Help Center
Local Navigation
- IT policy rules
- Using the BlackBerry Professional Software
- New IT policy rules in this release
- Policy precedence on the BlackBerry device
- Understanding IT policy rule names and policy group names
- Setting IT policy rules
- Where to find descriptions of Wi-Fi IT policy rules
- Using IT policy rules on other devices
- Importing IT policy rules without the required minimum BlackBerry Enterprise Server software
- Descriptions of IT policy rules
- Application Center policy group
- BlackBerry Messenger policy group
- BlackBerry Smart Card Reader policy group
- Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule
- Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule
- Force Erase Key on PC Standby IT policy rule
- Maximum BlackBerry Disconnected Timeout IT policy rule
- Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule
- Maximum BlackBerry Long Term Timeout IT policy rule
- Maximum Bluetooth Encryption Key Regeneration Period IT policy rule
- Maximum Bluetooth Range IT policy rule
- Maximum Connection Heartbeat Period IT policy rule
- Maximum Number of BlackBerry Transactions IT policy rule
- Maximum Number of PC Pairings IT policy rule
- Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule
- Maximum Number of PC Transactions IT policy rule
- Maximum PC Disconnected Timeout IT policy rule
- Maximum PC Long Term Timeout IT policy rule
- Maximum Smart Card Not Present Timeout IT policy rule
- BlackBerry Unite policy group
- Bluetooth policy group
- Allow Outgoing Calls IT policy rule
- Disable Address Book Transfer IT policy rule
- Disable Advanced Audio Distribution Profile IT policy rule
- Disable Audio/Video Remote Control Profile IT policy rule
- Disable Bluetooth IT policy rule
- Disable Desktop Connectivity IT policy rule
- Disable Dial-Up Networking IT policy rule
- Disable Discoverable Mode IT policy rule
- Disable File Transfer IT policy rule
- Disable Handsfree Profile IT policy rule
- Disable Headset Profile IT policy rule
- Disable Pairing IT policy rule
- Disable Serial Port Profile IT policy rule
- Disable SIM Access Profile IT policy rule
- Disable Wireless Bypass IT policy rule
- Force CHAP Authentication on Bluetooth Link IT Policy rule
- Limit Discoverable Time IT policy rule
- Minimum Encryption Key Length IT policy rule
- Require Encryption IT policy rule
- Require LED Connection Indicator IT policy rule
- Require Password for Discoverable Mode IT policy rule
- Require Password for Enabling Bluetooth Support IT policy rule
- Browser policy group
- Allow Application Download Services IT policy rule
- Allow Hotspot Browser IT policy rule
- Allow IBS Browser IT policy rule
- Disable Auto Synchronization in Browser IT policy rule
- Disable JavaScript in Browser IT policy rule
- Download Images URL IT policy rule
- Download Themes URL IT policy rule
- Download Tunes URL IT policy rule
- MDS Browser BSM Enabled IT policy rule
- MDS Browser Domains IT policy rule
- MDS Browser HTML Tables Enabled IT policy rule
- MDS Browser JavaScript Enabled IT policy rule
- MDS Browser Style Sheets Enabled IT policy rule
- MDS Browser Title IT policy rule
- MDS Browser Use Separate Icon IT policy rule
- Camera policy group
- Certificate Synchronization policy group
- Common policy group
- BlackBerry Server version IT policy rule
- Confirm On Send IT policy rule
- Disable Kodiak PTT IT policy rule
- Disable MMS IT policy rule
- Disable Voice-Activated Dialing IT policy rule
- Disable Voice Note Recording IT policy rule
- IT Policy Notification IT policy rule
- Lock Owner Info IT policy rule
- Set Owner Info IT policy rule
- Set Owner Name IT policy rule
- Desktop Only items
- Auto Backup Enabled IT policy rule
- Auto Backup Exclude Messages IT policy rule
- Auto Backup Exclude Sync IT policy rule
- Auto Backup Frequency IT policy rule
- Auto Backup Include All IT policy rule
- Disable Wireless Calendar IT policy rule
- Do Not Save Sent Messages IT policy rule
- Force Load Count IT policy rule
- Force Load Message IT policy rule
- Forward Messages In Cradle IT policy rule
- Message Conflict Mailbox Wins IT policy rule
- Message Prompt IT policy rule
- Show Application Loader IT policy rule
- Show Web Link IT policy rule
- Synchronize Messages Instead Of Importing IT policy rule
- Web Link Label IT policy rule
- Web Link URL IT policy rule
- Desktop policy group
- Device IOT Application policy group
- Device Only Items
