Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
Connecting BlackBerry UEM to Microsoft Entra ID
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
Integrating BlackBerry UEM with Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

Configure
Entra ID
conditional access

Verify that you have a

Microsoft

account with an

Intune

license and with one of the following permissions in the

Entra

portal: global administrator, limited administrator with the Intune Service administrator role, or a custom role with the permissions described in KB 50341.

In the

Microsoft

Endpoint Manager admin center, in the section for Partner Compliance Management, add

BlackBerry UEM Azure Conditional Access

as a compliance partner for

iOS

and

Android

devices and assign it to users and groups.

To use this feature, device users must meet the following requirements:

Users must exist in

Entra ID

and must have a valid

Intune

license. For more information, see Microsoft Intune licenses.

If you synchronize your on-premises

Active Directory

with

Entra ID

, users’ on-premises

Active Directory

UPN must match their

Entra ID

UPN.

Users must be added to

UEM

as directory users.

Users must have both the

Microsoft Authenticator

app and the

UEM Client

installed on their devices.

In the

UEM

management console, on the menu bar, click

Settings > External integration > Azure Active Directory Conditional Access

Click

Type a name for the configuration.

In the

Azure cloud

drop-down list, click

GLOBAL

In the

Azure tenant ID

field, type your organization’s tenant name in FQDN format or unique tenant ID in GUID format.

Under

Device mapping override

, click

UPN

If you choose UPN, verify that the

Entra ID

tenant and all mapped directories share the same UPN value for users before you save the connection. After you save the connection, you cannot change the device mapping override.

In the

Available company directories

list, select and add the appropriate company directories.

Click

Save

Select the administrator account that you want to use to log in to your organization's

Entra

tenant.

Accept the

Microsoft

permission request.

On the menu bar, click

Policies and Profiles > Policy > BlackBerry Dynamics

. Perform the following steps for any BlackBerry Dynamics profile that you plan to assign to device users (for example, the default profile and any custom profiles).

Open and edit the profile.

Select

Enable UEM Client to enroll in BlackBerry Dynamics

Click

Save

Assign the profile to users and groups as necessary.

On the menu bar, click

Policies and Profiles > Networks and Connections > BlackBerry Dynamics connectivity

. Perform the following steps for any BlackBerry Dynamics connectivity profile that you plan to assign to device users (for example, the default profile and any custom profiles).

Open and edit the profile.

In the

App servers

section, click

Add

Search for and click

Feature - Azure Conditional Access

Click

Save

In the

Azure Conditional Access

table, click The Add icon.

In the

Server

field, type

gdas-<UEM_SRP_ID>.<region_code>.bbsecure.com

In the

Port

field, type 443.

Under

Route type

, click

Direct

Click

Save

Assign the profile to users and groups as necessary.

Assign the

Feature – Azure Conditional Access

app to users or groups. For more information, see Manage user accounts and Manage a user group.

When a user activates their device, they are prompted to register with

Active Directory

conditional access. Users with activated devices are prompted to register with

Active Directory

conditional access the next time they open the

UEM Client

When you remove a device from

UEM

, the device remains registered for

Entra ID

conditional access. Users can remove their

Entra ID

account from the account settings in the

Microsoft Authenticator

app, or you can remove the device from the

Entra

portal.

Section:

Configuring BlackBerry UEM as an Intune compliance partner in Entra

Configure Entra ID conditional access

Configure
Entra ID
conditional access