Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.13
  3. Administration
  4. Managing iOS devices
  5. What you can control on iOS devices

What you can control on 
iOS
 devices

BlackBerry UEM
 provides all of the tools you need to control the features that 
iOS
 devices allow you to manage. It also includes features that allow you to give device users secure access to work resources without fully managing the device.
Control level
Description
Unmanaged and partially managed devices (devices that are activated on 
BlackBerry UEM
 but not fully managed)
You can activate a device on 
BlackBerry UEM
 to provide secure access to work resources without fully managing the device. This option is often used for BYOD devices.
These activations can allow users to access your network over VPN using 
BlackBerry 2FA
, share files securely using 
BlackBerry Workspaces
, and install 
BlackBerry Dynamics
 apps such as 
BlackBerry Work
 and 
BlackBerry Access
 to access work email and your work intranet.
Partially managed devices with a work profile
You can activate a device on 
BlackBerry UEM
 to provide secure access to work resources within a work profile. This option is often used for BYOD devices.
With this activation type, a separate work space is created on the device for work apps and the native Notes, 
iCloud
 Drive, Mail (attachments and full email bodies), Calendar (attachments), and 
iCloud Keychain
 apps. 
Managed devices (devices that are managed by 
BlackBerry UEM
)
You can activate a device to be fully manged by 
BlackBerry UEM
. This option is often used for corporate-owned devices.
This option lets you manage work data using commands and IT policy rules. You can manage work apps on the device, including 
BlackBerry Dynamics
 apps.
BlackBerry UEM
 supports managing supervised 
iOS
 devices. Some IT policy rules are supported only on supervised devices
User privacy
 activations can provide limited device management capabilities and allow users to access work data using 
BlackBerry Dynamics
 apps, such as 
BlackBerry Work
 and 
BlackBerry Access
. You can choose to allow some of the following device management features:
  • Access to SIM card and device hardware information: Allow 
    BlackBerry UEM
     access to SIM card and device hardware information to enable SIM-based licensing.
  • App management: Allow administrators to install or remove work apps and display a list of installed work apps in the user details screen.
  • IT policy management: Allow a limited set of IT policy rules to be applied to the device (password policies, allow screenshots, allow documents from managed sources in unmanaged destinations, and allow documents from unmanaged sources in managed destinations).
  • Email profile management: Allow email profiles to be applied to the device.
  • Wi-Fi
     profile management: Allow 
    Wi-Fi
     profiles to be applied to the device.
  • VPN profile management: Allow VPN profiles to be applied to the device.
You can use the 
User privacy - User enrollment
 activation type for 
iOS
 and 
iPad
OS devices to make sure that user data is kept private and separate from work data. With this activation type, a separate work space is installed on the device for work apps and some native apps.
This activation type enables app management, IT policy management, email profiles, 
Wi-Fi
 profiles, and per-app VPN. Administrators can manage work data (for example, wipe work data) without affecting personal data. 
This activation type is supported on unsupervised devices that run 
iOS
 or 
iPad
OS 13.1 or later.
MDM controls
 activations provide full support for managing 
iOS
 devices, including the following features: 
  • Enforce password requirements 
  • Control device capabilities using IT policies (for example, disable the camera or 
    Bluetooth
    )
  • Enforce compliance rules 
  • Wi-Fi
     and VPN connection profiles (with proxy)
  • Synchronize email, contacts, and calendar with devices
  • Send CA and client certificates to devices for authentication and S/MIME 
  • Manage required and allowed public and internal apps, including 
    BlackBerry Dynamics
     apps.
  • Full support for 
    Apple
     DEP and VPP
  • Locate and protect lost or stolen devices 
Some features and 
BlackBerry Dynamics
 apps are not available with all license levels. For more information about available licenses, see the Licensing content.