- Allow BCC Recipients IT policy rule
- Allow Peer-to-Peer Messages IT policy rule
- Allow SMS IT policy rule
- Default Browser Config UID IT policy rule
- Enable Long-Term Timeout IT policy rule
- Enable WAP Config IT policy rule
- Home Page Address IT policy rule
- Maximum Password Age IT policy rule
- Home Page Address Is Read-Only IT policy rule
- Maximum Security Timeout IT policy rule
- Minimum Password Length IT policy rule
- Password Pattern Checks IT policy rule
- Password Required IT policy rule
- User Can Change Timeout IT policy rule
- User Can Disable Password IT policy rule
- Documents To Go policy group
- Email Messaging policy group
- Allow Auto Attachment Download IT policy rule
- Attachment Viewing IT policy rule
- Disable Form Submission IT policy rule
- Disable Manual Download of External Images IT policy rule
- Disable Notes Native Encryption Forward And Reply IT policy rule
- Disable Rich Content Email IT policy rule
- Enable Wireless Message Reconciliation IT policy rule
- Inline Content Requests IT policy rule
- Keep Message Duration IT policy rule
- Keep Saved Message Duration IT policy rule
- Maximum Native Attachment MFH attachment size IT policy rule
- Maximum Native Attachment MFH total attachment size IT policy rule
- Notes Native Encryption Password Timeout IT policy rule
- Prepend Disclaimer IT policy rule
- Maximum Native Attachment MTH attachment size
- Enterprise Voice Client policy group
- Firewall policy group
- Global items
- Instant Messaging policy group
- Location Based Services policy group
- MDS Integration Service policy group
- Disable Activation With Public BlackBerry MDS Integration Service IT policy rule
- Disable MDS Runtime IT policy rule
- Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule
- Lowest BlackBerry MDS Integration Service Security version Allowed IT policy rule
- Verify BlackBerry MDS Integration Service Certificate IT policy rule
- Memory Cleaner policy group
- On-Device Help policy group
- Password policy group
- PIM Synchronization policy group
- Disable Address Wireless Synchronization IT policy rule
- Disable All Wireless Synchronization IT policy rule
- Disable Calendar Wireless Synchronization IT policy rule
- Disable Enterprise Activation Progress IT policy rule
- Disable Memopad Wireless Sync IT policy rule
- Disable Phone Call Log Wireless Synchronization IT policy rule
- Disable PIN Messages Wireless Synchronization IT policy rule
- Disable SMS Messages Wireless Sync IT policy rule
- Disable Task Wireless Sync IT policy rule
- Disable Wireless Bulk Loads IT policy rule
- PGP Application policy group
- PGP Allowed Content Ciphers IT policy rule
- PGP Allowed Encrypted Attachment Mode
- PGP Allowed Encryption Type IT policy rule
- PGP Blind Copy Address IT policy rule
- PGP Force Digital Signature IT policy rule
- PGP Force Encrypted Messages IT policy rule
- PGP Minimum Strong DH Key Length IT policy rule
- PGP Minimum Strong DSA Key Length IT policy rule
- PGP Minimum Strong RSA Key Length IT policy rule
- PGP Universal Enrollment Method IT policy rule
- PGP Universal Policy Cache Timeout IT policy rule
- PGP Universal Server Address IT policy rule
- RIM Value-Added Applications policy group
- Disable BlackBerry Wallet IT policy rule
- Disable Ecommerce Content Optimization Engine IT policy rule
- Disable Lotus Connections IT policy rule
- Lotus Connections Activities Server IT policy rule
- Lotus Connections Blogs Server IT policy rule
- Lotus Connections Communities Server IT policy rule
- Lotus Connections Dogear Server IT policy rule
- Lotus Connections Profiles Server IT policy rule
- S/MIME Application policy group
- Entrust Messaging Server (EMS) Email Address IT policy rule
- S/MIME Allowed Content Ciphers IT policy rule
- S/MIME Allowed Encrypted Attachment Mode IT policy rule
- S/MIME Allowed Encryption Types IT policy rule
- S/MIME Blind Copy Address IT policy rule
- S/MIME Force Digital Signature IT policy rule
- S/MIME Force Encrypted Messages IT policy rule
- S/MIME Force Smartcard Use IT policy rule
- S/MIME Minimum Strong DH Key Length IT policy rule
- S/MIME Minimum Strong ECC Key Length IT policy rule
- S/MIME Minimum Strong DSA Key Length IT policy rule
- S/MIME Minimum Strong RSA Key Length IT policy rule
- Secure Email policy group
- Security policy group
- Allow External Connections IT policy rule
- Allow Internal Connections IT policy rule
