BlackBerry Work app configuration settings
BlackBerry Work
app configuration settingsApp Settings | Description |
---|---|
Autodiscover | If you select the "Enable automated Autodiscover" option, BlackBerry Work automatically discovers the Exchange ActiveSync server. Due to possible security vulnerabilities, it is not recommended that you select this option. |
Authorized Email Domains | Select the "Display warning while sending message if the number of unauthorized recipient email domain(s) is" option if you want to display a warning message to users that attempt to send a message to the number of unauthorized domains specified in the drop-down list. Select the "Display warning for received messages if the sender's email domain is unauthorized" option if you want to display a warning to users when they receive messages from senders that are not listed in the Authorized email domains list. If you select either of the options above, specify a list of authorized email domains. Use a comma separated list, with no spaces, to specify authorized email domains. You can edit the sample text displayed in the warning message field. |
External Email Marking | If you select the "Prepend tag to subject on external mails" option, the subject lines of email messages sent outside of the user's domain are prepended with the text specified in the Text to prepend field. |
Data Leakage Prevention Watermark | If you select the "Enable DLP Watermark" option, a watermark is added to all BlackBerry
Dynamics app screens (for example, BlackBerry Work , BlackBerry Work Docs , Calendar, and Contacts). The watermark shows the user's username and current date and time. Note: If users print a file, the watermarks are not displayed in the output. |
Screenshot Prevention ( iOS Only) | If you select the "Prevent screenshots on iOS " option, users cannot take screenshots in the BlackBerry Work app. This setting is applied to devices the next time that a user closes and reopens the app. |
Avatar Photos | If you select the "Enable avatar photos" option, contact photographs are displayed in BlackBerry Work . If this option is not selected, the user's initials are displayed instead of a photograph. |
Presence Service | If you select the "Enable presence service" option, users can see the online status of their instant messaging contacts. Available settings:
If you enable the presence service for Microsoft Teams for Microsoft 365 , complete the following:
If this setting was enabled previously, the default setting is "Other platforms" and the drop-down shows "Select". For more information about setting up the BEMS-Presence service, refer to the Set up support for the BEMS-Presence in non-trusted application mode topic. |
Email Search | If you select the "Enable searching emails on server" option, users can search email messages on the server. |
Diagnostics | If you select the "Allow users to perform app diagnostics" option, users can perform app diagnostics from the BlackBerry Dynamics Launcher on their devices. |
BlackBerry Gatekeeping Service | If you select the "Use BlackBerry Gatekeeping Service" option, unauthorized devices are prevented from using Exchange ActiveSync unless they are explicitly added to the allowed list using the BlackBerry Gatekeeping Service . To use the BlackBerry Gatekeeping Service , you must create a gatekeeping configuration for the Microsoft Exchange
Server or Microsoft 365 and assign an email profile to users that has the automatic gatekeeping server selected. For details on how to configure the BlackBerry Gatekeeping Service , see Controlling which devices can access Exchange ActiveSync. |
Genoa Transformer Service for Domino | If you select the "Use Genoa Transformer Service to connect to IBM Domino" option, meeting invitations are received on devices as meetings.ics files instead of invite.ics. |
Genoa Transformer Service | Select the "Use Genoa Transformer Service to connect to Google Suite (BETA)" option to allow interoperability between Google Suite and BlackBerry Work. |
Disable Out of Office | If you select this option, you will turn off Out Of Office and disable the setting in the BlackBerry Work client. |
Default email font | Select the "Set default email font" option and specify a font type and size for outgoing mail. Enabling this option does not prevent users from enabling the Use Custom Fonts option in the app settings. If users enable Use Custom Fonts, the fonts that they set will apply until they disable it or you make changes to this option. |
Email signature | Select the "Create a custom email signature for your organization" option to set a custom email signature for users in your organization in plain text. Select the "Use HTML to create signature" option to set the custom email signature in HTML. In the "Add text Input field", type the text for the email signature. |
Active directory password expiration warning | Select the number of days to display a warning to the user before their Microsoft Active
Directory password expires and select a Password Expiration Data Provider (EWS or LDAP). In the Custom Message field, you can add additional information to display to the user.
