Skip Navigation

BlackBerry Work
app configuration settings

App Settings tab
Description
Autodiscover
If you select the "Enable automated Autodiscover" option,
BlackBerry Work
automatically discovers the
Exchange ActiveSync
server.
Due to possible security vulnerabilities, it is not recommended that you select this option.
Authorized Email Domains
Select the "Display warning while sending message if the number of unauthorized recipient email domain(s) is" option if you want to display a warning message to users that attempt to send a message to the number of unauthorized domains specified in the drop-down list.
Select the "Display warning for received messages if the sender's email domain is unauthorized" option if you want to display a warning to users when they receive messages from senders that are not listed in the Authorized email domains list.
If you select either of the options above, specify a list of authorized email domains. Use a comma separated list, with no spaces, to specify authorized email domains. You can edit the sample text displayed in the warning message field.
External Email Marking
If you select the "Prepend tag to subject on external mails" option, the subject lines of email messages sent outside of the user's domain are prepended with the text specified in the Text to prepend field.
Data Leakage Prevention Watermark
If you select the "Enable DLP Watermark" option, a watermark is added to all
BlackBerry Dynamics
app screens (for example,
BlackBerry Work
,
BlackBerry Work
Docs
, Calendar, and Contacts). The watermark shows the user's username and current date and time. Note: If users print a file, the watermarks are not displayed in the output.
Avatar Photos
If you select the "Enable avatar photos" option, contact photographs are displayed in
BlackBerry Work
. If this option is not selected, the user's initials are displayed instead of a photograph.
Presence Service
If you select the "Enable presence service" option, users can see the online status of their instant messaging contacts. Available settings:
  • Other Platforms: Select this option if your environment is configured to use
    Microsoft Lync
    ,
    Cisco Jabber
    , or
    Skype for Business
    On-prem using trusted application mode.
  • Skype for Business
    On-Prem - Non-trusted Application Mode
If this setting was enabled previously, the default setting is "Other platforms" and the drop-down shows "Select".
For more information about setting up the
BEMS-Presence
service, refer to the Set up support for the BEMS-Presence in non-trusted application mode topic.
Email Search
If you select the "Enable searching emails on server" option, users can search email messages on the server.
Diagnostics
If you select the "Allow users to perform app diagnostics" option, users can perform app diagnostics from the
BlackBerry Dynamics Launcher
on their devices.
BlackBerry Gatekeeping Service
If you select the "Use BlackBerry Gatekeeping Service" option, unauthorized devices are prevented from using
Exchange ActiveSync
unless they are explicitly added to the allowed list using the
BlackBerry Gatekeeping Service
. To use the
BlackBerry Gatekeeping Service
, you must create a gatekeeping configuration for the
Microsoft Exchange Server
or
Microsoft Office 365
and assign an email profile to users that has the automatic gatekeeping server selected. For details on how to configure the
BlackBerry Gatekeeping Service
, see Controlling which devices can access Exchange ActiveSync.
Genoa Transformer Service for
Domino
If you select the "Use Genoa Transformer Service to connect to IBM Domino" option, meeting invitations are received on devices as meetings.ics files instead of invite.ics.
Disable Out of Office
If you select this option, you will turn off Out Of Office and disable the setting in the
BlackBerry Work
client.
Notifications tab
Description
Select level of detail in Email notification
Select the level of detail that users see in email notifications.
Available settings:
  • No notifications: Users don't receive notifications when email messages are received.
  • No details in notification: Users see the default message notifications, "You have received a new message" and "You have received an invitation," in the email preview.
  • Sender only: Users see the sender's name in clear text with the default message notification in the email preview.
  • Sender and Message: Users see the sender's name and a preview of the email  message.
  • Sender, Subject, and Preview (
    Android
    only): Users see the Sender name, Subject of the email message, and a preview of the email message. 
The default setting is "Sender and Subject."
Select level of detail in Calendar notifications
Select the level of detail that users see in calendar notifications.
Available settings:
  • No notifications: Users don't receive notifications when calendar invitations are received.