- Allow Outgoing Call When Locked IT policy rule
- Allow Resetting of Idle Timer IT policy rule
- Allow Screen Shot Capture IT policy rule
- Allow Smart Card Password Caching IT policy rule
- Allow Split-Pipe Connections IT policy rule
- Allow Third Party Apps to Use Persistent Store IT policy rule
- Allow Third Party Apps to Use Serial Port IT policy rule
- Certificate Status Maximum Expiry Time IT policy rule
- Content Protection Strength IT policy rule
- Desktop Backup IT policy rule
- Disable 3DES Transport Crypto IT policy rule
- Disable Cut/Copy/Paste IT policy rule
- Disable External Memory IT policy rule
- Disable Forwarding Between Services IT policy rule
- Disable Geo-Tagging of Photos IT policy rule
- Disable GPS IT policy rule
- Disable Invalid Certificate Use IT policy rule
- Disable IP Modem IT policy rule
- Disable Key Store Backup IT policy rule
- Disable Key Store Low Security IT policy rule
- Disable Media Manager FTP Access
- Disable Message Normal Send IT policy rule
- Disable Peer-to-Peer Normal Send IT policy rule
- Disable Persisted Plain Text IT policy rule
- Disable Public Photo Sharing Applications IT policy rule
- Disable Public Social Networking Applications IT policy rule
- Disable Radio When Cradled IT policy rule
- Disable Revoked Certificate Use IT policy rule
- Disable Smart Password Entry IT policy rule
- Disable Stale Certificate Status Checks IT policy rule
- Disable Stale Status Use IT policy rule
- Disable Untrusted Certificate Use IT policy rule
- Disable Unverified Certificate Use IT policy rule
- Disable Unverified CRLs IT policy rule
- Disable USB Mass Storage IT policy rule
- Disable Weak Certificate Use IT policy rule
- Disallow Third Party Application Downloads IT policy rule
- External File System Encryption Level IT policy rule
- FIPS Level IT policy rule
- Firewall Block Incoming Messages IT policy rule
- Firewall Whitelist Addresses IT policy rule
- Force Content Protection Of Master Keys IT policy rule
- Force Include Address Book In Content Protection IT policy rule
- Force LED Blinking When Microphone Is On IT policy rule
- Force Lock When Holstered IT policy rule
- Force Smart Card Two Factor Authentication IT policy rule
- Force Smart Card Two Factor Challenge Response IT policy rule
- Key Store Password Maximum Timeout IT policy rule
- Lock on Smart Card Removal IT policy rule
- Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule
- Message Classification IT policy rule
- Message Classification Title IT policy rule
- Minimal Encryption Key Store Security Level IT policy rule
- Minimal Signing Key Store Security Level IT policy rule
- Password Required for Application Download IT policy rule
- Required Password Pattern IT policy rule
- Remote Wipe Reset to Factory Defaults IT policy rule
- Require Secure APB Messages IT policy rule
- Secure Wipe Delay After IT Policy Received IT policy rule
- Secure Wipe Delay After Lock IT policy rule
- Secure Wipe if Low Battery IT policy rule
- Security Service Colors IT policy rule
- Security Transcoder Cod File Hashes IT policy rule
- Trusted Certificate Thumbprints IT policy rule
- Weak Digest Algorithms IT policy rule
- Service Exclusivity policy group
- Allow Other Browser Services IT policy rule
- Allow Other Calendar Services IT policy rule
- Allow Other Message Services IT policy rule
- Allow Public AIM Services IT policy rule
- Allow Public Google Talk Services IT policy rule
- Allow Public ICQ Services IT policy rule
- Allow Public IM Services IT policy rule
- Allow Public WLM Services IT policy rule
- Allow Public Yahoo! Messenger Services IT policy rule
- SIM Application Toolkit policy group
- Smart Dialing policy group
- TCP policy group
- TLS policy group
- TLS Device Side Only IT policy rule
- TLS Disable Invalid Connection IT policy rule
- TLS Disable Untrusted Connection IT policy rule
- TLS Disable Weak Ciphers IT policy rule
- TLS Minimum Strong DH Key Length IT policy rule
- TLS Minimum Strong DSA Key Length IT policy rule
- TLS Minimum Strong ECC Key Length IT policy rule
- TLS Minimum Strong RSA Key Length IT policy rule
- TLS Restrict FIPS Ciphers IT policy rule
- Wireless Software Upgrades policy group
- Allow Non Enterprise Upgrade IT policy rule
- Disallow Device User Requested Rollback IT policy rule
- Disallow Device User Requested Upgrade
- Disallow Patch Download Over International Roaming WAN IT policy rule
- Disallow Patch Download Over Roaming WAN IT policy rule
