Skip Navigation

BlackBerry Work
app configuration settings

App Settings
Description
Autodiscover
If you select the "Enable automated Autodiscover" option,
BlackBerry Work
automatically discovers the
Exchange ActiveSync
server.
Due to possible security vulnerabilities, it is not recommended that you select this option.
Authorized Email Domains
Select the "Display warning while sending message if the number of unauthorized recipient email domain(s) is" option if you want to display a warning message to users that attempt to send a message to the number of unauthorized domains specified in the drop-down list.
Select the "Display warning for received messages if the sender's email domain is unauthorized" option if you want to display a warning to users when they receive messages from senders that are not listed in the Authorized email domains list.
If you select either of the options above, specify a list of authorized email domains. Use a comma separated list, with no spaces, to specify authorized email domains. You can edit the sample text displayed in the warning message field.
External Email Marking
If you select the "Prepend tag to subject on external mails" option, the subject lines of email messages sent outside of the user's domain are prepended with the text specified in the Text to prepend field.
Data Leakage Prevention Watermark
If you select the "Enable DLP Watermark" option, a watermark is added to all
BlackBerry Dynamics
app screens (for example,
BlackBerry Work
,
BlackBerry Work
Docs
, Calendar, and Contacts). The watermark shows the user's username and current date and time. Note: If users print a file, the watermarks are not displayed in the output.
Avatar Photos
If you select the "Enable avatar photos" option, contact photographs are displayed in
BlackBerry Work
. If this option is not selected, the user's initials are displayed instead of a photograph.
Presence Service
If you select the "Enable presence service" option, users can see the online status of their instant messaging contacts. Users can also see their user presence in the hamburger menu. The status on the hamburger menu is supported on users' primary account only. Available settings:
  • Other Platforms: Select this option if your environment is configured to use
    Cisco Jabber
    or
    Skype for Business
    On-prem using trusted application mode.
  • Skype for Business
    On-Prem - Non-trusted Application Mode
  • Microsoft Teams
    for
    Microsoft 365
If you enable the presence service for
Microsoft Teams
for
Microsoft 365
, complete the following:
  • Specify the presence refresh time (in minutes).
  • The "Office 365 Settings" option on the Advanced Configuration tab must also be selected and configured for users' online status to be displayed.
If this setting was enabled previously, the default setting is "Other platforms" and the drop-down shows "Select".
For more information about setting up the
BEMS-Presence
service, refer to the Set up support for the BEMS-Presence in non-trusted application mode topic.
Email Search
If you select the "Enable searching emails on server" option, users can search email messages on the server.
Diagnostics
If you select the "Allow users to perform app diagnostics" option, users can perform app diagnostics from the
BlackBerry Dynamics Launcher
on their devices.
BlackBerry Gatekeeping Service
If you select the "Use BlackBerry Gatekeeping Service" option, unauthorized devices are prevented from using
Exchange ActiveSync
unless they are explicitly added to the allowed list using the
BlackBerry Gatekeeping Service
. To use the
BlackBerry Gatekeeping Service
, you must create a gatekeeping configuration for the
Microsoft Exchange Server
or
Microsoft 365
and assign an email profile to users that has the automatic gatekeeping server selected. For details on how to configure the
BlackBerry Gatekeeping Service
, see Controlling which devices can access Exchange ActiveSync.
Genoa Transformer Service for
Domino
If you select the "Use Genoa Transformer Service to connect to IBM Domino" option, meeting invitations are received on devices as meetings.ics files instead of invite.ics.
Genoa Transformer Service
Select the "Use Genoa Transformer Service to connect to Google Suite (BETA)" option to allow interoperability between Google Suite and BlackBerry Work.
Disable Out of Office
If you select this option, you will turn off Out Of Office and disable the setting in the
BlackBerry Work
client.
Default email font
Select the "Set default email font" option and specify a font type and size for outgoing mail. Enabling this option does not prevent users from enabling the Use Custom Fonts option in the app settings. If users enable Use Custom Fonts, the fonts that they set will apply until they disable it or you make changes to this option.