  • No details in notification: Users see the default message notifications, "You have received a new message" and "You have received an invitation," in the email preview.
  • Meeting Time only: Users see the meeting time in clear text with the default message notification.
  • Meeting Time and Subject: Users see the meeting time and subject of the meeting in the email preview.
  • Meeting Time, Subject and Location: Users see the meeting time, subject, and location of the meeting in the email preview.
  • Meeting Time, Subject, Location, and Preview (
    Android
    only): Users see the meeting time, subject, location, and a preview of the meeting description in the email preview.
The default setting is "Meeting Time, Subject, and Location."
Select the "Show only generic notifications when app is locked (
Android
only)" option to show only generic information in notifications if the app is locked.
Select the "Show notifications on connected wearable devices (
Android
Wear only) option to display notifications on wearable
Android
devices.
Select the "Enable widgets for
BlackBerry Work
app" to allow users to add widgets to
iOS
and
Android
devices. By default, this setting is enabled. If the widget policy is blocked and then unblocked, users must remove and then add the widget again to unblock it.
Additional options for notifications on
Android
Wear devices
Select whether there are additional notifications for
Android
Wear devices.
Available settings:
  • Notification for VIP Contacts
  • Notification for anyone
  • Notification with voice reply for anyone
When using a device outside of a controlled wireless network, wearables require higher communications security with respect to encryption, information integrity, and non-repudiation. Since wearable computers are quite small, most do not come equipped with higher security features and any data that is sent and received is vulnerable. Consequently,
BlackBerry Work
's support for wearables is confined to notifications and reminders.
Apple Watch
app
Select the "Enable
BlackBerry Work
app on
Apple Watch
option to communicate between the device and the
Apple Watch
This feature doesn't use the
BlackBerry Dynamics
Secure Container to secure the storage or communication between the device and
Apple Watch
iOS
App Icon Badge
Select the "Allow user to choose between “Unread Mails” and "New Mails" as their default Badge count on the App Icon" option to allow users to choose between displaying a badge count for unread and new email messages as their default badge count on the app icon. If this option is not selected, the app icon badge reflects the number of new email messages that were received since the user last closed the app, and the user cannot select “Unread Mails” as a badge count preference.
S/MIME tab
Description
Enhanced Security
Select the "Periodically require PIN entry to access SMIME capabilities" option if you want users to be required to periodically enter a PIN to use S/MIME.
Sending
In the "Default signing algorithm" drop-down list, select the algorithm to use for signing sent messages.
In the "Default encryption algorithm" drop-down list, select the encryption algorithm to use.
Select the "Require all emails to be signed" and "Require all emails to be encrypted"  if you require that emails must be signed and/or encrypted.
Select the "Perform name checking for outgoing encrypted emails (verify email address in certificate matches recipient email address)" option to perform name checking. Name checking verifies that the email address in the certificate matches recipient's account.
Receiving
In the "Automatically download the body of S/MIME emails" drop-down list, select how the body of S/MIME email messages is downloaded.
Wi-Fi
is supported on
Android
devices only. If you select this option,
iOS
devices are set to "Never."
Select the "Perform name checking (verify email address in certificate matches user's account)" option to perform name checking. Name checking verifies that the email address in the certificate matches user's account.
Opening
Select the "Enable certificate check before opening old S/MIME email" option if you want BlackBerry Work to check if the certificate used to encrypt an email message is still available for the user.
Select "Block access to signed messages when no certificate is available" if you want BlackBerry Work to block access if no certificate is available.
Certificate Management
Specify when to clear the public certificate cache. By default, this setting is Weekly. 
Revocation Checking when the OCSP server is available
Select the "Enable revocation checking" option to enable revocation checks and specify the depth of certificate checking. Available settings:
  • Check entire certificate chain
  • Check user / client certificate only
Select the "Use AIA extension in certificate if present" option to use the AIA extension in certificates if present.
In the "Default OCSP URL" field, specify the default OCSP URL to use if the AIA extension cannot be used or it is not present in a certificate.
