Help Center

Local Navigation

Two Factor Content Protection Usage IT policy rule

Description

This rule specifies whether a user can turn on two-factor content protection on a BlackBerry® device.

Default value

The default value is Allowed. A user can turn on two-factor content protection on a BlackBerry device.

Usage

Two-factor content protection on the BlackBerry device is designed to protect the content protection decryption keys with both a private key that is stored on a smart card and the BlackBerry device password.

When a user turns on two-factor content protection, the BlackBerry device requires more time to unlock than when two-factor content protection is not turned on. To unlock the BlackBerry device, the user must have the appropriate smart card driver and a supported driver for the smart card reader installed on the BlackBerry device.

You cannot reset the BlackBerry device password after you or a user turns on two-factor content protection.

To restore the content protection decryption keys and unlock the BlackBerry device, the user must have the smart card and must know the BlackBerry device password and the PIN for the smart card.

Dependencies

If you change this rule to Required, the BlackBerry device can use this rule only if you also configure the Content Protection Strength IT policy rule and change the value of the Force Smart Card Two Factor Authentication IT policy rule to True.

Alternatively, instead of changing the value of the Force Smart Card Two Factor Authentication IT policy rule to True, you can change the value of the Force Multi Factor Authentication IT policy rule to True and change the Allowed Authentication Mechanisms IT policy rule to use only a smart card user authenticator.

Minimum requirements

  • Java® based BlackBerry device
  • BlackBerry® Device Software version 5.0
  • BlackBerry® Enterprise Server version 5.0 SP1

Was this information helpful? Send us your comments.