Help Center

Local Navigation

• IT policy rules
  • Using the BlackBerry Professional Software
  • New IT policy rules in this release
  • Policy precedence on the BlackBerry device
  • Understanding IT policy rule names and policy group names
  • Setting IT policy rules
  • Where to find descriptions of Wi-Fi IT policy rules
  • Using IT policy rules on other devices
  • Importing IT policy rules without the required minimum BlackBerry Enterprise Server software
• Descriptions of IT policy rules
  • Application Center policy group
    • Disable Application Center IT policy rule
    • Disable Carrier Directory IT policy rule
  • BlackBerry Messenger policy group
    • Disable BlackBerry Messenger IT policy rule
    • Disallow Forwarding Of Contacts IT policy rule
    • Messenger Audit Email Address IT policy rule
    • Messenger Audit Max Report Interval IT policy rule
    • Messenger Audit Report Interval IT policy rule
    • Messenger Audit UID IT policy rule
  • BlackBerry Smart Card Reader policy group
    • Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule
    • Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule
    • Force Erase Key on PC Standby IT policy rule
    • Maximum BlackBerry Disconnected Timeout IT policy rule
    • Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule
    • Maximum BlackBerry Long Term Timeout IT policy rule
    • Maximum Bluetooth Encryption Key Regeneration Period IT policy rule
    • Maximum Bluetooth Range IT policy rule
    • Maximum Connection Heartbeat Period IT policy rule
    • Maximum Number of BlackBerry Transactions IT policy rule
    • Maximum Number of PC Pairings IT policy rule
    • Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule
    • Maximum Number of PC Transactions IT policy rule
    • Maximum PC Disconnected Timeout IT policy rule
    • Maximum PC Long Term Timeout IT policy rule
    • Maximum Smart Card Not Present Timeout IT policy rule
  • BlackBerry Unite policy group
    • Disable Download Manager IT policy rule
    • Disable Unite! Applications IT policy rule
  • Bluetooth policy group
    • Allow Outgoing Calls IT policy rule
    • Disable Address Book Transfer IT policy rule
    • Disable Advanced Audio Distribution Profile IT policy rule
    • Disable Audio/Video Remote Control Profile IT policy rule
    • Disable Bluetooth IT policy rule
    • Disable Desktop Connectivity IT policy rule
    • Disable Dial-Up Networking IT policy rule
    • Disable Discoverable Mode IT policy rule
    • Disable File Transfer IT policy rule
    • Disable Handsfree Profile IT policy rule
    • Disable Headset Profile IT policy rule
    • Disable Pairing IT policy rule
    • Disable Serial Port Profile IT policy rule
    • Disable SIM Access Profile IT policy rule
    • Disable Wireless Bypass IT policy rule
    • Force CHAP Authentication on Bluetooth Link IT Policy rule
    • Limit Discoverable Time IT policy rule
    • Minimum Encryption Key Length IT policy rule
    • Require Encryption IT policy rule
    • Require LED Connection Indicator IT policy rule
    • Require Password for Discoverable Mode IT policy rule
    • Require Password for Enabling Bluetooth Support IT policy rule
  • Browser policy group
    • Allow Application Download Services IT policy rule
    • Allow Hotspot Browser IT policy rule
    • Allow IBS Browser IT policy rule
    • Disable Auto Synchronization in Browser IT policy rule
    • Disable JavaScript in Browser IT policy rule
    • Download Images URL IT policy rule
    • Download Themes URL IT policy rule
    • Download Tunes URL IT policy rule
    • MDS Browser BSM Enabled IT policy rule
    • MDS Browser Domains IT policy rule
    • MDS Browser HTML Tables Enabled IT policy rule
    • MDS Browser JavaScript Enabled IT policy rule
    • MDS Browser Style Sheets Enabled IT policy rule
    • MDS Browser Title IT policy rule
    • MDS Browser Use Separate Icon IT policy rule
  • Camera policy group
    • Disable Photo Camera IT policy rule
    • Disable Video Camera IT policy rule
  • Certificate Synchronization policy group
    • Random Source URL IT policy rule
    • User Can Disable Automatic RNG Initialization IT policy rule
  • Common policy group
    • BlackBerry Server version IT policy rule