- Disallow Patch Download Over WAN IT policy rule
- Disallow Patch Download Over WiFi IT policy rule
- WTLS policy group
- WTLS Disable Invalid Connection IT policy rule
- WTLS Disable Untrusted Connection IT policy rule
- WTLS Disable Weak Ciphers IT policy rule
- WTLS Minimum Strong DH Key Length IT policy rule
- WTLS Minimum Strong ECC Key Length IT policy rule
- WTLS Minimum Strong RSA Key Length IT policy rule
- WTLS Restrict FIPS Ciphers IT policy rule
- Application control policy rules
- Descriptions of application control policy rules
- Security Data application control policy rule
- BlackBerry Device Keystore Medium Security application control policy rule
- Bluetooth Serial Profile application control policy rule
- Browser Filter Domains application control policy rule
- Browser Filters application control policy rule
- Device GPS application control policy rule
- Disposition application control policy rule
- Event Injection application control policy rule
- External Domains application control policy rule
- External Network Connections application control policy rule
- Internal Domains application control policy rule
- Internal Network Connections application control policy rule
- Cross Application Communication application control policy rule
- Local Connections application control policy rule
- Message Access application control policy rule
- Phone Access application control policy rule
- Organizer Data Access application control policy rule
- Themes application control policy rule
- User Authenticator application control policy rule
- BlackBerry MDS Services policy rules
- Descriptions of BlackBerry MDS Services policy rules
- Allow Runtime Upgrade By User BlackBerry MDS Services rule
- Allow Discovery by User BlackBerry MDS Services rule
- Allow Application Install by User BlackBerry MDS Services rule
- Allow Push Application Install BlackBerry MDS Services rule
- Allow Application Delete by User BlackBerry MDS Services rule
- Allow External Access BlackBerry MDS Services rule
- Allow Access to Multiple Domains BlackBerry MDS Services rule
- Queue Limit for Inbound Application Messages BlackBerry MDS Services rule
- Queue Limit for Outbound Application Messages BlackBerry MDS Services rule
- Examples of security policy goals
- Defining acceptable use of passwords and passphrases on BlackBerry devices
- Defining measures to protect BlackBerry devices from unauthorized use
- Defining the encryption strength that the BlackBerry device uses to protect data
- Defining measures to prevent threats from viruses and malicious users
- Preventing RIM value-added applications from running on BlackBerry devices
- Example application control policies
- Blocking all third-party applications
- Block all third-party applications
- Permitting specific third-party applications
- Permit a specific third-party application while blocking all other third-party applications
- Controlling the behavior of third-party applications
- Assign a default application control policy to control the behavior of allowed third-party applications
- Legal notice
BlackBerry Manuals & Help
>
Administrator Documentation
>
BlackBerry Enterprise Server 5 Security
>
Policy Reference Guide
BlackBerry Enterprise Solution Security - 4.1.6
Understanding application control policies
The BlackBerry® Enterprise Server application control policy rules are designed to allow or prevent the installation of specific third-party applications on the BlackBerry device, and to limit the permissions of third-party applications that are installed on the BlackBerry device.
After you assign a software configuration to a BlackBerry device, you can set the BlackBerry Enterprise Server to send the software configuration to the BlackBerry device over the wireless network. The user can use the application loader tool of the BlackBerry® Desktop Manager to install or upgrade to the BlackBerry® Device Software in the software configuration.
To control or change the behavior of third-party applications on the BlackBerry device, you can set an application control policy and assign values to the application control policy rules. If a default application control policy does not exist, the user can change some application control settings on the BlackBerry device. If a default application control policy exists, the user cannot change the application control settings.
Parent topic: Application control policy rules