You can use this feature for users that are using both, the GPO (Global Policy Object) method and PSO (Password Settings Object) method to set the maximum password age. |
Sending emails from aliases | Select the "Enable sending from aliases" option to allow users to send email messages from email accounts that have aliases. |
Notifications | Description |
---|---|
Select level of detail in Email notification | Select the level of detail that users see in email notifications. Available settings:
|
Select level of detail in Calendar notifications | Select the level of detail that users see in calendar notifications. Available settings:
Select the "Show only generic notifications when app is locked ( Android only)" option to show only generic information in notifications if the app is locked.Select the "Show notifications on connected wearable devices ( Android Wear only) option to display notifications on wearable Android devices. Select the "Enable widgets for BlackBerry Work app" to allow users to add widgets to iOS and Android devices. By default, this setting is enabled. If the widget policy is blocked and then unblocked, users must remove and then add the widget again to unblock it. |
Email subfolder notifications | Select the "Enable visual notifications for subscribed subfolders" option to allow users to receive email notifications for subfolders. |
Additional options for notifications on Android Wear devices | Select whether there are additional notifications for Android Wear devices.Available settings:
When using a device outside of a controlled wireless network, wearables require higher communications security with respect to encryption, information integrity, and non-repudiation. Since wearable computers are quite small, most do not come equipped with higher security features and any data that is sent and received is vulnerable. Consequently, BlackBerry Work 's support for wearables is confined to notifications and reminders. |
iOS App Icon Badge | Select the "Allow user to choose between “Unread Mails” and "New Mails" as their default Badge count on the App Icon" option to allow users to choose between displaying a badge count for unread and new email messages as their default badge count on the app icon. If this option is not selected, the app icon badge reflects the number of new email messages that were received since the user last closed the app, and the user cannot select “Unread Mails” as a badge count preference. |
High priority notifications (Android only) | Select the “Enable high priority notifications for regular incoming emails (Android only)” option to enable high-priority notifications for regular (non-VIP) incoming email messages. Messages will be delivered with an audible sound even when the device is in Sleep mode. If this option is enabled, a user cannot turn off this feature on their device. If this option is not enabled, a user can choose to turn on this feature on their device. This feature requires BEMS 3.7 or later. |
S/MIME | Description |
---|---|
Enhanced Security | Select the "Periodically require PIN entry to access SMIME capabilities" option if you want users to be required to periodically enter a PIN to use S/MIME.
If a user enters an incorrect PIN three times, they will be required to reset the PIN. To complete the reset, an unlock code or QR code must be sent to the user. For more information, see Send a BlackBerry Dynamics app unlock key and QR code to a user. |
Sending | In the "Default signing algorithm" drop-down list, select the algorithm to use for signing sent messages. In the "Default encryption algorithm" drop-down list, select the encryption algorithm to use. Select the "Require all emails to be signed" and "Require all emails to be encrypted" if you require that emails must be signed and/or encrypted. Select the "Perform name checking for outgoing encrypted emails (verify email address in certificate matches recipient email address)" option to perform name checking. Name checking verifies that the email address in the certificate matches recipient's account. |
Receiving | In the "Automatically download the body of S/MIME emails" drop-down list, select how the body of S/MIME email messages is downloaded. Wi-Fi is supported on Android devices only. If you select this option, iOS devices are set to "Never."Select the "Perform name checking (verify email address in certificate matches user's account)" option to perform name checking. Name checking verifies that the email address in the certificate matches user's account. |
Opening | Select the "Enable certificate check before opening old S/MIME email" option if you want BlackBerry Work to check if the certificate used to encrypt an email message is still available for the user. Select "Block access to signed messages when no certificate is available" if you want BlackBerry Work to block access if no certificate is available. |
Certificate Management | Specify when to clear the public certificate cache. By default, this setting is Weekly. |
Revocation Checking when the OCSP server is available | Select the "Enable revocation checking" option to enable revocation checks and specify the depth of certificate checking. Available settings:
Select the "Use AIA extension in certificate if present" option to use the AIA extension in certificates if present. In the "Default OCSP URL" field, specify the default OCSP URL to use if the AIA extension cannot be used or it is not present in a certificate. |
Address Book | Description |
---|---|
