System requirements
Steps to set up Office 365 modern authentication for BlackBerry Dynamics apps
Enable modern authentication for the Mail service in BEMS
Enable modern authentication for the Connect and Presence services in BEMS
- Configure Skype for Business Online for the Connect service
  - Obtain an Azure app ID for the Connect client
- Configure Skype for Business Online for the Presence service
Obtain an Azure app ID for the BEMS-Connect, BEMS-Presence, and BEMS-Docs component service
Enable modern authentication for the Docs service in BEMS
Configure BlackBerry Work for iOS and Android app settings for Office 365 modern authentication
Configure BlackBerry Work for Windows and macOS app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Work for Windows and macOS
Configure BlackBerry Notes and BlackBerry Tasks app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Tasks and BlackBerry Notes
Add the BEMS instance to the Good Enterprise Services and BlackBerry Work entitlement app
Additional configuration options
- Configure single sign-on for BlackBerry Access in BlackBerry UEM
- Configure alternate login and Office 365 resource URLs
Troubleshooting

Obtain the
Azure
IP authentication information for the
Docs
service

The

Docs

service authenticates to

Azure

-IP using a fixed symmetric key and is associated with a super user service principal and a BPOS tenant ID that are generated using

Windows PowerShell

. The values are used to configure the

BEMS

dashboard. Authenticating to

Azure

-IP allows the

Docs

service to decrypt protected documents and determine the rights a user has on a document.

On the computer that you use to complete this task, make sure that the following software is installed:

Windows PowerShell

3.0 or later.

Windows PowerShell

Get (previously known as OneGet). For more information about downloading PowerShellGet, visit https://www.microsoft.com/en-us/download/details.aspx?id=51451.

Microsoft NuGet. For more information about NuGet, visit https://docs.microsoft.com/en-us/nuget/.

To install NuGet, in

Windows PowerShell

type

Install-PackageProvider -Name NuGet -MinimumVersion <version number> -Force

. Where <version number> is a minimum of 2.8.5.201.

AADRM (

Azure

AD Rights Management). For more information about AADRM, visit https://docs.microsoft.com/en-us/azure/information-protection/install-powershell

To install AADRM, in

Windows PowerShell

, type

Install-Module -Name AADRM

Azure

Active Directory

(MSOnline). For more information about MSOnline, visit https://docs.microsoft.com/en-us/powershell/module/msonline/?view=azureadps-1.0.

To install MSOnline, in

Windows PowerShell

, type

Install-Module MSOnline

For more information about the following commands, visit https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-powershell.

Open the

Windows PowerShell

(run as administrator) and complete the following instructions.

Connect to the

Azure

AD with an account that has tenant administrator permissions. Type

Connect-MsolService

. Press

Enter

Create a new service principal. Type

New-MsolServicePrincipal

. Add a display name for the service principal (for example, BEMSDocsAzureIPServicePrincipal). Press

Enter

Connect to

Azure

IP with an account that has tenant administrator permissions. Type

Connect-AadrmService

. Press

Enter

Disconnect from

Azure

IP. Type

Disconnect-AadrmService

. Press

Enter

Section:

Steps to deploy Azure IP Rights Management Services support for the Docs service

Obtain the Azure IP authentication information for the Docs service

Obtain the
Azure
IP authentication information for the
Docs
service