Email signature
Select the "Create a custom email signature for your organization" option to set a custom email signature for users in your organization in plain text. This signature cannot be edited or deleted by users.
Select the "Use HTML to create signature" option to set the custom email signature in HTML.
In the "Add text Input field", type the text for the email signature.
Select the “Allow end users to add and use custom email signatures” option to allow users to create custom signatures and set a default signature for all outgoing email messages. When you set a custom organization signature, the signature is displayed as “Corporate Default” on users' devices. When not selected and you create a custom email signature for your organization, the custom organization signature takes precedence and cannot be changed.
Active directory password expiration warning
Select the number of days to display a warning to the user before their
Microsoft Active Directory
password expires and select a Password Expiration Data Provider (EWS or LDAP).
In the Custom Message field, you can add additional information to display to the user.
You can use this feature for users that are using both, the GPO (Global Policy Object) method and PSO (Password Settings Object) method to set the maximum password age.
Sending emails from aliases
Select the "Enable sending from aliases" option to allow users to send email messages from email accounts that have aliases.
Notifications
Description
Select level of detail in Email notification
Select the level of detail that users see in email notifications.
Available settings:
  • No notifications: Users don't receive notifications when email messages are received.
  • No details in notification: Users see the default message notifications, "You have received a new message" and "You have received an invitation," in the email preview.
  • Sender only: Users see the sender's name in clear text with the default message notification in the email preview.
  • Sender and Message: Users see the sender's name and a preview of the email message.
  • Sender, Subject, and Preview: Users see the Sender name, Subject of the email message, and a preview of the email message. 
The default setting is "Sender and Subject."
Select level of detail in Calendar notifications
Select the level of detail that users see in calendar notifications.
Available settings:
  • No notifications: Users don't receive notifications when calendar invitations are received.
  • No details in notification: Users see the default message notifications, "You have received a new message" and "You have received an invitation," in the email preview.
  • Meeting Time only: Users see the meeting time in clear text with the default message notification.
  • Meeting Time and Subject: Users see the meeting time and subject of the meeting in the email preview.
  • Meeting Time, Subject and Location: Users see the meeting time, subject, and location of the meeting in the email preview.
  • Meeting Time, Subject, Location, and Preview (
    Android
    only): Users see the meeting time, subject, location, and a preview of the meeting description in the email preview.
The default setting is "Meeting Time, Subject, and Location."
On
Android
, select the "Show only generic notifications when app is locked" option to show only generic information in notifications if the app is locked.
On
Android
Wear, Select the "Show notifications on connected wearable devices" option to display notifications on wearable
Android
devices.
Select the "Enable widgets for
BlackBerry Work
app" to allow users to add widgets to
iOS
and
Android
devices. By default, this setting is enabled. If the widget policy is blocked and then unblocked, users must remove and then add the widget again to unblock it.
Email subfolder notifications
Select the "Enable visual notifications for subscribed subfolders" option to allow users to receive email notifications for subfolders.
Additional options for notifications on
Android
Wear devices
Select whether there are additional notifications for
Android
Wear devices.
Available settings:
  • Notification for VIP Contacts
  • Notification for anyone
  • Notification with voice reply for anyone
When using a device outside of a controlled wireless network, wearables require higher communications security with respect to encryption, information integrity, and non-repudiation. Since wearable computers are quite small, most do not come equipped with higher security features and any data that is sent and received is vulnerable. Consequently,
BlackBerry Work
's support for wearables is confined to notifications and reminders.
iOS
App Icon Badge
Select the "Allow user to choose between “Unread Mails” and "New Mails" as their default Badge count on the App Icon" option to allow users to choose between displaying a badge count for unread and new email messages as their default badge count on the app icon. If this option is not selected, the app icon badge reflects the number of new email messages that were received since the user last closed the app, and the user cannot select “Unread Mails” as a badge count preference.
High priority notifications (Android only)
On
Android
, select the “Enable high priority notifications for regular incoming emails” option to enable high-priority notifications for regular (non-VIP) incoming email messages. Messages will be delivered with an audible sound even when the device is in Sleep mode.