Address Book Sync | Select the "Allow syncing BlackBerry Contacts to device" option to enable synchronizing contacts to devices and choose the fields that are synchronized. In the "Maximum length for notes" field, specify the maximum length for the notes field. By default, the maximum is 1024 characters. Select the "Even if iCloud is enabled, allow syncing BlackBerry Contacts to device" option to allow synchronization to occur when iCloud is enabled.To turn on 'Enable contact sync to native' to take advantage of this feature on a device, see Change contact settings for BlackBerry Work for Android or in Change BlackBerry Work for iOS settings, see the "Manage your Contacts settings" section. |
Caller ID | Select the "Allow device to use BlackBerry Contacts for Caller ID" option if you want to allow BlackBerry Work to access the user's BlackBerry Work contact list to display contact name for incoming and outgoing phone calls. |
GAL Search | Specify the maximum number of results to display when searching the global address list (GAL). |
Recipients | Specify whether caching is enabled. When caching is enabled, the cache is used to offer autocomplete suggestions for recipients during email composition. |
Contact Sharing | Select the "Enabled support for shared contact folders" option to allow delegates of a Microsoft Exchange user's mailbox to access all shared contacts. |
Interoperability | Description |
---|---|
Camera and Device Photo Gallery permissions | Specify whether to allow access to the device camera, the photo gallery, or both. Available settings:
|
Voice | Select the "Tap a phone number to dial using native phone" option to allow users to use the native phone app on a device or select the "Tap a phone number to dial using entitled and installed GD VOIP apps" option to allow VOIP apps. |
SMS | Select the "Tap SMS icon to initiate SMS using native SMS apps" option to specify whether to allow users to initiate their native SMS apps by tapping the SMS icon or select the "Tap SMS icon to initiate SMS using entitled and installed GD SMS apps" option to specify that users must use BlackBerry
Dynamics SMS apps. |
Misc | Specify whether to allow access to the user's native browser or native maps app. |
Launch 3rd Party App | Select the "Enable integration with 3rd party RSA SecurID app using CTF token seed" to enable two-factor authentication integration with a third-party RSA
SecurID app using a CTF token seed.Select the "Enable launching to 3rd party native apps (iOS only policy)" option to enable launching third-party native apps. When you enable native apps, enter the App URL scheme in the field. BlackBerry Work supports CTF-based provisioning using a nativeRSA
SecurID app. For more information about configuring RSA soft-token authentication, see the BlackBerry Access Administration Guide. |
Launch 3rd Party App Universal link (iOS only) | Universal links allow iOS users to be automatically redirected to an installed app without going through Safari when they click links in a website. If the app isn’t installed on the device, the link opens the website in Safari .You can specify a list of universal links that users can open from BlackBerry Work for iOS . If you add a universal link to this list, the link will redirect to the appropriate app if it is installed on a user's device. If a user clicks on a universal link that is not added to this list, the link will not be redirected to an app and will open in Safari , even if the app is installed on a user's device.To add multiple URLs, insert a carriage return between each URL that you want to add. |
Allow 3rd Party App to Send Mail | Select the "Enable sending mail from BlackBerry Work via mailto:/gmmmailto:/gwmailto:" option to specify whether email messages can be sent using mailto:/gmmmailto:/gwmailto |
File Transfer Privileges | Select the "Enable exporting to 3rd-party native apps" option to specify whether to allow the transfer of files to third-party native apps on the user's device. You can allow and disallow specific apps by app ID and app share extensions. If your environment includes iOS devices that run iOS 14 or later, add both the app ID and app share extension for a specific app to make sure that BlackBerry Work for iOS contains the necessary information to compare the app against the blacklists or whitelists configured in BlackBerry UEM . If the necessary information is not included, users running iOS 14 and later might be unable to transfer a file and receive an error message. For more information, visit support.blackberry.com/community to read article 69436. Select the "Enable Importing from 3rd-party native apps (iOS 12 and below and Android)" option or the "Enable Importing from 3rd-party native apps (iOS 13 and above only)" option to allow the import of files from third-party native apps and BlackBerry
Dynamics apps (for example, BlackBerry Work and BlackBerry Access ) or BlackBerry
Dynamics SDK wrapped apps (for example, iAnnotate for BlackBerry
Dynamics ) on the user's device. You can allow and disallow specific apps by app ID and app share extensions. Note that exceptions to importing apply only to iOS .The combined size of the imported files cannot exceed 120 MB. |
Handling External Images | Select the "Don't allow to download external images" option to block downloading images from external sources. |
Docs and Attachments | Description |
---|---|
Docs Repository | Specify whether to enable a file repository on the device, local, or server docs repositories, and Box , and whether to force users to save pending uploads.
