Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.5
  3. Configuring BlackBerry Mail
  4. BlackBerry Mail (BEMS Push Notifications service)
  5. Steps to configure Push Notifications
  6. Configure BEMS to communicate with a Microsoft Office 365 environment using Microsoft Graph API

Configure
BEMS
 to communicate with a
Microsoft Office 365
 environment using
Microsoft Graph
 API

Complete this task only if your environment requires new client app registrations.
You must allow
BEMS
 to access
Microsoft Office 365
 to access users’ mailboxes and send notifications to users’ devices when new email is received in the user's mailbox using
Microsoft Graph
. When you configure
BEMS
 to use the
Microsoft Graph
 API, your environment is using modern authentication. After you configure the
Microsoft Graph
 API, you must configure the autodiscover.
In 2022,
Microsoft
 started to deprecate the
Microsoft Exchange Web Services
 (EWS) for
Microsoft Exchange Online
 APIs replacing the EWS with
Microsoft Graph
. For more information, visit techcommunity.microsoft.com and read 'Upcoming API Deprecations in Exchange Web Services for Exchange Online'.
For information on configuring email notifications for
BlackBerry Work
 using
BEMS
 Cloud, see the
BlackBerry UEM Cloud
 content.
Verify that you have the following information and have completed the appropriate tasks.
Verify that you completed the following:
  1. In the
    BlackBerry Enterprise Mobility Server Dashboard
    , under
    BlackBerry Services Configuration
    , click
    Mail
    .
  2. Click
    Microsoft Graph
    .
  3. Select the
    Use Microsoft Graph
     check box.
  4. In the
    Select Authentication type
     section, select an authentication type based on your environment and complete the associated tasks to allow
    BEMS
     to communicate with
    Microsoft Office 365
    :
    Authentication type
    Description
    Task
    Client Certificate
    This option uses a client certificate to allow the
    BEMS
     service account to authenticate to
    Microsoft Office 365
    .
    1. For the
      Upload PFX file
      , click
      Choose File
       and select the client certificate file. For instructions on obtaining the .PFX file, see Associate a certificate with the Azure app ID for BEMS
    2. In the
      Enter PFX file Password
       field, enter the password for the client certificate.
    Client Secret
    This option uses a client secret to allow the
    BEMS
     service account to authenticate to
    Microsoft Office 365
    . The client secret is created during the application registration process.
    In the
    Client Secret
     field, enter the Client secret Value. For instructions on obtaining the client secret, see Obtain an Azure app ID for BEMS with client secret authentication.
  5. In the
    Authentication Authority
     field, enter the Authentication Server URL that
    BEMS
     accesses and retrieve the OAuth token for authentication with
    Microsoft Office 365
    The authentication server URL must be in the format of https://login.microsoftonline.com/
    tenantname
     or https://login.microsoftonline.com/
    tenantid
    .
  6. In the
    Client Application ID
     field, enter the
    Azure
     app ID for the credential authentication. For instructions, see the App ID for BEMS using credential authentication.
  7. In the
    Server Name
     field, enter the FQDN of the
    Microsoft Graph
     server. By default, the field is prepopulated with https://graph.microsoft.com
  8. In the
    External Notification URL
     field, enter the URL that your IT provided when they registered with
    Microsoft
     for callbacks on port 443 to send and receive notifications. Optionally, you can restrict traffic that the firewall accepts to only allow the external notification URL, enter https://<
    your_ExternalNotificationURL
    >/notificationClient/ (for example, bems.example.com:443/notificationClient). For more information, see the BlackBerry Push Notifications (Mail) prerequisites in the BEMS Installation content.
  9. In the
    End User Email Address
     field, type an email address to test connectivity to
    Microsoft Office 365
     using the service account. Click
    Test
    . You can delete the email address after you complete the test.
  10. Click
    Save
    .
  11. Configure the Autodiscover and Exchange Options in Configure BEMS to communicate with the Microsoft Exchange Server, Microsoft Office 365, or hybrid environment (step 5). You can configure the Autodiscovery and Exchange Options settings (Mail > Microsoft Exchange) using one of the following authentication types: Credential, Credential + Modern Authentication, Client Certificate + Modern Authentication, or Passive Authentication.
If you selected
Client Certificate
 authentication, you can view the certificate information. Click
Mail
. The following certificate information is displayed:
  • Subject
  • Issuer
  • Validation period
  • Serial number