    • Confirm On Send IT policy rule
    • Disable Kodiak PTT IT policy rule
    • Disable MMS IT policy rule
    • Disable Voice-Activated Dialing IT policy rule
    • Disable Voice Note Recording IT policy rule
    • IT Policy Notification IT policy rule
    • Lock Owner Info IT policy rule
    • Set Owner Info IT policy rule
    • Set Owner Name IT policy rule
  • Desktop Only items
    • Auto Backup Enabled IT policy rule
    • Auto Backup Exclude Messages IT policy rule
    • Auto Backup Exclude Sync IT policy rule
    • Auto Backup Frequency IT policy rule
    • Auto Backup Include All IT policy rule
    • Disable Wireless Calendar IT policy rule
    • Do Not Save Sent Messages IT policy rule
    • Force Load Count IT policy rule
    • Force Load Message IT policy rule
    • Forward Messages In Cradle IT policy rule
    • Message Conflict Mailbox Wins IT policy rule
    • Message Prompt IT policy rule
    • Show Application Loader IT policy rule
    • Show Web Link IT policy rule
    • Synchronize Messages Instead Of Importing IT policy rule
    • Web Link Label IT policy rule
    • Web Link URL IT policy rule
  • Desktop policy group
    • Desktop Allow Desktop Add-ins IT policy rule
    • Desktop Allow Device Switch IT policy rule
    • Desktop Password Cache Timeout IT policy rule
    • Disable Check For Updates Link IT policy rule
    • Disable Media Manager IT policy rule
    • Override Check For Updates URL IT policy rule
  • Device IOT Application policy group
    • Device Diagnostic App Disable IT policy rule
    • Set Diagnostic Report Email Address IT policy rule
    • Set Diagnostic Report PIN Address IT policy rule
  • Device Only Items
    • Allow BCC Recipients IT policy rule
    • Allow Peer-to-Peer Messages IT policy rule
    • Allow SMS IT policy rule
    • Default Browser Config UID IT policy rule
    • Enable Long-Term Timeout IT policy rule
    • Enable WAP Config IT policy rule
    • Home Page Address IT policy rule
    • Maximum Password Age IT policy rule
    • Home Page Address Is Read-Only IT policy rule
    • Maximum Security Timeout IT policy rule
    • Minimum Password Length IT policy rule
    • Password Pattern Checks IT policy rule
    • Password Required IT policy rule
    • User Can Change Timeout IT policy rule
    • User Can Disable Password IT policy rule
  • Documents To Go policy group
    • Disable Documents To Go IT policy rule
    • Hide Documents To Go Communication Menus IT policy rule
    • Hide Documents To Go Premium Feature Menus IT policy rule
  • Email Messaging policy group
    • Allow Auto Attachment Download IT policy rule
    • Attachment Viewing IT policy rule
    • Disable Form Submission IT policy rule
    • Disable Manual Download of External Images IT policy rule
    • Disable Notes Native Encryption Forward And Reply IT policy rule
    • Disable Rich Content Email IT policy rule
    • Enable Wireless Message Reconciliation IT policy rule
    • Inline Content Requests IT policy rule
    • Keep Message Duration IT policy rule
    • Keep Saved Message Duration IT policy rule
    • Maximum Native Attachment MFH attachment size IT policy rule
    • Maximum Native Attachment MFH total attachment size IT policy rule
    • Notes Native Encryption Password Timeout IT policy rule
    • Prepend Disclaimer IT policy rule
    • Maximum Native Attachment MTH attachment size
  • Enterprise Voice Client policy group
    • Disable DTMF Fallback IT policy rule
    • Disable Enterprise Voice Client IT policy rule
    • Lock Outgoing Line IT policy rules
    • Reject Non-Enterprise Voice Calls IT policy rule
  • Firewall policy group
    • Restrict Incoming Cellular Calls IT policy rule
    • Restrict Outgoing Cellular Calls IT policy rule
  • Global items
    • Allow Browser IT policy rule
    • Allow Phone IT policy rule
    • Auto Signature IT policy rule
  • Instant Messaging policy group
    • Disallow File Transfer Types IT policy rule
    • Disable Emailing Conversation IT policy rule
    • Disable Saving Conversation IT policy rule
  • Location Based Services policy group
    • Disable BlackBerry Maps IT policy rule
    • Enable Enterprise Location Tracking IT policy rule
    • Enterprise Location Tracking User Prompt Message IT policy rule