If this option is enabled, a user cannot turn off this feature on their device. If this option is not enabled, a user can choose to turn on this feature on their device.
This feature requires
BEMS
3.7 or later.
S/MIME
Description
Enhanced Security
Select the "Periodically require PIN entry to access SMIME capabilities" option if you want users to be required to periodically enter a PIN to use S/MIME.
  • Set the period after which a user must enter their PIN.
  • Set the minimum number of digits that a user must use for their PIN.
If a user enters an incorrect PIN three times, they will be required to reset the PIN. To complete the reset, an unlock code or QR code must be sent to the user. For more information, see Send a BlackBerry Dynamics app unlock key and QR code to a user.
Sending
In the "Default signing algorithm" drop-down list, select the algorithm to use for signing sent messages.
In the "Default encryption algorithm" drop-down list, select the encryption algorithm to use.
Select the "Require all emails to be signed" and "Require all emails to be encrypted" if you require that emails must be signed and/or encrypted.
Select the "Perform name checking for outgoing encrypted emails (verify email address in certificate matches recipient email address)" option to perform name checking. Name checking verifies that the email address in the certificate matches recipient's account.
Receiving
In the "Automatically download the body of S/MIME emails" drop-down list, select how the body of S/MIME email messages is downloaded.
Wi-Fi
is supported on
Android
devices only. If you select this option,
iOS
devices are set to "Never."
Select the "Perform name checking (verify email address in certificate matches user's account)" option to perform name checking. Name checking verifies that the email address in the certificate matches user's account.
Opening
Select the "Enable certificate check before opening old S/MIME email" option if you want BlackBerry Work to check if the certificate used to encrypt an email message is still available for the user.
Select "Block access to signed messages when no certificate is available" if you want BlackBerry Work to block access if no certificate is available.
Certificate Management
Specify when to clear the public certificate cache. By default, this setting is Weekly. 
Revocation Checking when the OCSP server is available
Select the "Enable revocation checking" option to enable revocation checks and specify the depth of certificate checking. Available settings:
  • Check entire certificate chain
  • Check user / client certificate only
Select the "Use AIA extension in certificate if present" option to use the AIA extension in certificates if present.
In the "Default OCSP URL" field, specify the default OCSP URL to use if the AIA extension cannot be used or it is not present in a certificate.
Address Book
Description
Address Book Sync
Select the "Allow syncing BlackBerry Contacts to device" option to enable synchronizing contacts to devices and choose the fields that are synchronized.
In the "Maximum length for notes" field, specify the maximum length for the notes field. By default, the maximum is 1024 characters.
Select the "Even if
iCloud
is enabled, allow syncing BlackBerry Contacts to device" option to allow synchronization to occur when
iCloud
is enabled.
To turn on 'Enable contact sync to native' to take advantage of this feature on a device, see Change contact settings for BlackBerry Work for Android or in Change BlackBerry Work for iOS settings, see the "Manage your Contacts settings" section.
Caller ID
Select the "Allow device to use BlackBerry Contacts for Caller ID" option if you want to allow
BlackBerry Work
to access the user's
BlackBerry Work
contact list to display contact name for incoming and outgoing phone calls.
GAL Search
Specify the maximum number of results to display when searching the global address list (GAL).
Recipients
Specify whether caching is enabled. When caching is enabled, the cache is used to offer autocomplete suggestions for recipients during email composition.
Contact Sharing
Select the "Enabled support for shared contact folders" option to allow delegates of a Microsoft Exchange user's mailbox to access all shared contacts.
Interoperability
Description
Camera and Device Photo Gallery permissions
Specify whether to allow access to the device camera, the photo gallery, or both. Available settings:
  • Allow access to camera and device photo gallery
  • Allow access to camera only
  • No access to camera or device photo gallery
The default value is "Allow access to camera and device photo gallery."
Voice
Select the "Tap a phone number to dial using native phone" option to allow users to use the native phone app on a device or select the "Tap a phone number to dial using entitled and installed GD VOIP apps" option to allow VOIP apps.
