Skip Navigation

Create a 
BlackBerry Intelligent Security
 policy

You create a 
BlackBerry Intelligent Security
 policy to define which risk engines you want 
BlackBerry Intelligent Security
 to use to determine user risk levels and the actions that the service should take for different types and levels of risk. How you configure the policy determines how 
BlackBerry Intelligent Security
 enforces adaptive security standards that are appropriate for each user’s current activity and context.
BlackBerry Intelligent Security
 offers several actions for the different types and levels of risk, from enforcing UEM group assignments to temporarily blocking 
BlackBerry Dynamics
 apps. For more information about how 
BlackBerry Intelligent Security
 resolves conflicting assignments, see Resolving conflicting assignments and precedence rules.
  1. In the 
    BlackBerry Intelligent Security Analytics Portal
    , on the menu bar, click 
    Policies
    .
  2. Click  Add icon .
  3. Type a name and description for the policy.
  4. If you don't want 
    BlackBerry Intelligent Security
     to take action for behavioral risk levels, turn off 
    Behavioral pattern risk
     and skip to step 7.
  5. To configure an action for a behavioral risk level, click  Add icon  next to the risk level and do any of the following:
    • Under 
      Assign to UEM group
      , click the appropriate group.
    • High risk level only: Under 
      BlackBerry Dynamics apps action
      , click 
      Block all BlackBerry Dynamics apps
       or 
      Block the BlackBerry Dynamics app that initiated the request
      .
  6. To allow users to reduce their behavioral risk level to low by completing a 
    BlackBerry 2FA
     authentication prompt, do the following:
    1. In the 
      Identity risk
       section, click 
      Automatic risk reduction
      .
    2. In the drop-down list, click the risk levels that will allow automatic risk reduction.
    3. Click 
      Apply
      .
    If a user successfully authenticates to access a 
    BlackBerry Dynamics
     app, the user cannot be prompted for another authentication (for example, a continuous authentication prompt or automatic risk reduction prompt) for a grace period of at least 5 minutes.
  7. Choose one of the following methods to manage geozone risk levels and actions:
    Method
    Steps
    • Use learned geozones
    • Do not use defined geozones
    1. Verify that 
      Learned geozone risk
       is turned on.
    2. Turn off 
      Defined geozone risk
      .
    3. To configure an action for a learned geozone risk level, click  Add icon  next to a risk level and do any of the following:
      • Under 
        Assign to UEM group
        , click the appropriate group.
      • High risk level only: Under 
        BlackBerry Dynamics apps action
        , click 
        Block all BlackBerry Dynamics apps
         or 
        Block the BlackBerry Dynamics app that initiated the request
        .
    • Use learned geozones
    • Use defined geozones
    • Optional: Take special actions for certain defined geozones
    1. Verify that 
      Learned geozone risk
       and 
      Defined geozone risk
       are turned on.
    2. To configure the default risk actions for both learned and defined geozones, click  Add icon  next to a risk level and do any of the following:
      • Under 
        Assign to UEM group
        , click the appropriate group.
      • High risk level only: Under 
        BlackBerry Dynamics apps action
        , click 
        Block all BlackBerry Dynamics apps
         or 
        Block the BlackBerry Dynamics app that initiated the request
        .
    3. If you want to take special actions for a certain defined geozone, click  Add icon  in the top-right corner of the table and click the geozone. Click  Add icon  for the defined geozone and select the desired actions.
    • Do not use learned geozones
    • Use defined geozones
    • Optional: Take special actions for certain defined geozones
    • Optional: Take special actions for users that are not in defined geozones
    1. Turn off 
      Learned geozone risk
      .
    2. Verify that 
      Defined geozone risk
       is turned on.
    3. To configure an action for all defined geozones set to a certain risk level, click  Add icon  next to the risk level and do any of the following:
      • Under 
        Assign to UEM group
        , click the appropriate group.
      • High risk level only: Under 
        BlackBerry Dynamics apps action
        , click 
        Block all BlackBerry Dynamics apps
         or 
        Block the BlackBerry Dynamics app that initiated the request
        .
    4. If you want to take special actions for a certain defined geozone, click  Add icon  in the top-right corner of the table and click the geozone. Click  Add icon  for the defined geozone and select the desired actions.
    5. If you want to take special actions for users that are not in defined geozones, in the top-right corner of the table, click  Add icon
      > Undefined geozone
      . Click  Add icon  for the undefined geozone and select the desired actions.
    • Do not use learned or defined geozones
    Turn off 
    Defined geozone risk
     and 
    Learned geozone risk
    .
  8. Click 
    Save
    .