Address Book tab
Description
Address Book Sync
Select the "Allow syncing BlackBerry Contacts to device" option to synchronize contacts to devices and choose the fields that are synchronized.
In the "Maximum length for notes" field, specify the maximum length for the notes field. By default, the maximum is 1024 characters.
Select the "Even if
iCloud
is enabled, allow syncing BlackBerry Contacts to device" option to allow synchronization to occur when
iCloud
is enabled.
Caller ID (BETA)
Select the "Allow device to use BlackBerry Contacts for Caller ID" option if you want to allow
BlackBerry Work
to access the user's
BlackBerry Work
contact list to display contact name for incoming and outgoing phone calls.
GAL Search
Specify the maximum number of results to display when searching the global address list (GAL).
Recipients
Specify whether caching is enabled. When caching is enabled, the cache is used to offer autocomplete suggestions for recipients during email composition.
Interoperability
Description
Camera and Device Photo Gallery permissions
Specify whether to allow access to the device camera, the photo gallery, or both. Available settings:
  • Allow access to camera and device photo gallery
  • Allow access to camera only
  • No access to camera or device photo gallery
The default value is "Allow access to camera and device photo gallery."
Voice
Select the "Tap a phone number to dial using native phone" option to allow users to use the native phone app on a device or select the "Tap a phone number to dial using entitled and installed GD VOIP apps" option to allow VOIP apps.
SMS
Select the "Tap SMS icon to initiate SMS using native SMS apps" option to specify whether to allow users to initiate their native SMS apps by tapping the SMS icon or select the "Tap SMS icon to initiate SMS using entitled and installed GD SMS apps" option to specify that users must use
BlackBerry Dynamics
SMS apps.
Misc
Specify whether to allow access to the user's native browser or native maps app.
Launch 3rd Party App
Select the "Enable integration with 3rd party RSA SecurID app using CTF token seed" to enable two-factor authentication integration with a third-party
RSA SecurID
app using a CTF token seed.
Select the "Enable launching to 3rd party native apps (iOS only policy)" option to enable launching third-party native apps. When you enable native apps, enter the App URL scheme in the field.
BlackBerry Work
supports CTF-based provisioning using a native
RSA SecurID
app. For more information about configuring
RSA
soft-token authentication, see the BlackBerry Access Administration Guide.
Launch 3rd Party App Universal link (iOS only)
Universal links allow
iOS
users to be automatically redirected to an installed app without going through
Safari
when they click links in a website. If the app isn’t installed on the device, the link opens the website in
Safari
.
You can specify a list of universal links that users can open from
BlackBerry Work for iOS
. If you add a universal link to this list, the link will redirect to the appropriate app if it is installed on a user's device. If a user clicks on a universal link that is not added to this list, the link will not be redirected to an app and will open in
Safari
, even if the app is installed on a user's device.
To add multiple URLs, insert a carriage return between each URL that you want to add.
Allow 3rd Party App to Send Mail
Select the "Enable sending mail from BlackBerry Work via mailto:/gmmmailto:/gwmailto:" option to specify whether email messages can be sent using mailto:/gmmmailto:/gwmailto
File Transfer Privileges
Select the "Enable exporting to 3rd-party native apps" option to specify whether to allow the transfer of files to third-party native apps on the user's device. You can allow and disallow specific apps by app ID and app share extensions. If your environment includes
iOS
devices that run
iOS
14 or later, add both the app ID and app share extension for a specific app to make sure that
BlackBerry Work for iOS
contains the necessary information to compare the app against the blacklists or whitelists configured in
BlackBerry UEM
. If the necessary information is not included, users running
iOS
14 and later might be unable to transfer a file and receive an error message. For more information, visit support.blackberry.com/community to read article 69436. 
Select the "Enable Importing from 3rd-party native apps" option to allow the import of files from third-party native apps on the user's device. You can allow and disallow specific apps by app ID and app share extensions. Note that exceptions to importing apply only to
iOS
.
Docs and Attachments tab
Description
Docs Repository
Specify whether to enable a file repository on the device, local or server docs repositories, and
Box
, and whether to force users to save pending uploads.
