Skip Navigation

Configuring and using 
BlackBerry Intelligent Security

You complete the following steps to enable and use 
BlackBerry Intelligent Security
 in your organization’s 
BlackBerry UEM
 or 
BlackBerry UEM Cloud
 domain. For software requirements and complete instructions for each step, see the BlackBerry Intelligent Security Administration Guide.
  1. Purchase 
    BlackBerry Intelligent Security
     licenses for your organization’s users. Assign the 
    BlackBerry Intelligent Security
     entitlement to users.
  2. Enable 
    BlackBerry Intelligent Security
     in an existing or new 
    UEM
     domain.
  3. Assign a 
    BlackBerry Intelligent Security
     administrator role to the users that will manage the service.
  4. Optionally, customize the 
    BlackBerry Intelligent Security
     risk engines and how long the service retains data.
  5. Create local 
    UEM
     user groups. Each group will be used for one or more of the behavioral risk levels, geozone risk levels, or defined geozones. Configure each group with a custom combination of IT policies, profiles, app assignments, and permissions that meet your organization’s standards for each risk level or geozone.
  6. Optionally, define geozones to set security standards for specific locations.
  7. Create a 
    BlackBerry Intelligent Security
     policy. The policy defines which risk engines you want 
    BlackBerry Intelligent Security
     to use to determine user risk levels, and the actions the service should take for different types and levels of risk. How you configure the policy determines how 
    BlackBerry Intelligent Security
     enforces adaptive security standards that are appropriate for each user’s current activity and context.
  8. Assign the 
    BlackBerry Intelligent Security
     policy to users and groups.
  9. Create and configure a 
    BlackBerry Enterprise Identity
     authentication policy. When you add one or more risk scenarios that determine the authentication requirements for users, you can specify a behavioral risk level, a geozone risk level, or a defined geozone as a risk factor. 
  10. Assign the 
    BlackBerry Enterprise Identity
     authentication policy to user groups. 
  11. By default, 
    BlackBerry Intelligent Security
     runs in passive mode, where it collects data and builds risk models and learned locations for individual users, but does not execute risk actions. After enough data has been collected and used to create reliable risk models and learned locations, you can enable active mode.
BlackBerry Dynamics
 apps send app events and location data to the 
BlackBerry Intelligent Security
 services at regular intervals. 
BlackBerry Enterprise Identity
 sends data to the services at runtime. The services processes this data to generate identity and geozone risk scores in real-time for each user. Based on your configuration of the policy, 
BlackBerry Intelligent Security
 executes management actions that correspond to a user's risk level (for example, assigning the user to a 
UEM
 group or temporarily blocking 
BlackBerry Dynamics
 apps).
Based on your configuration of the 
BlackBerry Enterprise Identity
 authentication policy, a user’s current behavioral risk level, geozone risk level, or a defined geozone can also determine how the user logs in to services and work apps (for example, no authentication, single sign-on, password, 
BlackBerry 2FA
, or a combination of methods).