Preconfigured IT policies
The BlackBerry® Enterprise Server includes the following preconfigured IT policies that you can change to create IT policies that meet the requirements of your organization.
|
Preconfigured IT policy |
Description |
|---|---|
|
Default |
This policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server. |
|
Individual-Liable Devices |
Similar to the Default IT policy, this policy prevents BlackBerry device users from accessing organizer data from within the social networking applications on their BlackBerry devices. This policy permits users to access their personal calendar services and email messaging services (for example, their BlackBerry® Internet Service accounts), update the BlackBerry® Device Software using methods that exist outside your organization, make calls when devices are locked, and cut, copy, and paste text. Users cannot forward email messages from one email messaging service to another. You can use the Individual-Liable Devices IT policy if your organization includes users who purchase their own devices and connect the devices to a BlackBerry Enterprise Server instance in your organization's environment. |
|
Basic Password Security |
Similar to the Default IT policy, this policy also requires a basic password that users can use to unlock their devices. Users must change the passwords regularly. The IT policy includes a password timeout that locks devices. |
|
Medium Password Security |
Similar to the Default IT policy, this policy also requires a complex password that users can use to unlock their devices. Users must change the passwords regularly. This policy includes a maximum password history and turns off Bluetooth® technology on devices. |
|
Medium Security with No 3rd Party Applications |
Similar to the Medium Password Security, this policy requires a complex password that a user must change frequently, a security timeout, and a maximum password history. This policy prevents users from making their devices discoverable by other Bluetooth enabled devices and prevents devices from downloading third-party applications. |
|
Advanced Security |
Similar to the Default IT policy, this IT policy also requires a complex password that users must change frequently, a password timeout that locks devices, and a maximum password history. This policy restricts Bluetooth technology on devices, turns on strong content protection, turns off USB mass storage, and requires devices to encrypt external file systems. |
|
Advanced Security with No 3rd Party Applications |
Similar to the Advanced Security IT policy, this IT policy requires a complex password that users must change frequently, a password timeout that locks devices, and a maximum password history. This policy restricts Bluetooth technology on devices, turns on strong content protection, turns off USB mass storage, requires devices to encrypt external file systems, and prevents devices from downloading third-party applications. |
Default values for preconfigured IT policies
You can configure additional IT policy rules in the preconfigured IT policies or change any of the following values:
|
IT policy rule |
Default IT policy |
Individual-Liable Device IT policy |
Basic Password Security IT policy |
Medium Password Security IT policy |
Medium Password Security with No 3rd Party Applications IT policy |
Advanced Security IT policy |
Advanced Security with No 3rd Party Applications IT policy |
|---|---|---|---|---|---|---|---|
|
Device-Only Items |
|||||||
|
Enable Long-Term Timeout |
— |
— |
— |
Yes |
Yes |
Yes |
Yes |
|
Maximum Security Timeout |
— |
— |
30 minutes |
10 minutes |
10 minutes |
10 minutes |
10 minutes |
|
Maximum Password Age |
— |
— |
60 days |
30 days |
30 days |
30 days |
30 days |
|
Password Pattern Checks |
no restriction |
— |
no restriction |
at least 1 alpha and 1 numeric character |
at least 1 alpha and 1 numeric character |
at least 1 alpha and 1 numeric character |
at least 1 alpha and 1 numeric character |
|
Password Required |
No |
— |
Yes |
Yes |
Yes |
Yes |
Yes |
|
User Can Change Timeout |
Yes |
— |
Yes |
Yes |
Yes |
Yes |
Yes |
|
User Can Disable Password |
Yes |
— |
No |
No |
No |
No |
No |
|
Password policy group |
|||||||
|
Maximum Password History |
— |
— |
— |
6 |
6 |
6 |
6 |
|
RIM Value-Added Applications policy group |
|||||||
|
Disable Organizer Data Access for Social Networking Applications |
Yes |
Yes |
— |
— |
— |
— |
— |
|
Security policy group |
|||||||
|
Allow Outgoing Call When Locked |
No |
Yes |
— |
— |
— |
— |
— |
|
Content Protection Strength |
— |
— |
— |
— |
— |
Strong |
Strong |
|
Disable Cut/Copy/Paste |
No |
No |
— |
— |
— |
— |
— |
|
Disable Forwarding Between Services |
No |
Yes |
— |
— |
— |
— |
— |
|
Disable USB Mass Storage |
No |
— |
— |
— |
— |
Yes |
Yes |
|
Disallow Third Party Application Download |
No |
— |
— |
— |
Yes |
— |
Yes |
|
External File System Encryption level |
Not required |
— |
— |
— |
— |
Encrypt to user password (excluding multimedia directories) |
Encrypt to user password (excluding multimedia directories) |
|
Force Lock When Holstered |
No |
— |
— |
Yes |
Yes |
Yes |
Yes |
|
Reset to Factory Defaults on Wipe |
No |
Yes |
— |
— |
— |
— |
— |
|
Service Exclusivity policy group |
|||||||
|
Allow Other Calendar Services |
Yes |
Yes |
— |
— |
— |
— |
— |
|
Allow Other Message Services |
Yes |
Yes |
— |
— |
— |
— |
— |
|
Disable Address Book Transfer |
No |
— |
— |
— |
— |
Yes |
Yes |
|
Disable Discoverable Mode |
No |
— |
— |
Yes |
Yes |
Yes |
Yes |
|
Disable File Transfer |
No |
— |
— |
— |
— |
Yes |
Yes |
|
Disable Serial Port Profile |
No |
— |
— |
— |
— |
Yes |
Yes |
|
Require LED Connection Indicator |
No |
— |
— |
— |
— |
Yes |
Yes |
|
Wi-Fi Allow Handheld Changes |
Yes |
— |
No |
No |
No |
No |
No |
|
Wireless Software Upgrades policy group |
|||||||
|
Allow Non Enterprise Upgrade |
No |
Yes |
— |
— |
— |
— |
— |