New in this release
This document describes the security features that the BlackBerry® Enterprise Server version 5.0 SP2, BlackBerry® Desktop Software version 5.0, BlackBerry® Device Software version 5.0, and BlackBerry® Smart Card Reader version 2.0 support, unless otherwise stated.
|
Feature |
Description |
|---|---|
|
BlackBerry MDS Connection Service integrated authentication |
When BlackBerry device users want to access your organization's resources from BlackBerry devices, you can configure the BlackBerry MDS Connection Service to authenticate users with your organization's network automatically using their Windows® accounts. For more information about configuring BlackBerry MDS Connection Service integrated authentication, see the BlackBerry MDS Connection Service Integrated Authentication Security Note. |
|
default groups with preconfigured roles |
The BlackBerry Administration Service includes new default groups that have preconfigured roles and that you can add different types of administrator accounts to. The default groups help make sure that users without administrative privileges cannot escalate their permissions. For example, junior administrators cannot change their roles to senior administrator roles. The group names are Administrators, Help desk representatives, and BlackBerry Web Desktop Manager users. For more information about roles and groups, see the BlackBerry Enterprise Server Administration Guide. For more information about upgrade implications, see the BlackBerry Enterprise Server Upgrade Guide. |
enhancements to S/MIME encryption |
The BlackBerry Enterprise Server includes the following enhancements to S/MIME encryption:
For more information about configuring S/MIME, see the BlackBerry Enterprise Server Administration Guide. |
|
new IT policy rules |
For information about new IT policy groups and IT policy rules, visit www.blackberry.com/go/serverdocs to see the BlackBerry Enterprise Server Policy Reference Guide. |
|
new preconfigured IT policy |
The BlackBerry Enterprise Server includes a new preconfigured IT policy called the Individual-Liable Devices IT policy. You can use the Individual-Liable Devices IT policy if your organization includes users who purchase their own devices and connect the devices to a BlackBerry Enterprise Server instance in your organization's environment. |
|
RSA® authentication for specific intranet sites |
You can configure the intranet sites that users must use RSA authentication to access. For more information about configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager, see the BlackBerry Enterprise Server Administration Guide. |
|
single sign-on authentication |
You can configure the BlackBerry Administration Service to log administrators or users in to the BlackBerry Administration Service and BlackBerry Web Desktop Manager automatically using their Windows accounts. For more information about configuring BlackBerry Administration Service single sign-on, see the BlackBerry Administration Service Single Sign-On Security Note. |
|
support for applying and resolving multiple IT policies to user accounts |
If you assign IT policies to user accounts and groups, you can apply all the IT policies to devices. You can configure rules that the BlackBerry Enterprise Server can use to determine which IT policy rules to apply to devices and resolve any conflicts that exist between the IT policy rules and device settings. |