Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.13
  3. Overview and what's new
  4. What's new in BlackBerry UEM Cloud

What's new in
BlackBerry UEM Cloud

Migration

  • Migration of
    Android Enterprise
     devices
    : Customers who have configured
    BlackBerry UEM
     to manage
    Google Play
     accounts can now migrate
    Android Enterprise
     devices from an on-premises
    BlackBerry UEM
     server to
    BlackBerry UEM Cloud
     or another on-premises
    BlackBerry UEM
     server. The on-premises
    BlackBerry UEM
     server must be version 12.13 or later.
  • Migration of
    BlackBerry Dynamics
     users
    : You can now migrate
    BlackBerry Dynamics
     users from on-premises
    BlackBerry UEM
     (version 12.13 or later) to
    BlackBerry UEM Cloud
    .

Management console

  • App protection profiles update
    :
    Microsoft Intune
     app protection profiles have added support for recent
    Microsoft Intune
     feature updates.
  • Specify browser
    : You can now specify which browser opens web links in apps managed by Microsoft Intune.
  • Factory reset protection profile improvements
    : For factory reset protection profiles, you no longer need to manually obtain the User ID when you specify
    Google
     accounts that can unlock a device that has been reset to factory settings.
  • Delete users for value-added services
    : You can now delete users who have additional value-added services assigned unless the user can’t be removed from the service.
  • Event notifications
    : The following event notifications were added:
    • Connectivity > Service connections for UEM instance changed: This notification alerts you when the connection status changes for the BlackBerry Affinity Manager, BlackBerry Secure Gateway, BlackBerry Proxy, or BlackBerry Secure Connect Plus service.
    • Server certificates > Certificate expiry: This notification alerts you when a server certificate is about to expire.

BlackBerry Dynamics

  • BlackBerry Dynamics
     screen capture detection on
    iOS
     devices
    : You can enable an option in a compliance profile that reacts to screen captures of
    BlackBerry Dynamics
     apps on
    iOS
     devices. When you enable this option, you can specify the allowed number of screen captures per time period, how long a period lasts, an enforcement action to occur if the user exceeds the allowed number of screen captures, and how long the enforcement action lasts. The allowed number of screen captures is per app. If the user exceeds the number of screen captures on one app, they are prevented only from using that app, not all
    BlackBerry Dynamics
     apps.
    If you enable the option and set the enforcement action to "Monitor and log", when a user takes a screen capture, a warning message stating screen captures are prohibited is displayed on the device. If you enable the option and you set the enforcement action to "Do not allow BlackBerry Dynamics apps to run', when the user exceeds the number of screen captures, a message that informs the user how long they are prevented from taking screen captures is displayed on the device, and the user is blocked from using the app for the period that you specified in the compliance profile. All violations are logged in a compliance violation report for
    BlackBerry Dynamics
     apps.
  • Improvements to the
    BlackBerry Dynamics
     app activation process
    : Administrators and users can now activate
    BlackBerry Dynamics
     apps using simple passwords (for example, a password of any length) or QR codes in addition to  the 15-character access key. This simplifies the activation process for users. Activating
    BlackBerry Dynamics
     apps using a password or QR code is the preferred method of activating apps. This feature requires that apps use
    BlackBerry Dynamics SDK
     8.0 or later. 
  • Improvements to unlocking
    BlackBerry Dynamics
     apps
    : Administrators can now send a QR code to a user to unlock a
    BlackBerry Dynamics
     app. Users with access to
    BlackBerry UEM Self-Service
     can use the QR code to unlock the app instead of the unlock key. This feature requires that apps use
    BlackBerry Dynamics SDK
     8.0 or later.

Apple

  • Automatic activation of a
    BlackBerry Dynamics
     app for Apple DEP and User Enrollment devices
    : For
    Apple
     DEP devices and devices that are activated with
    Apple
     User Enrollment, a
    BlackBerry Dynamics
     app can be preconfigured so that it automatically activates during device enrollment without requiring the user to manually enter information. If the app is an authentication delegate, it can be used to easily activate other
    BlackBerry Dynamics
     apps.
  • iOS
     New Capabilities
    : For
    iOS
     devices with eSIM cellular plans, administrators can request updated plan information from the carrier.

Chrome
 OS

  • Management of
    Chrome
     OS devices
    : You can now manage
    Chrome
     OS devices separately from
    Android
     devices in the following ways:
    • On the Dashboard, in Devices by platform,
      Chrome
       OS devices are shown.
    • In Users > Managed devices,
      Chrome
       is now an option for the OS filter.
    • In Groups > Device, you can create device groups based on
      Chrome
       OS.
    • In Migration > Migrate devices,
      Chrome
       OS devices are shown

Windows 10
 devices

  • Support for
    Windows
     Hello for Business
    : For
    Windows 10
     devices, you can now choose whether to allow biometric gestures (such as facial or fingerprint recognition) in the IT policy. You can also enable enhanced anti-spoofing for when facial recognition is configured on the device. These settings require
    Windows 10
     version 1511 or later.

