- Getting started
- Supported features by device type
- Managing BlackBerry Dynamics apps in BlackBerry UEM
- BlackBerry devices powered by Android
- Device management options
- Managing devices beyond smartphones, tablets, and laptops
- Managing wearable devices
- Managing Apple TV devices
- What is the BlackBerry UEM Client?
- What is BlackBerry UEM Self-Service?
- BlackBerry Enterprise Mobility Suite services
- Log in to BlackBerry UEM
- Administrators
- Steps to set up UEM administration
- Setting console login options
- Customizing the appearance of the consoles
- Create website bookmarks in the consoles
- Change the language for automated email messages
- Creating and managing administrator roles
- Create an administrator
- Change role membership for administrators
- Set the session timeout parameters
- Delete an administrator
- Using profiles, variables, and email templates
- Wi-Fi, VPN, BlackBerry Secure Connect Plus, and other work connections
- Steps to set up work connections for devices
- Best practice: Creating work connection profiles
- Setting up work Wi-Fi networks for devices
- Setting up work VPNs for devices
- Setting up proxy profiles for devices
- Using enterprise connectivity and BlackBerry Secure Connect Plus for connections to work resources
- Steps to enable BlackBerry Secure Connect Plus
- Server and device requirements
- Load balancing and high availability for BlackBerry Secure Connect Plus
- BlackBerry Secure Connect Plus and the BlackBerry Connectivity Node
- Enabling and configuring enterprise connectivity and BlackBerry Secure Connect Plus
- Create an enterprise connectivity profile
- Enable BlackBerry Secure Connect Plus
- Specify the DNS settings for the BlackBerry Connectivity app
- Optimize secure tunnel connections for Android devices that use BlackBerry Dynamics apps
- Direct BlackBerry 10 work space traffic through BlackBerry Secure Connect Plus when a Wi-Fi network is available
- Troubleshooting BlackBerry Secure Connect Plus
- Setting up network connections for BlackBerry Dynamics apps
- Using BlackBerry 2FA for secure connections to critical resources
- Setting up single sign-on authentication for devices
- Filtering web content on iOS devices
- Managing email and web domains for iOS devices
- Create an AirPrint profile
- Configuring AirPlay profiles for iOS devices
- Controlling network usage for work apps on iOS devices
- Email, calendar, and contacts
- Setting up work email for devices
- Using Exchange Gatekeeping
- Setting up CardDAV and CalDAV profiles for iOS and macOS devices
- Certificates
- Steps to use certificates
- Integrating BlackBerry UEM with your organization's PKI software
- Connect BlackBerry UEM to your organization’s Entrust software
- Connect BlackBerry UEM to your organization’s Entrust IdentityGuard server to use smart credentials
- Connect BlackBerry UEM to your organization's OpenTrust software
- Connect BlackBerry UEM to your organization’s BlackBerry Dynamics PKI Connector
- Connect BlackBerry UEM to your organization’s app-based PKI solution
- Providing client certificates to devices
- Sending certificates to devices using profiles
- Choosing profiles to send client certificates to devices
- Sending CA certificates to devices
- Using user credential profiles to send certificates to devices
- Create a user credential profile to manually upload certificates
- Create a user credential profile to connect to your organization's PKI software
- Create a user credential profile to use Entrust smart credentials on devices
- Create a user credential profile to connect to your BlackBerry Dynamics PKI connector
- Renew certificates that are enrolled through the BlackBerry Dynamics PKI connector
- Creating user credential profiles for app-based certificates
- Create a user credential profile to use certificates from the native keystore on Android devices
- Using SCEP to send client certificates to devices
- Sending the same client certificate to multiple devices
- Specify the certificate used by an app
- Device policies, standards, and compliance
- Steps to set up your organization's policies and standards for devices
- Managing devices with IT policies
- Controlling BlackBerry Dynamics on users devices
- Enforcing compliance rules for devices
- Configuring the Enterprise Management Agent
- Limiting devices to a single app
- Controlling the software releases that are installed on devices
- Displaying organization information on devices
- Using location services on devices
- Turning off notifications outside of work hours
- Managing iOS features using custom payload profiles
- Configure the layout of apps on supervised iOS devices
- Setting up Windows Information Protection for Windows 10 devices
- Apps
- Adding apps to the app list
- Adding public apps to the app list
- Add a BlackBerry 10 app to the app list
- Add an iOS app to the app list
- Add an Android app to the app list if BlackBerry UEM is not configured for Android Enterprise devices
- Add an Android app to the app list if BlackBerry UEM is configured for Android Enterprise devices
- Add a Windows 10 app to the app list
- Add public BlackBerry Dynamics apps to the app list
- Adding internal apps to the app list
- Steps to add internal apps to the app list
- Specify the shared network location for storing internal apps
- Add an internal app to the app list
- Add an internal BlackBerry Dynamics app entitlement
- Upload BlackBerry Dynamics app source files
- Host an internal app for devices with an Android work profile in Google Play using the .apk file
- Host an internal app for Android Enterprise devices in BlackBerry UEMusing a .json file
- Update an internal app