    • Enterprise Location Tracking Interval IT policy rule
  • MDS Integration Service policy group
    • Disable Activation With Public BlackBerry MDS Integration Service IT policy rule
    • Disable MDS Runtime IT policy rule
    • Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule
    • Lowest BlackBerry MDS Integration Service Security version Allowed IT policy rule
    • Verify BlackBerry MDS Integration Service Certificate IT policy rule
  • Memory Cleaner policy group
    • Force Memory Clean When Holstered IT policy rule
    • Force Memory Clean When Idle IT policy rule
    • Memory Cleaner Maximum Idle Time IT policy rule
  • On-Device Help policy group
    • On-Device Help Links IT policy rule
    • On-Device Help Group Label IT policy rule
  • Password policy group
    • Duress Notification Address IT policy rule
    • Forbidden Passwords IT policy rule
    • Maximum Password History IT policy rule
    • Periodic Challenge Time IT policy rule
    • Set Maximum Password Attempts IT policy rule
    • Set Password Timeout IT policy rule
    • Suppress Password Echo IT policy rule
  • PIM Synchronization policy group
    • Disable Address Wireless Synchronization IT policy rule
    • Disable All Wireless Synchronization IT policy rule
    • Disable Calendar Wireless Synchronization IT policy rule
    • Disable Enterprise Activation Progress IT policy rule
    • Disable Memopad Wireless Sync IT policy rule
    • Disable Phone Call Log Wireless Synchronization IT policy rule
    • Disable PIN Messages Wireless Synchronization IT policy rule
    • Disable SMS Messages Wireless Sync IT policy rule
    • Disable Task Wireless Sync IT policy rule
    • Disable Wireless Bulk Loads IT policy rule
  • PGP Application policy group
    • PGP Allowed Content Ciphers IT policy rule
    • PGP Allowed Encrypted Attachment Mode
    • PGP Allowed Encryption Type IT policy rule
    • PGP Blind Copy Address IT policy rule
    • PGP Force Digital Signature IT policy rule
    • PGP Force Encrypted Messages IT policy rule
    • PGP Minimum Strong DH Key Length IT policy rule
    • PGP Minimum Strong DSA Key Length IT policy rule
    • PGP Minimum Strong RSA Key Length IT policy rule
    • PGP Universal Enrollment Method IT policy rule
    • PGP Universal Policy Cache Timeout IT policy rule
    • PGP Universal Server Address IT policy rule
  • RIM Value-Added Applications policy group
    • Disable BlackBerry Wallet IT policy rule
    • Disable Ecommerce Content Optimization Engine IT policy rule
    • Disable Lotus Connections IT policy rule
    • Lotus Connections Activities Server IT policy rule
    • Lotus Connections Blogs Server IT policy rule
    • Lotus Connections Communities Server IT policy rule
    • Lotus Connections Dogear Server IT policy rule
    • Lotus Connections Profiles Server IT policy rule
  • S/MIME Application policy group
    • Entrust Messaging Server (EMS) Email Address IT policy rule
    • S/MIME Allowed Content Ciphers IT policy rule
    • S/MIME Allowed Encrypted Attachment Mode IT policy rule
    • S/MIME Allowed Encryption Types IT policy rule
    • S/MIME Blind Copy Address IT policy rule
    • S/MIME Force Digital Signature IT policy rule
    • S/MIME Force Encrypted Messages IT policy rule
    • S/MIME Force Smartcard Use IT policy rule
    • S/MIME Minimum Strong DH Key Length IT policy rule
    • S/MIME Minimum Strong ECC Key Length IT policy rule
    • S/MIME Minimum Strong DSA Key Length IT policy rule
    • S/MIME Minimum Strong RSA Key Length IT policy rule
  • Secure Email policy group
    • Canonical Certificate Domain Name IT policy rule
    • Disable Certificate Address Checks IT policy rule
  • Security policy group
    • Allow External Connections IT policy rule
    • Allow Internal Connections IT policy rule
    • Allow Outgoing Call When Locked IT policy rule
    • Allow Resetting of Idle Timer IT policy rule
    • Allow Screen Shot Capture IT policy rule
    • Allow Smart Card Password Caching IT policy rule
    • Allow Split-Pipe Connections IT policy rule
    • Allow Third Party Apps to Use Persistent Store IT policy rule
    • Allow Third Party Apps to Use Serial Port IT policy rule