BEMS
 Cloud

  • Trusted connection between
    BEMS-Docs
     and
    Microsoft SharePoint
    : You can now import and remove individual CA and Intermediate certificates from the
    BEMS
     Cloud database using the
    BlackBerry UEM
     console. This allows administrators to import and replace individual self-signed and custom CA certificates to create the trusted connection between
    BEMS-Docs
     and
    Microsoft SharePoint
    .
  • BEMS
     Cloud repository enhancements
    : You can now use the new users tab in the
    BEMS
     Cloud Docs service to search for users, view administrator defined repositories that users have access to, and view repositories that authorized users created. For administrator defined repositories, administrators can override the path and view the access permissions that users have.
  • Updated repository error messages
    : When a repository is not successfully defined, a custom error message displays that explains why the repository did not save properly (for example, if you create a repository using the same name as one that exists, the error message Repository already exists with name <repository name> displays). This allows the user and IT personnel to diagnose and fix the problem.
  • Support passive authentication using the
    Microsoft Active Directory
     Authentication Library (ADAL)
    :  The
    BlackBerry
    Mail
     (PNS) service now supports using passive authentication to acquire a token. Passive authentication uses the browser to redirect to the identity provider (IDP) to request a token. This option doesn't require the credentials to be stored in the
    BEMS
     database.
  • Customized
    BlackBerry Dynamics Launcher
    :
    BEMS
     Cloud now supports administrators specifying a customized
    BlackBerry Dynamics Launcher
     icon for client devices.
    BEMS
     Cloud verifies the validity of the image files uploaded for customized
    BlackBerry Dynamics Launcher
     icons.
  • Security enhancements
    :
    BEMS
     Cloud now supports the
    BlackBerry Work
     app to retrieve the public S/MIME certificate from the user’s
    Microsoft Active Directory
     account when the user is in a distribution list. The S/MIME certificate allows
    BlackBerry Work
     users to send encrypted email messages to public distribution lists and personal or private distribution lists (for example, distribution lists in the user’s contact folder). This feature requires
    BlackBerry Work
     3.2 or later.

Documentation

  • The BlackBerry Docs site has improved search and navigation tools to make it easier to find docs for products and features. Click the magnifying glass in the top navigation bar to perform a keyword search. You can filter results by product, version, and document type.
    You can also click Let us help you find something on the home page and BlackBerry UEM page to open a Doc Map that will point you to the right doc, whether you’re looking for product information to help make a purchase decision or you’re already a customer and need administrator, end-user, or developer help.
  • A beta version of an easy-to-use online version of the Performance Calculator will be available soon. You will be able to access it on the BlackBerry UEM Planning and architecture documentation web page.

New IT policy rules

Device type
Name
Description
Activation types
Windows
Allow use of biometric gestures
Enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business.
MDM controls
Windows
Enable enhanced anti-spoofing for facial feature recognition
Enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication.
MDM controls
Android
 Global (all
Android
 devices)
Obtain time zone from network
Specify whether the device obtains the time zone from the network.
Work space only, Work and personal - full control
Android
 Global (all Android devices)
Device time zone
Specify the time zone that the device uses. For a list of possible values, see the IT Policy Reference.
Work space only, Work and personal - full control
Android
 Global (all
Android
 devices)
Allow ambient display
Specify whether the user can enable ambient display on the device. Ambient display shows notifications on the lock screen when the device is locked.
Work space only, Work and personal - full control
Android
 Global (all
Android
 devices)
Allow airplane mode
Specify whether the user can enable airplane mode on the device.
Work space only, Work and personal - full control
Android
 Work profile (all
Android
 devices)
Force the device and work profile passwords to be different
Specify whether the device and work profile passwords must be different when a work profile password is required by the Android work profiles "Password requirements" rule.
Work and personal - user privacy, Work and personal - full control
Android
 Work profile (all
Android
 devices)
Allow printing
Specify whether the user can print files using the device OS print functionality. This rule does not block sharing files to apps that can send files to a printer.
Work space only, Work and personal - user privacy, Work and personal - full control
Android
 Work profile (all
Android
 devices)
Allow user to configure location
Specify whether the user can turn the location feature on or off.
Work space only, Work and personal - user privacy, Work and personal - full control
Android
 Work profile (all
Android
 devices)
Allow personal data in work profile
Specify whether files and data in the personal profile can be sent to the work profile or accessed from work apps.
Work and personal - user privacy, Work and personal - full control
Android
 Work profile (all
Android
 devices)
Allow biometrics
Specify whether the user can use biometric authentication to unlock the device.
Work space only, Work and personal - user privacy, Work and personal - full control
Android
 Work profile (all
Android
 devices)
Allow facial recognition
Specify whether the user can unlock the device using face recognition.
Work space only, Work and personal - user privacy, Work and personal - full control
Android
 Work profile (all
Android
 devices)
Allow iris authentication
Specify whether the user can unlock the device using an iris scan.
Work space only, Work and personal - user privacy, Work and personal - full control
Android
 Work profile (all
Android
 devices)
Apps restricted from metered networks
Specify the apps that are restricted from using metered data networks. You may want to restrict app network usage due to data costs and limits or battery and performance issues.
Work space only, Work and personal - user privacy, Work and personal - full control
Android
 Personal profile (all
Android
 devices)
Allow biometrics
Specify whether the user can use biometric authentication to unlock the device.
Work and personal - full control
Android
 Personal profile (all
Android
 devices)
Allow facial recognition
Specify whether the user can unlock the device using face recognition.
Work and personal - full control
Android
 Personal profile (all
Android
 devices)
Allow iris authentication
Specify whether the user can unlock the device using an iris scan.
Work and personal - full control
Android
 Personal profile (all
Android
 devices)
Allow printing
Specify whether the user can print files using the device OS print functionality. This rule does not block sharing files to apps that can send files to a printer.
Work and personal - full control