- Update an internal app for Android devices with a work profile in BlackBerry UEM using a .json file
- Adding or changing an app configuration
- Adding app shortcuts
- Adding public apps to the app list
- Preventing users from installing specific apps
- Managing apps on the app list
- Delete an app from the app list
- Change whether an app is required or optional
- Device notifications for new and updated apps
- App behavior on iOS devices
- App behavior on Android devices
- App behavior on Android Enterprise devices
- App behavior on Samsung KNOX devices
- App behavior on BlackBerry devices
- App behavior on Windows 10 devices
- Managing app groups
- View the status of apps and app groups assigned to user accounts
- View which apps are assigned to user groups
- Viewing and customizing the apps list
- Update the app list
- Update app permissions for Android Enterprise apps
- Accept app permissions for Android Enterprise apps
- Set runtime app permissions for Android work apps
- Managing BlackBerry Dynamics apps
- Managing apps protected by Microsoft Intune
- Managing Apple VPP accounts
- Rank app installation
- Viewing personal app lists
- Rating and reviewing apps
- Managing the Work Apps icon for iOS devices
- Managing notifications for apps on supervised iOS devices
- Set the organization name for BlackBerry World
- Managing apps on BlackBerry OS devices
- Preparing to distribute BlackBerry Java Applications
- Configuring application control policies
- Application control policies for unlisted applications
- Creating software configurations
- Install BlackBerry Java Applications on a BlackBerry OS device at a central computer
- View the users that have a BlackBerry Java Application installed on their BlackBerry OS devices
- Reconciliation rules for conflicting settings in software configurations
- Adding apps to the app list
- Users and groups
- Steps to create groups and user accounts
- Creating user roles
- Creating and managing user accounts
- Create a user account
- Creating user accounts from a .csv file
- View a user account
- Add notes to a user account
- Manage multiple user accounts at one time
- Send an email to users
- Send a BlackBerry UEM Self-Service password to multiple users
- Edit user account information
- Synchronize information for a directory user
- Remove services from a user
- Enable services for a user
- Delete a user account
- Add users to user groups
- Remove a user from a user group
- Change which user groups a user belongs to
- Assign a profile or IT policy to a user account
- Add a client certificate to a user account
- Change a client certificate for a user account
- Renew or remove a BlackBerry Dynamics certificate for a user account
- Add a client certificate to a user credential profile
- Change a client certificate for a user credential profile
- Assign an app to a user account
- Assign an app group to a user account
- Assign a BlackBerry OS IT policy, profile, or software configuration to a user account
- View the resolved BlackBerry OS IT policy rules that are assigned to a user account
- Creating and managing user groups
- Creating directory-linked groups
- Create a local group
- View a user group
- Change the name of a user group
- Delete a user group
- Add nested groups to a user group
- Remove nested groups from a user group
- Assign a profile or IT policy to a user group
- Assign an app to a user group
- Assign an app group to a user group
- Assign a BlackBerry OS IT policy, profile, or software configuration to a user group
- Creating and managing shared device groups
- Create a shared device group
- Activate a shared device
- View the check-out history for a user
- Edit the user membership for a shared device group
- Remove a device from a shared device group
- Delete a shared device group
- Assign an app to a shared device group
- Assign an IT policy or a profile to a shared device group
- Creating device groups
- Viewing and customizing the user list
- Device activation
- Steps to activate devices
- Requirements: Activation
- Managing activation passwords
- Specify the default settings for activation passwords
- Allowing users to activate multiple devices with different activation types
- Manually expire an activation password
- Set an activation password and send an activation email message
- Send an activation email to multiple users
- Allow users to set activation passwords in BlackBerry UEM Self-Service
- Turn on user registration with the BlackBerry Infrastructure
- Enable user notification when a device has been activated
- Supporting Android Enterprise activations
- Supporting Windows 10 activations
- Creating activation profiles
- Activation step-by-step for users
- Activate multiple devices using KNOX Mobile Enrollment
- Activate multiple devices using zero-touch enrollment for Android Enterprise devices
- Activating iOS devices that are enrolled in DEP
- Steps to activate devices that are enrolled in DEP
- Register iOS devices in DEP and assign them to the BlackBerry UEM server
- Assign an enrollment configuration to iOS devices
- Add an enrollment configuration
- Remove an enrollment configuration that is assigned to iOS devices
- Delete an enrollment configuration
- Change the settings for an enrollment configuration
- View the settings for an enrollment configuration that is assigned to a device
- View user details for an activated device
- Activating iOS devices using Apple Configurator 2
- Using Activation Lock on iOS devices
- Restricting unsupervised iOS devices
- Activating BlackBerry 10 devices using the BlackBerry Wired Activation Tool
- Tips for troubleshooting device activation
- Device activation can't be completed because the server is out of licenses. For assistance, contact your administrator.
