Skip Navigation

Using
BlackBerry Secure Connect Plus
for connections to work resources

BlackBerry Secure Connect Plus
is a
BlackBerry UEM
component that provides a secure IP tunnel between apps and your organization's network:
  • For
    Android Enterprise
    devices, all work apps use the secure tunnel.
  • For
    Samsung Knox Workspace
    devices and
    Samsung Knox
    devices with
    Android Enterprise
    activations, you can allow all work space apps to use the tunnel or specify apps using per-app VPN.
  • For
    iOS
    and
    iPadOS
    devices, you can allow all apps to use the tunnel or specify apps using per-app VPN.
If
BlackBerry Secure Connect Plus
is not available in your region, you must manually disable it for
Android
devices in the Enterprise connectivity profile.
The secure IP tunnel gives users access to work resources behind your organization’s firewall while ensuring the security of data using standard protocols and end-to-end encryption.
BlackBerry Secure Connect Plus
and a supported device establish a secure IP tunnel when it is the best available option for connecting to the organization’s network. If a device is assigned a
Wi-Fi
profile or VPN profile, and the device can access the work
Wi-Fi
network or VPN, the device uses those methods to connect to the network. If those options are not available (for example, if the user is not in range of the work
Wi-Fi
network), then
BlackBerry Secure Connect Plus
and the device establish a secure IP tunnel.
If you configure per-app VPN for
BlackBerry Secure Connect Plus
for
iOS
and
iPadOS
devices, the configured apps always use a secure tunnel connection through
BlackBerry Secure Connect Plus
, even if the app can connect to the work
Wi-Fi
network or the VPN specified in a VPN profile.
Supported devices communicate with
BlackBerry UEM
to establish the secure tunnel through the
BlackBerry Infrastructure
. One tunnel is established for each device. The tunnel supports standard IPv4 protocols (TCP and UDP) and the IP traffic that is sent between devices and
UEM
is encrypted end-to-end using AES256. As long as the tunnel is open, apps can access network resources. When the tunnel is no longer required (for example, the user is in range of the work
Wi-Fi
network), it is terminated.