    • Certificate Status Maximum Expiry Time IT policy rule
    • Content Protection Strength IT policy rule
    • Desktop Backup IT policy rule
    • Disable 3DES Transport Crypto IT policy rule
    • Disable Cut/Copy/Paste IT policy rule
    • Disable External Memory IT policy rule
    • Disable Forwarding Between Services IT policy rule
    • Disable Geo-Tagging of Photos IT policy rule
    • Disable GPS IT policy rule
    • Disable Invalid Certificate Use IT policy rule
    • Disable IP Modem IT policy rule
    • Disable Key Store Backup IT policy rule
    • Disable Key Store Low Security IT policy rule
    • Disable Media Manager FTP Access
    • Disable Message Normal Send IT policy rule
    • Disable Peer-to-Peer Normal Send IT policy rule
    • Disable Persisted Plain Text IT policy rule
    • Disable Public Photo Sharing Applications IT policy rule
    • Disable Public Social Networking Applications IT policy rule
    • Disable Radio When Cradled IT policy rule
    • Disable Revoked Certificate Use IT policy rule
    • Disable Smart Password Entry IT policy rule
    • Disable Stale Certificate Status Checks IT policy rule
    • Disable Stale Status Use IT policy rule
    • Disable Untrusted Certificate Use IT policy rule
    • Disable Unverified Certificate Use IT policy rule
    • Disable Unverified CRLs IT policy rule
    • Disable USB Mass Storage IT policy rule
    • Disable Weak Certificate Use IT policy rule
    • Disallow Third Party Application Downloads IT policy rule
    • External File System Encryption Level IT policy rule
    • FIPS Level IT policy rule
    • Firewall Block Incoming Messages IT policy rule
    • Firewall Whitelist Addresses IT policy rule
    • Force Content Protection Of Master Keys IT policy rule
    • Force Include Address Book In Content Protection IT policy rule
    • Force LED Blinking When Microphone Is On IT policy rule
    • Force Lock When Holstered IT policy rule
    • Force Smart Card Two Factor Authentication IT policy rule
    • Force Smart Card Two Factor Challenge Response IT policy rule
    • Key Store Password Maximum Timeout IT policy rule
    • Lock on Smart Card Removal IT policy rule
    • Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule
    • Message Classification IT policy rule
    • Message Classification Title IT policy rule
    • Minimal Encryption Key Store Security Level IT policy rule
    • Minimal Signing Key Store Security Level IT policy rule
    • Password Required for Application Download IT policy rule
    • Required Password Pattern IT policy rule
    • Remote Wipe Reset to Factory Defaults IT policy rule
    • Require Secure APB Messages IT policy rule
    • Secure Wipe Delay After IT Policy Received IT policy rule
    • Secure Wipe Delay After Lock IT policy rule
    • Secure Wipe if Low Battery IT policy rule
    • Security Service Colors IT policy rule
    • Security Transcoder Cod File Hashes IT policy rule
    • Trusted Certificate Thumbprints IT policy rule
    • Weak Digest Algorithms IT policy rule
  • Service Exclusivity policy group
    • Allow Other Browser Services IT policy rule
    • Allow Other Calendar Services IT policy rule
    • Allow Other Message Services IT policy rule
    • Allow Public AIM Services IT policy rule
    • Allow Public Google Talk Services IT policy rule
    • Allow Public ICQ Services IT policy rule
    • Allow Public IM Services IT policy rule
    • Allow Public WLM Services IT policy rule
    • Allow Public Yahoo! Messenger Services IT policy rule
  • SIM Application Toolkit policy group
    • Disable Network Location Query IT policy rule
    • Disable SIM Call Control IT policy rule
    • Disable SIM Originated Calls IT policy rule
  • Smart Dialing policy group
    • Enable Smart Dialing Policy IT policy rule
    • Set Local Area Code IT policy rule
    • Set Local Country Code IT policy rule
    • Set National Number Length IT policy rule
    • Smart Dialing Allow Device Changes IT policy rule
  • TCP policy group
    • TCP APN IT policy rule
    • TCP Password IT policy rule
    • TCP Username IT policy rule
  • TLS policy group
    • TLS Device Side Only IT policy rule
    • TLS Disable Invalid Connection IT policy rule
    • TLS Disable Untrusted Connection IT policy rule
