- Introduction to Windows 10 deployment with BlackBerry UEM
- Checklist for managing devices with UEM only
- Checklist for managing devices with UEM and SCCM
- Enrolling Windows 10 devices with BlackBerry UEM
- Enrolling a device to be managed with BlackBerry UEM
- Enrolling an unmanaged device with BlackBerry Access for Windows
- Setting up UEM policies and profiles to manage Windows 10 devices
- Import SCCM group policies to UEM
- Restricting or allowing device capabilities
- Setting device password requirements
- How BlackBerry UEM chooses which IT policy to assign
- Creating and managing IT policies
- Sending certificates to devices using profiles
- Setting up work email for devices
- Using Exchange Gatekeeping
- Setting up work VPNs for devices
- Setting up work Wi-Fi networks for devices
- Enforcing compliance rules for devices
- Setting up Windows Information Protection for Windows 10 devices
- Managing Windows 10 devices that are enrolled in UEM and SCCM
- Configuring UEM to manage apps for Windows 10 devices
- Connecting BlackBerry UEM to Microsoft Azure
- Specify the shared network location for storing internal apps
- Add a Windows 10 app to the app list
- App behavior on Windows 10 devices
- Setting up network connections for BlackBerry Dynamics apps
- Remote management for Windows 10 devices
- Managing Windows 10 device updates with BlackBerry UEM
- Using BlackBerry Intelligent Security
- Deactivating devices
- Related information
- BlackBerry Docs
- BlackBerry UEM 12.11
- Administration
- Windows 10 Planning and Deployment Guide
- Setting up UEM policies and profiles to manage Windows 10 devices
- Sending certificates to devices using profiles
- Choosing profiles to send client certificates to devices
Choosing profiles to send client certificates to devices
You can use different types of profiles to send client certificates to devices. The type of profile that you choose depends on how your organization uses certificates and the types of devices that your organization supports. Consider the following guidelines:
- To use SCEP profiles, you must have a CA that supports SCEP.
- If you have set up a connection betweenBlackBerry UEMand your organization's PKI solution, use user credential profiles to send certificates to devices. You can connect directly to anEntrustCA orOpenTrustCA.
- To use client certificates forWi-Fi, VPN, and mail server authentication, you must associate the certificate profile with aWi-Fi, VPN, or email profile.
- Shared certificate profiles and certificates that you add to user accounts do not keep the private key private because you must have access to the private key. Connecting to a CA using SCEP or user credential profiles is more secure because the private key is sent only to the device that the certificate was issued to.