Note: By default users are alerted about any pending uploads every 24 hours. If Forced Pending Uploads Policy is selected, users are blocked from taking any document related actions in
BlackBerry Work
until all files are successfully uploaded to the server.
Sending Attachments
Specify whether to allow outgoing attachments and specify the maximum size and the file extensions that are allowed or disallowed.
Receiving/Opening Attachments
Specify whether to allow incoming attachments and specify a maximum size and the file extensions that are allowed or disallowed.
Classification tab
Description
Email classification
Specify whether to enable email classification markings, such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY. To edit the XML classes, select and delete the code that you want to remove. For more information on classifications, including an example, see Email classifications .
After you have enabled email classifications, you can select the "Require all emails to have Email Classification" option to force all email messages to include a classification setting.
Enable Event Classification Markings
Specify whether to enable event classifications markings such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY.
After you have enabled event classifications, you can select the "Require all events to have Event Classification" option to force all events to include a classification setting.
Note that the classifications for calendar events are applicable only when email classifications are enabled.
Calendar tab
Description
Skype for Business
If you are currently using
Skype for Business
2015 or later in your environment, you can allow users to add meetings and join meetings directly from their calendars.
Select the "Allow to create Skype For Business meetings in calendar" option to allow users to add
Skype for Business
meetings to their calendars.
Select the "Allow launching into Skype for Business app on mobile" option to allow users to make voice and video calls and to be able to join
Skype for Business
meetings directly from a calendar invitation. The meeting is automatically opened in the
Skype for Business
client and users must have the
Skype for Business
client installed on their devices.
In the
Domain of Skype for Business meeting link
field, enter the fully qualified domain name or the domain-only portion of the
Skype for Business
meeting server to allow internal users to use the Join meeting button in the event details. For example, meet.example.com or example.com. By entering this domain name,
BlackBerry Work
can locate which meeting link to capture from the meeting invitation if it is different from the user's email address domain.
Time Zone Info
If you select the "Disable display of time zone information in meeting and contact card" option,
BlackBerry Work
will not retrieve the time zone information from Microsoft Exchange that is displayed in the calendar and contacts for users.
Conference links
Select one or more of the conference platform options to enable users to click a Join button in a meeting request to quickly join a meeting on their device using the associated platform, such as Zoom.
External Calendars Preview
Select the “External Calendars Preview” option to display a preview of external calendar events in the day view. You can choose from two levels of data presentation:
Placeholders only
displays solid vertical placeholders with no event data
Details
displays external calendar events as standard event blocks with an event title and the recurrence status icon.
Enable support for calendar new time proposal
Select this option to allow users to use the propose new meeting time feature.
Basic Configuration tab
Description
Security Settings
Select the "Use Kerberos Constrained Delegation in place of login/password" option to specify whether
Kerberos
Constrained Delegation will be used for logging in to
Microsoft Exchange
. If this option is not selected, NTLM/Basic authentication will be used.
Select the "Use client certificate in place of login/password" option to specify whether clients must have individual login certificates (SSL) uploaded to the
BlackBerry UEM
management console. These certificates are used for login instead of basic credentials (username/password).
Enterprise Server Settings
In the Server List Reshuffle Period (minutes) field, specify the frequency that the server list, if present, is reshuffled for load balancing purposes.
In the Server List Quarantine Period (minutes) field, specify how long
BlackBerry Work
waits before retrying if
BlackBerry UEM
is not working.
Client Settings
In the Sync Email Body Size (Kb) field, specify the size, in KB, of the partial message body downloaded from the server if the user selects the option to download partial message content.
Select the "Use BEMS to perform AutoDiscover of the EAS/EWS endpoint for the user" option to specify that the client will use the
BlackBerry
Server Autodiscover service to determine the EAS/EWS endpoint for the user.
Select the "Create and consume rights-managed email messages option" to specify that Information Rights Managements (IRM) must be enabled for user mailboxes on
Microsoft Exchange
.
Other Settings
In the Send Feedback Email Address field, specify the email address where client feedback email messages are sent. Add multiple comma delimited recipients as needed.
