 10 and later. |
Use only L2 marking for QoS traffic | This setting specifies whether traffic sent through the Wi-Fi network uses only L2 marking.This setting is valid only for devices running iOS 10 and later. |
Apply QoS marking to selected apps | This setting specifies the bundle IDs for apps that can use L2 and L3 marking. This setting is valid only for devices running iOS 10 and later. |