- Configuring BlackBerry UEM for the first time
- Changing BlackBerry UEM certificates
- Configuring BlackBerry UEM to send data through a proxy server
- Configuring connections through internal proxy servers
- Connecting to your company directories
- Configuring Microsoft Active Directory authentication in an environment that includes Exchange linked mailboxes
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enabling onboarding
- Synchronize a company directory connection
- Removing a connection to a company directory
- Connecting to an SMTP server to send email notifications
- Configuring database mirroring
- Connecting BlackBerry UEM to Microsoft Azure
- Enable access to the BlackBerry Web Services over the BlackBerry Infrastructure
- Obtaining an APNs certificate to manage iOS and macOS devices
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Simplifying Windows 10 activations
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Migrate IT policies, profiles, and groups from a source server
- Complete policy and profile migration for BlackBerry Dynamics-activated users
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Migrating DEP devices
- Configuring BlackBerry UEM to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
- Configuring Kerberos for BlackBerry Dynamics apps
- Integrating BlackBerry UEM with Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Create an administrator account that Cisco ISE can use
- Add the BlackBerry Web Services certificate to the Cisco ISE certificate store
- Connect BlackBerry UEM to Cisco ISE
- Example: Authorization policy rules for BlackBerry UEM
- Managing network access and device controls using Cisco ISE
Prerequisites
- Port 88 on theActive Directoryservice must be accessible by allBlackBerry UEMservers.
- TheKerberosenvironment must include the following components:
- Microsoft Active Directoryserver: The directory service that authenticates and authorizes all users and computers associated with yourWindowsnetwork
- KerberosKey Distribution Center (KDC): The authentication service on theActive Directoryserver that supplies session tickets and keys to users and computers in theActive Directorydomain
- Create service principal names (SPN) for all HTTP services (includingBlackBerry Enterprise Mobility Serverand other services). You must set an SPN for every target resource you want devices to have access to. For example:setspn –S HTTP/SPHOST.FQDN:PORT domain\AppPoolUserFor more information on how to create and modify SPNs, see docs.microsoft.com to read "Register a Service Principal Name for Kerberos Connections". SPNs should be configured by the owners of the app servers or theActive Directoryserver.
For multi-realm
Kerberos
environments:
- A minimum of oneBlackBerry UEM Coreserver must be installed in eachKerberosrealm.BlackBerry UEMmust reside in the sameKerberosrealm as the resource because cross-realm resource delegation is not supported.
- Ensure that single-realm KCD is working before configuring multi-realm KCD.
- All trusts must be bidirectional, transitive forest trust.Ensure a maximum of 5 ms latency between theBlackBerry UEM Coreservers and theMicrosoft SQL Serverdatabase. For more information see the BlackBerry UEM hardware requirements.