By default, users are alerted about any pending uploads every 24 hours. If Forced Pending Uploads Policy is selected, users are blocked from taking any document related actions in BlackBerry Work until all files are successfully uploaded to the server. |
Sending Attachments | Specify whether to allow outgoing attachments and specify the maximum size and the file extensions that are allowed or disallowed. |
Receiving/Opening Attachments | Specify whether to allow incoming attachments and specify a maximum size and the file extensions that are allowed or disallowed. |
Classification | Description |
---|---|
Email classification | Specify whether to enable email classification markings, such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY. To edit the XML classes, select and delete the code that you want to remove. For more information on classifications, including an example, see Email classifications. After you have enabled email classifications, you can select the "Require all emails to have Email Classification" option to force all email messages to include a classification setting. |
Event classification | Specify whether to enable event classifications markings such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY. After you have enabled event classifications, you can select the "Require all events to have Event Classification" option to force all events to include a classification setting. Note that the classifications for calendar events are applicable only when email classifications are enabled. |
Calendar | Description |
---|---|
Time Zone Info | If you select the "Disable display of time zone information in meeting and contact card" option, BlackBerry Work will not retrieve the time zone information from Microsoft
Exchange that is displayed in the calendar and contacts for users. |
Conference links | Select one or more of the conference platform options to enable users to click a Join button in a meeting request to quickly join a meeting on their device using the associated platform, such as Zoom . |
External Calendars Preview | Select the “External Calendars Preview” option to display a preview of external calendar events in the day view. You can choose from two levels of data presentation: Placeholders only displays solid vertical placeholders with no event data.Details displays external calendar events as standard event blocks with an event title and the recurrence status icon. |
Calendar Event New Time Proposal | Select this option to allow users to use the propose new meeting time feature. |
Basic Configuration | Description |
---|---|
Security Settings | Select the "Use Kerberos Constrained Delegation in place of login/password" option to specify whether Kerberos Constrained Delegation will be used for logging in to Microsoft
Exchange . If this option is not selected, NTLM/Basic authentication will be used. Select the "Use client certificate in place of login/password" option to specify whether clients must have individual login certificates (SSL) uploaded to the BlackBerry UEM management console. These certificates are used for login instead of basic credentials (username/password). |
Enterprise Server Settings | In the Server List Reshuffle Period (minutes) field, specify the frequency that the server list, if present, is reshuffled for load balancing purposes. In the Server List Quarantine Period (minutes) field, specify how long BlackBerry Work waits before retrying if BlackBerry UEM is not working. |
Client Settings | In the Sync Email Body Size (Kb) field, specify the size, in KB, of the partial message body downloaded from the server if the user selects the option to download partial message content. Select the "Use BEMS to perform AutoDiscover of the EAS/EWS endpoint for the user" option to specify that the client will use the BlackBerry Server Autodiscover service to determine the EAS/EWS endpoint for the user. Select the "Create and consume rights-managed email messages option" to specify that Information Rights Managements (IRM) must be enabled for user mailboxes on Microsoft
Exchange . |
Other Settings | In the Send Feedback Email Address field, specify the email address where client feedback email messages are sent. Add multiple comma delimited recipients as needed. In the Report Phishing Email Address field, specify whether users can report emails as phishing. The reported emails are forwarded to the email address provided in this field then moved to Trash folder. |
Account Setup | When the "Skip Email Short Form Setup" option is selected, users must input their Microsoft Active
Directory usernames, passwords, and domains during device activation. |
ActiveSync and Auto Discover Authentication Methods (iOS Only) | Specify the authentication methods to use. If only certain authentication methods are supported from Microsoft
Exchange , set those values to minimize the user setup time. (For example, if Auto Discover and ActiveSync IIS Auth Settings are set to allow only NTLM and Basic, then de-select Negotiate in above app setting.) If none are selected, the default Microsoft
Exchange setting is used. If using client-based authentication, check none of the options. |
Exchange Web Services Authentication Methods ( iOS Only) | Specify the authentication methods to use. If only certain authentication methods are supported from Microsoft