SMS
Select the "Tap SMS icon to initiate SMS using native SMS apps" option to specify whether to allow users to initiate their native SMS apps by tapping the SMS icon or select the "Tap SMS icon to initiate SMS using entitled and installed GD SMS apps" option to specify that users must use
BlackBerry Dynamics
SMS apps.
Misc
Specify whether to allow access to the user's native browser or native maps app.
Launch 3rd Party App
Select the "Enable integration with 3rd party RSA SecurID app using CTF token seed" to enable two-factor authentication integration with a third-party
RSA SecurID
app using a CTF token seed.
Select the "Enable launching to 3rd party native apps (iOS only policy)" option to enable launching third-party native apps. When you enable native apps, enter the App URL scheme in the field.
BlackBerry Work
supports CTF-based provisioning using a native
RSA SecurID
app. For more information about configuring
RSA
soft-token authentication, see Configure RSA SecurID soft token authentication.
Launch 3rd Party App Universal link (iOS only)
Universal links allow
iOS
users to be automatically redirected to an installed app without going through
Safari
when they click links in a website. If the app isn’t installed on the device, the link opens the website in
Safari
.
You can specify a list of universal links that users can open from
BlackBerry Work for iOS
. If you add a universal link to this list, the link will redirect to the appropriate app if it is installed on a user's device. If a user clicks on a universal link that is not added to this list, the link will not be redirected to an app and will open in
Safari
, even if the app is installed on a user's device.
To add multiple URLs, insert a carriage return between each URL that you want to add.
Allow 3rd Party App to Send Mail
Select the "Enable sending mail from BlackBerry Work via mailto:/gmmmailto:/gwmailto:" option to specify whether email messages can be sent using mailto:/gmmmailto:/gwmailto
File Transfer Privileges
Select the "Enable exporting to 3rd-party native apps" option to specify whether to allow the transfer of files to third-party native apps on the user's device. You can allow and disallow specific apps by app ID and app share extensions. If your environment includes
iOS
devices that run
iOS
14 or later, add both the app ID and app share extension for a specific app to make sure that
BlackBerry Work for iOS
contains the necessary information to compare the app against the blacklists or whitelists configured in
BlackBerry UEM
. If the necessary information is not included, users running
iOS
14 and later might be unable to transfer a file and receive an error message.
For
iOS
devices, this setting will be replaced with the new setting in the
BlackBerry Dynamics
profile setting, "Transfer Files" section. The new setting controls file transfer and opening of unencrypted files from
BlackBerry Dynamics
apps to selected non-
BlackBerry Dynamics
iOS
apps. In this release, you must continue to use this setting to configure
BlackBerry Work for iOS
devices. For more information, see BBW-40060 in Known issues.
This app configuration setting will be deprecated for
iOS
devices in a future
BlackBerry Work
release.
Select the "Enable Importing from 3rd-party native apps (Android only)" option to allow the import of files from third-party native apps and
BlackBerry Dynamics
apps (for example,
BlackBerry Work
and
BlackBerry Access
) or
BlackBerry Dynamics SDK
wrapped apps (for example, iAnnotate for
BlackBerry Dynamics
) on the user's device. You can allow and disallow specific apps by app ID and app share extensions.
The combined size of the imported files cannot exceed 120 MB.
Handling External Images
Select the "Don't allow to download external images" option to block downloading images from external sources. A blocked images message is displayed in
BlackBerry Work
when this setting is enabled.
On
Android
, select the "When allowed to download external images, automatically download external images from own domain" to automatically download external images from your organization's domain.
Docs and Attachments
Description
Docs Repository
Specify whether to enable a file repository on the device, local, or server docs repositories, and
Box
, and whether to force users to save pending uploads.
By default, users are alerted about any pending uploads every 24 hours. If Forced Pending Uploads Policy is selected, users are blocked from taking any document related actions in
BlackBerry Work
until all files are successfully uploaded to the server.
Sending Attachments
Specify whether to allow outgoing attachments and specify the maximum size and the file extensions that are allowed or disallowed.
Receiving/Opening Attachments
Specify whether to allow incoming attachments and specify a maximum size and the file extensions that are allowed or disallowed.