In the Report Phishing Email Address field, specify whether users can report emails as phishing. The reported emails are forwarded to the email address provided in this field then moved to Trash folder.
Account Setup
When the "Skip Email Short Form Setup" option is selected, users must input their
Microsoft Active Directory
usernames, passwords, and domains during device activation.
ActiveSync
and Auto Discover Authentication Methods (
iOS
Only)
Specify the authentication methods to use. If only certain authentication methods are supported from
Microsoft Exchange
, set those values to minimize the user setup time. (For example, if Auto Discover and
ActiveSync
IIS Auth Settings are set to allow only NTLM and Basic, then de-select Negotiate in above app setting.) If none are selected, the default
Microsoft Exchange
setting is used. If using client-based authentication, check none of the options.
Exchange Web Services Authentication Methods (
iOS
Only)
Specify the authentication methods to use. If only certain authentication methods are supported from
Microsoft Exchange
, set those values to minimize the user setup time. (For example, if EWS IIS Auth Setting is set to allow only NTLM, then select only NTLM above for an optimal setup experience.) If none are selected above, the default
Microsoft Exchange
setting is used. If using client-based authentication, check none of the options.
Exchange Web Services Settings
Specify the
Microsoft Exchange Web Services
URL endpoint (for example, https://mydomain.com/EWS/Exchange.asmx). If you select the "Disable Exchange Web Services" option, all
Microsoft Exchange Web Services
activities, including calendar forward and calendar attachment, are disabled.
Exchange ActiveSync
Settings
In the Default Domain field, specify the
Windows NT
Domain to try automatically when logging in. If your server uses newer UPN (email@host.com) style login instead of the older (domain\user) style login, this field should be left blank.
In the ActiveSync Server field, specify the default
Microsoft Exchange
Server to connect to (for example, cas.mydomain.com).
In the Autodiscover URL field, specify the auto discover URL if known. This speeds up the auto discover setup process (for example, https://autodiscover.<
mydomain
>.com/autodiscover/autodiscover.xml).
In the Autodiscover Connection Timeout in Seconds (iOS only) field, specify the timeout setting for
iOS
devices.
Enforce App Configuration
Select the "Enforce App Configuration" option to ensure that modern authentication, EAS/EWS endpoints, and
Microsoft Office 365
settings configured in the
BlackBerry Dynamics
connectivity profile are applied. This option is useful when you are troubleshooting issues after you have migrated a
BlackBerry Work
mailbox from an on-premises
Microsoft Exchange
Server to
Microsoft Office 365
.
BlackBerry
recommends that you copy your organization’s app configuration, select the Enforce App Configuration option, and apply the app configuration only to the affected users.
Advanced Settings
Specify additional configuration parameters in this text area. Contact
BlackBerry
Support for more details.
Advanced Configuration tab
Description
ActiveSync
User Name Formats (
iOS
Only)
Select the username formats that can be used to authenticate with your
Exchange ActiveSync
server. Available settings:
  • UPN
  • Domain\UserId
  • SMTP
To simplify user setup time, select only the username formats that are supported by your
Exchange ActiveSync
server.
If you do not select an option, all options are allowed.
Exchange Web Services User Name Formats (
iOS
Only)
Select the username formats that can be used to authenticate with
Microsoft Exchange Web Services
. Available settings:
  • UPN
  • Domain\UserId
  • SMTP
To simplify user setup, select only the username formats that are supported by
Microsoft Exchange Web Services
.
If you do not select an option, all options are allowed.
TLS Certificate Settings
Specify the user credential profile that contains the TLS certificate to be used to connect to
Microsoft Exchange
. The name of the profile that you specify here must match the name of the user credential profile that was created in the
BlackBerry UEM
management console.
For more information on user credential profiles, see Using user credential profiles to send certificates to devices.
Email Sync Window
In the "Maximum Email Sync Window Allowed" drop-down list, specify the number of days in the past to synchronize email messages to devices. If the setting on a device allows for more days than the server setting, the server setting is used and email messages that are older than the server setting are removed from the device. If the setting on the device allows fewer days than the server setting, the setting on the device remains the same. The user can change the setting on the device to fewer days than the server setting.