- Please check your username and password and try again
- Profile failed to install. The certificate "AutoMDMCert.pfx" could not be imported.
- Error 3007: Server is not available
- Unable to contact server, please check connectivity or server address
- iOS or macOS device activations fail with an invalid APNs certificate
- Users are not receiving the activation email
- Device commands and controls
- Sending commands to users and devices
- Deactivating devices
- Locate a device
- View available updates for iOS devices
- Update the OS on supervised iOS devices
- Creating device support messages
- Allowing BlackBerry 10 users to back up device data
- Maintenance, monitoring, and reporting
- Using log files
- Auditing events in BlackBerry UEM
- Creating event notifications
- Manage BlackBerry Dynamics jobs
- Using SNMP to monitor BlackBerry UEM
- Using dashboard reports
- Logging phone call and SMS/MMS activity for Android Enterprise and Samsung KNOX Workspace devices
- View and save a device report
- Exporting app deployment reports
- Activity and compliance violation reports for BlackBerry Dynamics apps
- Monitoring the performance of the BlackBerry Work app
- Profile settings
- Email profile settings
- IMAP/POP3 email profile settings
- Wi-Fi profile settings
- VPN profile settings
- SCEP profile settings
- Compliance profile settings
- BlackBerry Dynamics profile settings
- BlackBerry Dynamics connectivity profile settings
- Enterprise connectivity profile settings
- Enterprise Management Agent profile settings
- Windows Information Protection profile settings
- Microsoft Intune app protection profile settings
- Policy reference spreadsheet
Create a SCEP profile
The required profile settings depend on the SCEP service configuration in your organization's environment and vary depending on whether the certificate is used by a
BlackBerry
Dynamics
app or by a specified device type.
If you want to use a SCEP profile to distribute
OpenTrust
client certificates to devices, you must apply a hotfix to your OpenTrust
software. For more information, contact your OpenTrust
support representative and reference support case SUPPORT-798.- On the menu bar, clickPolicies and Profiles.
- ClickCertificates > SCEP.
- Click
. - Type a name and description for the profile. Each certificate profile must have a unique name.
- In theURLfield, type the URL for the SCEP service. The URL should include the protocol, FQDN, port number, and SCEP path.
- In theInstance namefield, type the instance name for the CA.
- In theCertification authority connectiondrop-down list, perform one of the following actions:
- To use anEntrustconnection that you configured, click the appropriate connection. In theProfiledrop-down list, click a profile. Specify the values for the profile.
- To use anOpenTrustconnection that you configured, click the appropriate connection. In theProfiledrop-down list, click a profile. Specify the values for the profile.
- The following settings in the SCEP profile do not apply toOpenTrustclient certificates: Key usage, Extended key usage, Subject, and SAN.
- To use another CA, clickGeneric. In theSCEP challenge typedrop-down list, selectStaticorDynamicand specify the required settings for the challenge type.ForWindowsdevices, only static passwords are supported.
- Optionally, clear the check box for any device type that you do not want to configure the profile for.
- Perform the following actions:
- Click the tab for a device type.
- Configure the appropriate values for each profile setting to match the SCEP service configuration in your organization's environment.
- Repeat step 8 for each device type in your organization.
- ClickAdd.
If devices use the client certificate to authenticate with a work
Wi-Fi
network, work VPN, or work mail server, associate the SCEP profile with a Wi-Fi
, VPN, or email profile.