Classification
Description
Email classification
Specify whether to enable email classification markings, such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY. To edit the XML classes, select and delete the code that you want to remove. For more information on classifications, including an example, see Email classifications.
After you have enabled email classifications, you can select the "Require all emails to have Email Classification" option to force all email messages to include a classification setting.
Event classification
Specify whether to enable event classifications markings such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY.
After you have enabled event classifications, you can select the "Require all events to have Event Classification" option to force all events to include a classification setting.
Note that the classifications for calendar events are applicable only when email classifications are enabled.
Calendar
Description
Time Zone Info
If you select the "Disable display of time zone information in meeting and contact card" option,
BlackBerry Work
will not retrieve the time zone information from
Microsoft Exchange
that is displayed in the calendar and contacts for users.
Conference links
Select one or more of the conference platform options to enable users to click a Join button in a meeting request to quickly join a meeting on their device using the associated platform, such as
Zoom
.
External Calendars Preview
Select the “External Calendars Preview” option to display a preview of external calendar events in the day view. You can choose from two levels of data presentation:
Placeholders only
displays solid vertical placeholders with no event data.
Details
displays external calendar events as standard event blocks with an event title and the recurrence status icon.
Calendar Event New Time Proposal
Select this option to allow users to use the propose new meeting time feature.
Basic Configuration
Description
Security Settings
Select the "Use Kerberos Constrained Delegation in place of login/password" option to specify whether
Kerberos
Constrained Delegation will be used for logging in to
Microsoft Exchange
. If this option is not selected, NTLM/Basic authentication will be used.
Select the "Use client certificate in place of login/password" option to specify whether clients must have individual login certificates (SSL) uploaded to the
BlackBerry UEM
management console. These certificates are used for login instead of basic credentials (username/password).
Enterprise Server Settings
In the Server List Reshuffle Period (minutes) field, specify the frequency that the server list, if present, is reshuffled for load balancing purposes.
In the Server List Quarantine Period (minutes) field, specify how long
BlackBerry Work
waits before retrying if
BlackBerry UEM
is not working.
Client Settings
In the Sync Email Body Size (Kb) field, specify the size, in KB, of the partial message body downloaded from the server if the user selects the option to download partial message content.
Select the "Use
BEMS
to perform AutoDiscover of the EAS/EWS endpoint for the user" option to specify that the client will use the
BlackBerry
Server Autodiscover service to determine the EAS/EWS endpoint for the user.
Select the "Create and consume rights-managed email messages option" to specify that Information Rights Managements (IRM) must be enabled for user mailboxes on
Microsoft Exchange
.
Other Settings
In the Send Feedback Email Address field, specify the email address where client feedback email messages are sent. Add multiple comma delimited recipients as needed.
In the Report Phishing Email Address field, specify whether users can report emails as phishing. The reported emails are forwarded to the email address provided in this field then moved to Trash folder.
Select the "Report phishing mail as forward" to specify whether to report phishing emails as a forwarded email. "Phishing report" is appended to the forwarded email subject. If this option is not selected, reported phishing emails are forwarded as attachments.
Account Setup
When the "Skip Email Short Form Setup" option is selected, users must input their
Microsoft Active Directory
usernames, passwords, and domains during device activation.
ActiveSync
and Auto Discover Authentication Methods (
iOS
Only)
Specify the authentication methods to use. If only certain authentication methods are supported from
Microsoft Exchange
, set those values to minimize the user setup time. (For example, if Auto Discover and
ActiveSync
IIS Auth Settings are set to allow only NTLM and Basic, then de-select Negotiate in above app setting.) If none are selected, the default
Microsoft Exchange
setting is used. If using client-based authentication, check none of the options.
Exchange Web Services Authentication Methods (
iOS
Only)
Specify the authentication methods to use. If only certain authentication methods are supported from
Microsoft Exchange
, set those values to minimize the user setup time. (For example, if EWS IIS Auth Setting is set to allow only NTLM, then select only NTLM above for an optimal setup experience.) If none are selected above, the default
Microsoft Exchange
setting is used. If using client-based authentication, check none of the options.