Draft Folder Syncing
Prevent a user from deselecting the Drafts folder which keeps it from being automatically synchronized.
Background Authorization
Select a time to allow the
BlackBerry Work
app to synchronize email in the background periodically. Decreasing the duration between the time that email synchronizes ensures that the user's inbox is up to date when they open the app.
Shared Mailboxes
Select the "Enable access to Shared Mailboxes" option if you want to allow users to add a user mailbox that they are a delegate for, or a shared mailbox that they have been granted access to, in
BlackBerry Work
. If this option is disabled after shared mailboxes have been added, existing shared mailboxes are removed, and they are not restored if the setting is enabled again. Also, if a user attempts to add a shared mailbox when this option is disabled, they will not be able to add the mailbox and will see a message in the
BlackBerry Work
app stating that they must contact their administrator.
For users to be able to receive notifications for user mailboxes that have been delegated,
BEMS
2.10 or later is required. For users to be able to receive notifications from their shared mailboxes,
BEMS
2.12 or later is required.
Mailbox Migration
Select the "Migration Flow Enabled" option when you are planning to migrate a
BlackBerry Work
mailbox from an on-premises
Microsoft Exchange Server
to
Office 365
.
To set an expiry time, enter a date in the Migration Flow Expiration Date field. After the date that you enter has passed, the Migration Flow Enabled setting is ignored.
Office 365
Settings
Select the "Use
Office 365
Settings" option to configure options for
Microsoft Office 365
. If selected, specify the following:
  • Select the "Use
    Office 365
    Modern Authentication" option to use modern authentication instead of basic authentication. Modern authentication enables
    BlackBerry Work
    to use sign-in features such as Multi-Factor Authentication, SAML-based third-party Identity Providers, and smart card and certificate-based authentication.
  • In the
    Azure
    App ID field, specify the
    Microsoft Azure
    app ID for
    BlackBerry Work
    . For information on how obtain an
    Azure
    ID, see Obtain an Azure app ID for BlackBerry Work.
  • In the
    Office 365
    Sign On URL field, specify the web address that
    BlackBerry Work
    should use when signing in to
    Office 365
    . If you do not specify a value,
    BlackBerry Work
    will use https://login.microsoftonline.com during setup.
  • In the "
    Office 365
    Tenant ID" field, specify the tenant ID of
    Office 365
    server that you want
    BlackBerry Work
    to connect to during setup.
  • In the "
    Office 365
    Resource" field, specify the URL of the
    Microsoft Exchange Online
    server.
  • In the Redirect URI field, specify the URI that you entered in the
    Microsoft Azure
    portal.
  • In the "Exchange User Name Format" section, select UPN to use a UPN user name format instead of SMTP when authenticating with
    Microsoft Exchange Online
    . Depending on your environment, if your users are configured with UPNs that are different from their email address, you might need to enable "Use explicit UPN" property. This requires
    BlackBerry UEM
    12.11 or later. For more information, see the BlackBerry UEM Configuration content. To enable the UPN feature for
    BlackBerry Work
    Docs
    , this feature requires
    BlackBerry Work
    2.21 or later. 
  • Select the "Use Office 365 Modern Authentication for Presence" option to use modern authentication with the
    Presence
    service. The "Enable presence service" option must also be selected.
  • In the "Office 365 Presence Resource" field, enter the app ID for your
    Presence
    service. For more information about how to get an app ID for your
    Presence
    service, see Obtain an Azure app ID for the Connect, Presence, and Docs component service.
  • Select the "Proxy
    Office 365
    Modern Authentication requests (
    Android
    only)" setting to force all
    Office 365
    Modern Authentication requests to go through the
    BlackBerry Proxy
    instead of connecting directly to the Internet
Upgrade Exchange ActiveSync Protocol
Select the "Upgrade to latest supported Exchange Active Sync protocol" setting to enable BlackBerry Work clients to check and upgrade to the latest supported Exchange Active Sync Protocol, if required.
