Configuring and using BlackBerry Intelligent Security
BlackBerry Intelligent Security
You complete the following steps to enable and use
BlackBerry Intelligent Securityin your organization’s
BlackBerry UEM Clouddomain. For software requirements and complete instructions for each step, see the BlackBerry Intelligent Security Administration Guide.
- PurchaseBlackBerry Intelligent Securitylicenses for your organization’s users. Assign theBlackBerry Intelligent Securityentitlement to users.
- EnableBlackBerry Intelligent Securityin an existing or newUEMdomain.
- Assign aBlackBerry Intelligent Securityadministrator role to the users that will manage the service.
- Optionally, customize theBlackBerry Intelligent Securityrisk engines and how long the service retains data.
- Create localUEMuser groups. Each group will be used for one or more of the behavioral risk levels, geozone risk levels, or defined geozones. Configure each group with a custom combination of IT policies, profiles, app assignments, and permissions that meet your organization’s standards for each risk level or geozone.
- Optionally, define geozones to set security standards for specific locations.
- Create aBlackBerry Intelligent Securitypolicy. The policy defines which risk engines you wantBlackBerry Intelligent Securityto use to determine user risk levels, and the actions the service should take for different types and levels of risk. How you configure the policy determines howBlackBerry Intelligent Securityenforces adaptive security standards that are appropriate for each user’s current activity and context.
- Assign theBlackBerry Intelligent Securitypolicy to users and groups.
- Create and configure aBlackBerry Enterprise Identityauthentication policy. When you add one or more risk scenarios that determine the authentication requirements for users, you can specify a behavioral risk level, a geozone risk level, or a defined geozone as a risk factor.
- Assign theBlackBerry Enterprise Identityauthentication policy to user groups.
- By default,BlackBerry Intelligent Securityruns in passive mode, where it collects data and builds risk models and learned locations for individual users, but does not execute risk actions. After enough data has been collected and used to create reliable risk models and learned locations, you can enable active mode.
BlackBerry Dynamicsapps send app events and location data to the
BlackBerry Intelligent Securityservices at regular intervals.
BlackBerry Enterprise Identitysends data to the services at runtime. The services processes this data to generate identity and geozone risk scores in real-time for each user. Based on your configuration of the policy,
BlackBerry Intelligent Securityexecutes management actions that correspond to a user's risk level (for example, assigning the user to a
UEMgroup or temporarily blocking
Based on your configuration of the
BlackBerry Enterprise Identityauthentication policy, a user’s current behavioral risk level, geozone risk level, or a defined geozone can also determine how the user logs in to services and work apps (for example, no authentication, single sign-on, password,
BlackBerry 2FA, or a combination of methods).