Exchange Web Services Settings
Specify the
Microsoft Exchange Web Services
URL endpoint (for example, https://mydomain.com/EWS/Exchange.asmx). If you select the "Disable Exchange Web Services" option, all
Microsoft Exchange Web Services
activities, including calendar forward and calendar attachment, are disabled.
Exchange ActiveSync
Settings
In the Default Domain field, specify the
Windows NT
Domain to try automatically when logging in. If your server uses newer UPN (email@host.com) style login instead of the older (domain\user) style login, this field should be left blank.
In the ActiveSync Server field, specify the default
Microsoft Exchange
Server to connect to (for example, cas.mydomain.com).
In the Autodiscover URL field, specify the auto discover URL if known. This speeds up the auto discover setup process (for example, https://autodiscover.<
mydomain
>.com/autodiscover/autodiscover.xml).
In the Autodiscover Connection Timeout in Seconds (iOS only) field, specify the timeout setting for
iOS
devices.
Enforce App Configuration
Select the "Enforce App Configuration" option to ensure that modern authentication, EAS/EWS endpoints, and
Microsoft 365
settings configured in the
BlackBerry Dynamics
connectivity profile are applied. This option is useful when you are troubleshooting issues after you have migrated a
BlackBerry Work
mailbox from an on-premises
Microsoft Exchange
Server to
Microsoft 365
.
BlackBerry
recommends that you copy your organization’s app configuration, select the Enforce App Configuration option, and apply the app configuration only to the affected users.
Advanced Settings
Specify additional configuration parameters in this text area. Contact
BlackBerry
Support for more details.
Advanced Configuration
Description
UPN Settings
In the "UPN type" drop-down list, select "Explicit UPN" to override the default UPN setting in the Dynamics Global properties.
ActiveSync
User Name Formats (
iOS
Only)
Select the username formats that can be used to authenticate with your
Exchange ActiveSync
server.
To simplify user setup time, select only the username formats that are supported by your
Exchange ActiveSync
server.
If you do not select an option, all options are allowed.
Exchange Web Services User Name Formats (
iOS
Only)
Select the username formats that can be used to authenticate with
Microsoft Exchange Web Services
.
To simplify user setup, select only the username formats that are supported by
Microsoft Exchange Web Services
.
If you do not select an option, all options are allowed.
TLS Certificate Settings
Specify the user credential profile that contains the TLS certificate to be used to connect to
Microsoft Exchange
. The name of the profile that you specify here must match the name of the user credential profile that was created in the
BlackBerry UEM
management console.
For more information on user credential profiles, see Using user credential profiles to send certificates to devices.
Email Sync Window
In the "Maximum Email Sync Window Allowed" drop-down list, specify the number of days in the past to synchronize email messages to devices. If the setting on a device allows for more days than the server setting, the server setting is used and email messages that are older than the server setting are removed from the device. If the setting on the device allows fewer days than the server setting, the setting on the device remains the same. The user can change the setting on the device to fewer days than the server setting.
Calendar Sync Window
In the "Calendar Sync Window" drop-down list, select the number of months that past calendar events can be synchronized on the device. If this setting is not specified,
iOS
devices will synchronize three months and
Android
will synchronize one month. 
Draft Folder Syncing
Prevent a user from deselecting the Drafts folder which keeps it from being automatically synchronized.
Shared Mailboxes
Select the "Enable access to Shared Mailboxes" option if you want to allow users to add a user mailbox that they are a delegate for, or a shared mailbox that they have been granted access to, in
BlackBerry Work
. If this option is disabled after shared mailboxes have been added, existing shared mailboxes are removed, and they are not restored if the setting is enabled again. Also, if a user attempts to add a shared mailbox when this option is disabled, they will not be able to add the mailbox and will see a message in the
BlackBerry Work
app stating that they must contact their administrator.
Shared Calendar Periodic Sync
Select the "Enable Calendar Periodic Syncing " option to allow a shared calendar to be refreshed every 10 minutes while it is onscreen in the foreground. This feature applies to all views: Agenda, Day, Week, and Month.