Performance Reporting tab
Description
Enable Performance Reporting
Select this option, to specify whether to monitor performance of the BlackBerry Work app.
HTTP Connection Error
Select the "Enable reporting of HTTP connection errors" options to specify whether to report HTTP connection errors between BlackBerry Work and the specified application servers.
HTTP Response Time
Select the "Report HTTP responses taking long time" option to specify whether to report HTTP responses that are taking longer than the specified time. Enter the application server addresses to monitor.
HTTP Status Code
Select the "Report HTTP status codes received" option to specify whether to report a specified HTTP status code. Enter the application server addresses to monitor
Don't send reports for duration (in seconds)
Specify the amount of time to wait before sending another report.
Deprecated tab
Description
Use heritage settings
Select the "Devices should use values described below for
Presence
and
Docs
servers". Selecting this option requires that the following configurations are completed:
  • BlackBerry Work
    is added to the
    BlackBerry Dynamics
    Connectivity Profile App Servers section. For more information, visit support.blackberry.com/community to read article 47950.
  • Specifying the preferred
    Presence
    Server configuration
  • Specifying preferred
    Docs
    Server configuration
Preferred
Presence
Server Configuration
Type the FQDN of the computers that host the
BEMS-Presence
service. If you have multiple servers, separate the names using commas, not spaces (for example, domain01.example.com:8443,domain02.example.com:8443).
Preferred
Docs
Server Configuration
Type the FQDN of the computers that host the
BEMS-Docs
service. If you have multiple servers, separate the names using commas, not spaces (for example, domain01.example.com:8443,domain02.example.com:8443).
Exchange ActiveSync
16.0 Protocol
If supported by your
Microsoft Exchange
server, specify whether to use
Exchange ActiveSync
version 16 for synchronization between
Microsoft Exchange
and
BlackBerry Work
version 2.14 or earlier.
This setting must be enabled if you want to allow users to be able to synchronize their Drafts folder to
BlackBerry Work
version 2.14 or earlier. For more information on how to synchronize the Drafts folder, visit support.blackberry.com/community to read article 50339.
This policy does not apply to
BlackBerry Work
version 2.15 or later as this version will automatically upgrade to
Exchange ActiveSync
version 16 if supported by your organization's
Microsoft Exchange
server. After upgrading to 
BlackBerry Work
version 2.15, users will see a message that tells them that 
BlackBerry Work
must resynchronize with their 
Microsoft Exchange
server. Documents stored in Local Docs and user preferences are retained and are not impacted. After the resynchronization completes, users will be able to synchronize their Drafts folder to
BlackBerry Work
.
Microsoft Authentication Library
Disabling this policy will result in using legacy Microsoft Azure Active Directory Authentication Library when logging into Work mailbox account. (iOS Only)
Security Settings
Select the "Disable SSL Certificate Checking" option to disable SSL Certificate verification for
Exchange ActiveSync
/
Microsoft Exchange Web Services
in test environments.
Beta tab
Description
Active Directory Password Expiration Warning
Select the number of days to display a warning to the user before their
Microsoft Active Directory
password expires, and select a Password Expiration Data Provider (EWS or LDAP).
In the Custom Message field, you can add additional information to display to the user.
You can use this feature for users that are using both, the GPO (Global Policy Object) method and PSO (Password Settings Object) method to set the maximum password age.
Office 365
Brokered Authentication
Select the "Use
Office 365
Brokered Authentication" to require users to use brokered authentication to authenticate to
BlackBerry Work
and access
BlackBerry Work
Docs repository content (for example,
Microsoft SharePoint Online
) to ensure that settings configured in
Azure AD
Conditional Access are applied. To use this feature,
  • Your environment must be enabled for
    Azure AD
    Conditional Access. For more information, see 'Configure Azure Active Directory Conditional Access' in the
    BlackBerry UEM
    Configuration content.
  • The "
    Office 365
    Settings" (Advanced tab) must be enabled and configured for modern authentication.
  • Users must have the
    Microsoft
    Authenticator app installed.
By default, this setting is disabled.