Enable Microsoft Graph API to allow BEMS in a BlackBerry UEM Cloud environment to communicate with Microsoft Exchange
Online
Microsoft Graph
API to allow BEMS
in a BlackBerry UEM Cloud
environment to communicate with Microsoft Exchange
Online
If you have configured the email notifications in your
UEM Cloud
instance that is configured to use Microsoft Exchange Web
Services
(EWS) for Exchange Online to access Microsoft 365
mailboxes, when you enable "Use Microsoft Graph", BEMS
will automatically migrate all Microsoft 365
users from using EWS to Microsoft Graph
at a rate of 50 users every 5 minutes. - Configure the email notifications for BlackBerry Work. For instructions, see Configure email notifications for BlackBerry Work.
- If you enableMicrosoft Graphusing a Client Certificate:
- In theUEM Cloudmanagement console, clickSettings > BlackBerry Dynamics > Email notifications.
- Click theMicrosoft Graphtab.
- Click
.
- Select theUse Microsoft Graph clientcheck box.
- In theAuthentication typesection, select an authentication type based on your environment and complete the associated tasks to allowBEMSto communicate withMicrosoft Exchange Online:Authentication typeDescriptionTaskClient SecretThis option uses a client secret to allow theBEMSservice account to authenticate toMicrosoft Exchange Online. The client secret is created during the application registration process.In theClient Secretfield, enter theValuefor the client secret. For instructions on obtaining a client secret, see Obtain an Entra app ID for BEMS with client secret authentication.Client CertificateThis option uses a client certificate to allow theBEMSservice account to authenticate toMicrosoft Exchange Online.
- For theCertificate file (.pfx), clickBrowseand select the client certificate file. For instructions on obtaining the .PFX file, see Associate a certificate with the Entra app ID for BEMS
- In thePasswordfield, enter the password for the client certificate.
- In theAuthentication Authorityfield, enter the Authentication Server URL thatBEMSaccesses and retrieve the OAuth token for authentication withMicrosoft Exchange Online. By default, the field is prepopulated with https://login.microsoftonline.com/common.The authentication server URL must be in the format of https://login.microsoftonline.com/tenantnameor https://login.microsoftonline.com/tenantid.
- In theClient App IDfield, enter theEntraapp ID for the credential authentication.
- In theServer Namefield, typehttps://graph.microsoft.com.
- In theEnd User Email Addressfield, type an email address to test connectivity toMicrosoft Exchange Onlineusing the service account. ClickTest connection. You can delete the email address after you complete the test.
- ClickSave.
- Configure the Autodiscover and Exchange Options in Configure email notifications for BlackBerry Work. You can configure the settings using one of the following authentication types: Credential, Credentials + Modern Authentication, or Client Certificate + Modern Authentication type.