New in this release

This document describes the security features that the BlackBerry® Enterprise Server version 5.0 SP2, BlackBerry® Desktop Software version 5.0, BlackBerry® Device Software version 5.0, and BlackBerry® Smart Card Reader version 2.0 support, unless otherwise stated.

Feature

Description

BlackBerry MDS Connection Service integrated authentication

When BlackBerry device users want to access your organization's resources from BlackBerry devices, you can configure the BlackBerry MDS Connection Service to authenticate users with your organization's network automatically using their Windows® accounts.

For more information about configuring BlackBerry MDS Connection Service integrated authentication, see the BlackBerry MDS Connection Service Integrated Authentication Security Note.

default groups with preconfigured roles

The BlackBerry Administration Service includes new default groups that have preconfigured roles and that you can add different types of administrator accounts to. The default groups help make sure that users without administrative privileges cannot escalate their permissions. For example, junior administrators cannot change their roles to senior administrator roles. The group names are Administrators, Help desk representatives, and BlackBerry Web Desktop Manager users.

For more information about roles and groups, see the BlackBerry Enterprise Server Administration Guide. For more information about upgrade implications, see the BlackBerry Enterprise Server Upgrade Guide.

enhancements to S/MIME encryption

The BlackBerry Enterprise Server includes the following enhancements to S/MIME encryption:
  • If users configure S/MIME encryption on devices, you are no longer required to turn on S/MIME encryption on the BlackBerry Enterprise Server before the BlackBerry Enterprise Server can process S/MIME-protected messages.
  • The BlackBerry Enterprise Server includes improvements to the option that permits it to encrypt messages for a second time when it processes S/MIME-protected messages that are weakly encrypted or are signed but unencrypted.

For more information about configuring S/MIME, see the BlackBerry Enterprise Server Administration Guide.

new IT policy rules

For information about new IT policy groups and IT policy rules, visit www.blackberry.com/go/serverdocs to see the BlackBerry Enterprise Server Policy Reference Guide.

new preconfigured IT policy

The BlackBerry Enterprise Server includes a new preconfigured IT policy called the Individual-Liable Devices IT policy.

You can use the Individual-Liable Devices IT policy if your organization includes users who purchase their own devices and connect the devices to a BlackBerry Enterprise Server instance in your organization's environment.

RSA® authentication for specific intranet sites

You can configure the intranet sites that users must use RSA authentication to access.

For more information about configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager, see the BlackBerry Enterprise Server Administration Guide.

single sign-on authentication

You can configure the BlackBerry Administration Service to log administrators or users in to the BlackBerry Administration Service and BlackBerry Web Desktop Manager automatically using their Windows accounts.

For more information about configuring BlackBerry Administration Service single sign-on, see the BlackBerry Administration Service Single Sign-On Security Note.

support for applying and resolving multiple IT policies to user accounts

If you assign IT policies to user accounts and groups, you can apply all the IT policies to devices. You can configure rules that the BlackBerry Enterprise Server can use to determine which IT policy rules to apply to devices and resolve any conflicts that exist between the IT policy rules and device settings.

Related reference
Next topic: Keys on a device

Was this information helpful? Send us your comments.