Mailbox Migration
Select the "Migration Flow Enabled" option when you are planning to migrate a
BlackBerry Work
mailbox from an on-premises
Microsoft Exchange Server
to
Office 365
.
To set an expiry time, enter a date in the Migration Flow Expiration Date field. After the date that you enter has passed, the Migration Flow Enabled setting is ignored.
Office 365
Settings
Select the "Use
Office 365
Settings" option to configure options for
Microsoft 365
. If selected, specify the following:
  • Select the "Use
    Office 365
    Modern Authentication" option to use modern authentication instead of basic authentication. Modern authentication enables
    BlackBerry Work
    to use sign-in features such as Multi-Factor Authentication, SAML-based third-party Identity Providers, and smart card and certificate-based authentication. The "Enable presence service" option must also be selected on the Apps tab for users' presence status to be displayed for
    Microsoft Teams
    for
    Microsoft 365
    .
    If your environment is not enabled for modern authentication, review Configuring Office 365 and Hybrid Office 365 environments Modern Authentication for BlackBerry Dynamics Apps before enabling this policy. If it is enabled for modern authentication, you must register the
    BlackBerry Work
    app with
    Entra
    and set the permissions below.
  • In the
    Entra
    App ID field, specify the
    Microsoft Entra ID
    app ID for
    BlackBerry Work
    . For information on how obtain an
    Entra
    ID, see Obtain an Entra app ID for BlackBerry Work.
  • In the
    Office 365
    Sign On URL field, specify the web address that
    BlackBerry Work
    should use when signing in to
    Office 365
    . If you do not specify a value,
    BlackBerry Work
    will use https://login.microsoftonline.com during setup.
  • In the "
    Office 365
    Tenant ID" field, specify the tenant ID of
    Office 365
    server that you want
    BlackBerry Work
    to connect to during setup.
    The default value "common" will only work when your
    Entra
    app is configured for multitenant.
  • In the "
    Office 365
    Resource" field, specify the URL of the
    Microsoft Exchange Online
    server.
  • In the "Redirect URI" field, specify the URI that you entered in the
    Microsoft Entra ID
    portal.
  • Select the "Use
    Office 365
    Brokered Authentication" to require users to use brokered authentication to authenticate to
    BlackBerry Work
    and access
    BlackBerry Work
    Docs repository content (for example,
    Microsoft SharePoint Online
    ) to ensure that settings configured in
    Entra ID
    Conditional Access are applied. To use this feature,
    • Your environment must be enabled for
      Entra ID
      conditional access. For more information, see Configure Entra ID conditional access in the
      BlackBerry UEM
      Configuration content.
    • Users must have the
      Microsoft
      Authenticator app installed.
Exchange User Name
Select UPN to use a UPN user name format instead of SMTP when authenticating with
Microsoft Exchange Online
. Depending on your environment, if your users are configured with UPNs that are different from their email address, you might need to enable "Use explicit UPN" property. For more information, see the BlackBerry UEM Configuration content.
Proxy
Office 365
Modern Authentication requests (
Android
only)
Select this option to force all
Office 365
Modern Authentication requests to go through the
BlackBerry Proxy
instead of connecting directly to the Internet. This setting is valid when "Use Office 365 Settings" is enabled.
User Name Formats
Select the username format that will be used for Integrated
Windows
Authentication. By default, UPN for Negotiate authentication is used. Users might be prompted to enter their credentials. This setting is valid when "Proxy
Office 365
Modern Authentication requests (
Android
only)" is enabled.
Upgrade Exchange ActiveSync Protocol
Select the "Upgrade to latest supported Exchange Active Sync protocol" setting to enable
BlackBerry Work
clients to check and upgrade to the latest supported Exchange Active Sync Protocol, if required.
Performance Reporting
Description
Enable Performance Reporting
Select this option to specify whether to monitor performance of the
BlackBerry Work
app.
HTTP Connection Error
Select the "Enable reporting of HTTP connection errors" options to specify whether to report HTTP connection errors between
BlackBerry Work
and the specified application servers.