Exchange , set those values to minimize the user setup time. (For example, if EWS IIS Auth Setting is set to allow only NTLM, then select only NTLM above for an optimal setup experience.) If none are selected above, the default Microsoft
Exchange setting is used. If using client-based authentication, check none of the options. |
Exchange Web Services Settings | Specify the Microsoft Exchange Web
Services URL endpoint (for example, https://mydomain.com/EWS/Exchange.asmx). If you select the "Disable Exchange Web Services" option, all Microsoft Exchange Web
Services activities, including calendar forward and calendar attachment, are disabled. |
Exchange ActiveSync Settings | In the Default Domain field, specify the Windows NT Domain to try automatically when logging in. If your server uses newer UPN (email@host.com) style login instead of the older (domain\user) style login, this field should be left blank. In the ActiveSync Server field, specify the default Microsoft
Exchange Server to connect to (for example, cas.mydomain.com). In the Autodiscover URL field, specify the auto discover URL if known. This speeds up the auto discover setup process (for example, https://autodiscover.< mydomain >.com/autodiscover/autodiscover.xml).In the Autodiscover Connection Timeout in Seconds (iOS only) field, specify the timeout setting for iOS devices. |
Enforce App Configuration | Select the "Enforce App Configuration" option to ensure that modern authentication, EAS/EWS endpoints, and Microsoft 365 settings configured in the BlackBerry
Dynamics connectivity profile are applied. This option is useful when you are troubleshooting issues after you have migrated a BlackBerry Work mailbox from an on-premises Microsoft
Exchange Server to Microsoft 365 .BlackBerry recommends that you copy your organization’s app configuration, select the Enforce App Configuration option, and apply the app configuration only to the affected users. |
Advanced Settings | Specify additional configuration parameters in this text area. Contact BlackBerry Support for more details. |
Advanced Configuration | Description |
---|---|
UPN Settings | In the "UPN type" drop-down list, select "Explicit UPN" to override the default UPN setting in the Dynamics Global properties. |
ActiveSync User Name Formats (iOS Only) | Select the username formats that can be used to authenticate with your Exchange ActiveSync server. To simplify user setup time, select only the username formats that are supported by your Exchange ActiveSync server.If you do not select an option, all options are allowed. |
Exchange Web Services User Name Formats ( iOS Only) | Select the username formats that can be used to authenticate with Microsoft Exchange Web
Services .To simplify user setup, select only the username formats that are supported by Microsoft Exchange Web
Services .If you do not select an option, all options are allowed. |
TLS Certificate Settings | Specify the user credential profile that contains the TLS certificate to be used to connect to Microsoft
Exchange . The name of the profile that you specify here must match the name of the user credential profile that was created in the BlackBerry UEM management console.For more information on user credential profiles, see Using user credential profiles to send certificates to devices. |
Email Sync Window | In the "Maximum Email Sync Window Allowed" drop-down list, specify the number of days in the past to synchronize email messages to devices. If the setting on a device allows for more days than the server setting, the server setting is used and email messages that are older than the server setting are removed from the device. If the setting on the device allows fewer days than the server setting, the setting on the device remains the same. The user can change the setting on the device to fewer days than the server setting. |
Draft Folder Syncing | Prevent a user from deselecting the Drafts folder which keeps it from being automatically synchronized. |
Background Authorization | Select a time to allow the BlackBerry Work app to synchronize email in the background periodically. Decreasing the duration between the time that email synchronizes ensures that the user's inbox is up to date when they open the app. |
Shared Mailboxes | Select the "Enable access to Shared Mailboxes" option if you want to allow users to add a user mailbox that they are a delegate for, or a shared mailbox that they have been granted access to, in BlackBerry Work . If this option is disabled after shared mailboxes have been added, existing shared mailboxes are removed, and they are not restored if the setting is enabled again. Also, if a user attempts to add a shared mailbox when this option is disabled, they will not be able to add the mailbox and will see a message in the BlackBerry Work app stating that they must contact their administrator. |
Shared Calendar Periodic Sync | Select the "Enable Calendar Periodic Syncing " option to allow a shared calendar to be refreshed every 10 minutes while it is onscreen in the foreground. This feature applies to all views: Agenda, Day, Week, and Month. |
Mailbox Migration | Select the "Migration Flow Enabled" option when you are planning to migrate a BlackBerry Work mailbox from an on-premises Microsoft Exchange
Server to Office
365 .
