New in this release

This document describes the security features that the BlackBerry® Enterprise Server version 5.0 SP3, BlackBerry® Desktop Software version 6.0, BlackBerry® 7, and BlackBerry® Smart Card Reader version 2.0 support, unless otherwise stated.

Feature

Description

enhancements to highly secure messaging

In a Microsoft® Exchange environment, BlackBerry device users that have S/MIME encryption enabled on their BlackBerry devices can send or forward email messages that contain attachments, in signed, encrypted, or signed and encrypted format.

This feature will be supported in an upcoming release of BlackBerry Device Software.

enhancements to the BlackBerry Administration Service

The BlackBerry Administration Service includes the following enhancements:
  • ability for you to delete only work data from devices
  • two new permissions that allow you to delete data from devices: "Delete all device data and remove device" and "Delete only the organization data and remove device" permissions
  • option for you to delete or disable a user account from the BlackBerry Enterprise Server after you delete only work data or all data from devices
  • the "Edit a device" permission no longer permits you to delete all device data
  • option for the BlackBerry Administration Service to automatically discover and authenticate with proxy servers

new IT policy rules

For information about new IT policy groups and IT policy rules, see the BlackBerry Enterprise Server Policy Reference Guide.

discontinued BlackBerry MDS Integration Service

The BlackBerry MDS Integration Service is no longer in production. The setup application removes the BlackBerry MDS Integration Service when you upgrade the BlackBerry Enterprise Server.

support for assigning additional configurations to groups

You can assign VPN profiles and Wi-Fi® profiles to groups using the same method that you use to assign IT policies, software configurations, and roles to groups.

new application control policy rules

The BlackBerry Enterprise Server includes the following new application control policy rules:

  • The "Is access to the corporate data API allowed" application control policy rule specifies whether a third-party application or an add-on application developed by RIM can access work data on a device.
  • The "Is Access to NFC Allowed" application control policy rule specifies whether an application can access NFC features on a device.
  • The "Is Access to the Secure Element Allowed" application control policy rule specifies whether an application can access the secure element on a device.

permitting TLS connections to websites that use invalid certificates

If a user visits a web site that presents an invalid certificate, the device provides the user with the option to continue and add the website to the Server Exceptions list in the TLS settings on the device.

Next topic: Keys on a device

Was this information helpful? Send us your comments.