    • TLS Disable Weak Ciphers IT policy rule
    • TLS Minimum Strong DH Key Length IT policy rule
    • TLS Minimum Strong DSA Key Length IT policy rule
    • TLS Minimum Strong ECC Key Length IT policy rule
    • TLS Minimum Strong RSA Key Length IT policy rule
    • TLS Restrict FIPS Ciphers IT policy rule
  • Wireless Software Upgrades policy group
    • Allow Non Enterprise Upgrade IT policy rule
    • Disallow Device User Requested Rollback IT policy rule
    • Disallow Device User Requested Upgrade
    • Disallow Patch Download Over International Roaming WAN IT policy rule
    • Disallow Patch Download Over Roaming WAN IT policy rule
    • Disallow Patch Download Over WAN IT policy rule
    • Disallow Patch Download Over WiFi IT policy rule
  • WTLS policy group
    • WTLS Disable Invalid Connection IT policy rule
    • WTLS Disable Untrusted Connection IT policy rule
    • WTLS Disable Weak Ciphers IT policy rule
    • WTLS Minimum Strong DH Key Length IT policy rule
    • WTLS Minimum Strong ECC Key Length IT policy rule
    • WTLS Minimum Strong RSA Key Length IT policy rule
    • WTLS Restrict FIPS Ciphers IT policy rule
• Application control policy rules
  • Understanding application control policies
  • Setting application control policy rules
• Descriptions of application control policy rules
  • Security Data application control policy rule
  • BlackBerry Device Keystore Medium Security application control policy rule
  • Bluetooth Serial Profile application control policy rule
  • Browser Filter Domains application control policy rule
  • Browser Filters application control policy rule
  • Device GPS application control policy rule
  • Disposition application control policy rule
  • Event Injection application control policy rule
  • External Domains application control policy rule
  • External Network Connections application control policy rule
  • Internal Domains application control policy rule
  • Internal Network Connections application control policy rule
  • Cross Application Communication application control policy rule
  • Local Connections application control policy rule
  • Message Access application control policy rule
  • Phone Access application control policy rule
  • Organizer Data Access application control policy rule
  • Themes application control policy rule
  • User Authenticator application control policy rule
• BlackBerry MDS Services policy rules
  • Configuring how users access and use BlackBerry MDS Runtime Applications
• Descriptions of BlackBerry MDS Services policy rules
  • Allow Runtime Upgrade By User BlackBerry MDS Services rule
  • Allow Discovery by User BlackBerry MDS Services rule
  • Allow Application Install by User BlackBerry MDS Services rule
  • Allow Push Application Install BlackBerry MDS Services rule
  • Allow Application Delete by User BlackBerry MDS Services rule
  • Allow External Access BlackBerry MDS Services rule
  • Allow Access to Multiple Domains BlackBerry MDS Services rule
  • Queue Limit for Inbound Application Messages BlackBerry MDS Services rule
  • Queue Limit for Outbound Application Messages BlackBerry MDS Services rule
• Examples of security policy goals
  • Defining acceptable use of passwords and passphrases on BlackBerry devices
  • Defining measures to protect BlackBerry devices from unauthorized use
  • Defining the encryption strength that the BlackBerry device uses to protect data
    • Restricting unsecured messaging
  • Defining measures to prevent threats from viruses and malicious users
    • Limiting the resources that third-party applications installed on BlackBerry devices can access
    • Limiting user control of third-party applications on BlackBerry devices
  • Preventing RIM value-added applications from running on BlackBerry devices
  • Example application control policies
    • Blocking all third-party applications
    • Block all third-party applications
    • Permitting specific third-party applications
    • Permit a specific third-party application while blocking all other third-party applications
    • Controlling the behavior of third-party applications
    • Assign a default application control policy to control the behavior of allowed third-party applications
• Legal notice