HTTP Response Time
Select the "Report HTTP responses taking long time" option to specify whether to report HTTP responses that are taking longer than the specified time. Enter the application server addresses to monitor.
HTTP Status Code
Select the "Report HTTP status codes received" option to specify whether to report a specified HTTP status code. Enter the application server addresses to monitor.
Don't send reports for duration (in seconds)
Specify the amount of time to wait before sending another report.
Beta Features
Description
Microsoft Teams
Select the "Allow users to add a
Microsoft Teams
meeting when creating a calendar event" option to allow users to create
Microsoft Teams
meetings. This feature works with
Office 365
and requires modern authentication to be configured.
Select the "Allow
Microsoft Teams
calls/chat from contact" option to allow
Microsoft Teams
calls and chats to launch from
BlackBerry Work
Contacts.
In the "Specify additional domains that support
Microsoft Teams
call/chat" field, enter additional email domains that support
Microsoft Teams
in a comma separated list.
Deprecated tab
Description
Background Authorization
Select a time to allow the
BlackBerry Work
app to synchronize email in the background periodically. Decreasing the duration between the time that email synchronizes ensures that the user's inbox is up to date when they open the app.
Microsoft 365
Modern Authentication for
Presence
Select the "Use Office 365 Modern Authentication for Presence" option to use modern authentication with the
Presence
service. The "Enable presence service" option must also be selected on the Apps tab for users to see the online status of the
Microsoft Teams
for
Microsoft 365
.
In the "Office 365 Presence Resource" field, enter the app ID for your
Presence
service.
Skype for Business
If you are currently using
Skype for Business
, you can allow users to add meetings and join meetings directly from their calendars.
Select the "Allow to create Skype For Business meetings in calendar" option to allow users to add
Skype for Business
meetings to their calendars.
Select the "Allow launching into Skype for Business app on mobile" option to allow users to make voice and video calls and to be able to join
Skype for Business
meetings directly from a calendar invitation. The meeting is automatically opened in the
Skype for Business
client and users must have the
Skype for Business
client installed on their devices.
In the
Domain of Skype for Business meeting link
field, enter the fully qualified domain name or the domain-only portion of the
Skype for Business
meeting server to allow internal users to use the Join meeting button in the event details. For example, meet.example.com or example.com. By entering this domain name,
BlackBerry Work
can locate which meeting link to capture from the meeting invitation if it is different from the user's email address domain.
Opening S/MIME (iOS only)
Select the "Disable email decryption with legacy certificates" option to disable using legacy certificates when decrypting email messages. This option cannot be selected if the “Enable certificate check before opening old SMIME email” option is also selected.
Use heritage settings
Select the "Devices should use values described below for
Presence
and
Docs
servers". Selecting this option requires that the following configurations are completed:
  • BlackBerry Work
    is added to the
    BlackBerry Dynamics
    Connectivity Profile App Servers section. For more information, visit support.blackberry.com/community to read article 47950.
  • Specifying the preferred
    Presence
    Server configuration
  • Specifying preferred
    Docs
    Server configuration
Preferred
Presence
Server Configuration
Type the FQDN of the computers that host the
BEMS-Presence
service. If you have multiple servers, separate the names using commas, not spaces (for example, domain01.example.com:8443,domain02.example.com:8443).
Preferred
Docs
Server Configuration
Type the FQDN of the computers that host the
BEMS-Docs
service. If you have multiple servers, separate the names using commas, not spaces (for example, domain01.example.com:8443,domain02.example.com:8443).
Microsoft Authentication Library
Disabling this policy will result in using legacy
Microsoft Entra ID
Active Directory Authentication Library when logging into Work mailbox account. (iOS Only)
Legacy proxy Office 365 Modern Authentication
Select the "Use legacy Proxy
Office 365
Modern Authentication requests" option for
BlackBerry Work
to proxy modern authentication requests via a legacy webview, which might be required for some compatibility cases (
Android
only).
Security Settings
Select the "Disable SSL Certificate Checking" option to disable SSL Certificate verification for
Exchange ActiveSync
/
Microsoft Exchange Web Services
in test environments.