To set an expiry time, enter a date in the Migration Flow Expiration Date field. After the date that you enter has passed, the Migration Flow Enabled setting is ignored. |
Office
365 Settings | Select the "Use Office
365 Settings" option to configure options for Microsoft 365 . If selected, specify the following:
|
Upgrade Exchange ActiveSync Protocol | Select the "Upgrade to latest supported Exchange Active Sync protocol" setting to enable BlackBerry Work clients to check and upgrade to the latest supported Exchange Active Sync Protocol, if required. |
Performance Reporting | Description |
---|---|
Enable Performance Reporting | Select this option, to specify whether to monitor performance of the BlackBerry Work app. |
HTTP Connection Error | Select the "Enable reporting of HTTP connection errors" options to specify whether to report HTTP connection errors between BlackBerry Work and the specified application servers. |
HTTP Response Time | Select the "Report HTTP responses taking long time" option to specify whether to report HTTP responses that are taking longer than the specified time. Enter the application server addresses to monitor. |
HTTP Status Code | Select the "Report HTTP status codes received" option to specify whether to report a specified HTTP status code. Enter the application server addresses to monitor. |
Don't send reports for duration (in seconds) | Specify the amount of time to wait before sending another report. |
Beta Features | Description |
---|---|
Microsoft Teams | Select the "Allow users to add a Microsoft Teams meeting when creating a calendar event" option to allow users to create Microsoft Teams meetings. This feature works with Office
365 and requires modern authentication to be configured.Select the "Allow Microsoft Teams calls/chat from contact" option to allow Microsoft Teams calls and chats to launch from BlackBerry Work Contacts. In the "Specify additional domains that support Microsoft Teams call/chat" field, enter additional email domains that support Microsoft Teams in a comma separated list. |
Deprecated tab | Description |
---|---|
Skype for Business | If you are currently using Skype for Business 2015 or later in your environment, you can allow users to add meetings and join meetings directly from their calendars.Select the "Allow to create Skype For Business meetings in calendar" option to allow users to add Skype for Business meetings to their calendars.Select the "Allow launching into Skype for Business app on mobile" option to allow users to make voice and video calls and to be able to join Skype for Business meetings directly from a calendar invitation. The meeting is automatically opened in the Skype for Business client and users must have the Skype for Business client installed on their devices. In the Domain of Skype for Business meeting link field, enter the fully qualified domain name or the domain-only portion of the Skype for Business meeting server to allow internal users to use the Join meeting button in the event details. For example, meet.example.com or example.com. By entering this domain name, BlackBerry Work can locate which meeting link to capture from the meeting invitation if it is different from the user's email address domain. |
Opening S/MIME (iOS only) | Select the "Disable email decryption with legacy certificates" option to disable using legacy certificates when decrypting email messages. This option cannot be selected if the “Enable certificate check before opening old SMIME email” option is also selected. |
Use heritage settings | Select the "Devices should use values described below for Presence and Docs servers". Selecting this option requires that the following configurations are completed:
|
Preferred Presence Server Configuration | Type the FQDN of the computers that host the BEMS-Presence service. If you have multiple servers, separate the names using commas, not spaces (for example, domain01.example.com:8443,domain02.example.com:8443). |
Preferred Docs Server Configuration | Type the FQDN of the computers that host the BEMS-Docs service. If you have multiple servers, separate the names using commas, not spaces (for example, domain01.example.com:8443,domain02.example.com:8443). |
Microsoft Authentication Library | Disabling this policy will result in using legacy Microsoft Entra ID Active Directory Authentication Library when logging into Work mailbox account. (iOS Only) |
Legacy proxy Office 365 Modern Authentication | Select the "Use legacy Proxy Office
365 Modern Authentication requests" option to use legacy proxy requests through the BlackBerry
Dynamics Proxy server. (Android only) |
Security Settings | Select the "Disable SSL Certificate Checking" option to disable SSL Certificate verification for Exchange ActiveSync /Microsoft Exchange Web
Services in test environments. |