Use cases

The following use cases demonstrate the practical application of 
BlackBerry Intelligent Security
 and adaptive security policies in everyday scenarios. In the scenarios below, the 
UEM
 administrator has configured and assigned a 
BlackBerry Intelligent Security
 policy and a 
BlackBerry Enterprise Identity
 authentication policy.
Adapting device behavior in a high-risk scenario
Jane Smith arrives at the airport for a business trip. She uses her work device, an 
iPhone
, to access the airport's free 
Wi-Fi
 network.
Jane’s 
iPhone
 sends data to the 
BlackBerry Intelligent Security
 services in the 
BlackBerry Infrastructure
 indicating that she is on a less secure network and that she is in a location that is far away from her typical learned location for that day and time. The services calculate a high behavioral risk level and a high geozone risk level and communicate these assessments to 
UEM
. The 
BlackBerry Intelligent Security
 policy that is applied to Jane’s device takes effect and 
UEM
 assigns Jane to user groups with more restrictive device policies and profiles, to ensure a higher level of security while Jane is at the airport.
When the new group configurations are applied to Jane’s 
iPhone
, she notices the following changes to device behavior:
  • When Jane tries to log in to work apps and services, she must provide both a 
    UEM
     password and complete 
    BlackBerry 2FA
     authentication.
  • The 
    iPhone
     camera is temporarily disabled.
  • Bluetooth
     functionality is temporarily disabled.
  • Jane’s access to her work intranet websites is currently restricted.
  • Data synchronization to Jane’s work apps, such as 
    BlackBerry Work
    , occurs less frequently. 
The new group assignment with these high-security device behaviors remains in place until Jane’s behavioral and geozone risk level is recalculated and reduced. When she has a lower risk level, 
UEM
 will re-assign her to a group that corresponds to the new risk level.
 
Adapting device behavior in a low-risk scenario
Bob Jones arrives at his company’s main office to attend a lengthy board meeting. He checks his 
Android
 phone during the meeting to make sure that he doesn’t miss any important emails. His phone is using the trusted, secure work network.
Bob’s 
Android
 device sends data to the 
BlackBerry Intelligent Security
 services indicating that he is on a secure network and in a geographic location that is typical for the current day and time. The services calculate a low behavioral risk level and geozone risk level and communicate these assessments to 
UEM
. The 
BlackBerry Intelligent Security
 policy that is applied to Bob’s device takes effect and 
UEM
 assigns Bob to groups with less restrictive device policies and profiles to ensure easy access to work resources in a highly secure location.
When the new group configurations are applied to Bob’s phone, he notices the following changes to device behavior:
  • Bob can use fingerprint authentication to access work apps.
  • Bob is prompted to authenticate with work apps less frequently.
  • When Bob browses to intranet websites, he is automatically authenticated and is not prompted for his username and password.
  • Bob can access privileged apps that he is not able to log in to when he is out of the office. 
When Bob leaves the office later that evening to go home, his device sends data to 
BlackBerry Intelligent Security
 that results in a new behavioral risk level and a new geozone risk level, with corresponding assignments to groups with profiles and permissions that are appropriate for that risk level.
Adapting device behavior in a defined geozone
Evan is in Vancouver on vacation. He has brought along his work device, an 
Android
 phone, so that he can keep up on his emails. Because he is currently located outside of the range of his typical learned geozones, the 
BlackBerry Intelligent Security
 services assess his geozone risk level to be high. As a result, the 
BlackBerry Intelligent Security
 policy that is applied to Evan’s device takes effect and 
UEM
 assigns Evan to groups with more restrictive device policies and profiles. His access to work apps and intranet sites is very limited and he has to sign-in to work apps with both a password and 
BlackBerry 2FA
 authentication.
Evan decides to spend one day of his vacation visiting his company’s Vancouver office so that he can meet a few coworkers and attend an important meeting. The 
UEM
 administrator has created a defined geozone for the Vancouver office and configured it with a static low risk level. The administrator had previously added this defined geozone to the 
BlackBerry Intelligent Security
 policy that is assigned to Evan, and had set it to override the default geozone risk ranges.
While Evan is visiting the office, he is in a defined low-risk geozone. The 
BlackBerry Intelligent Security
 policy executes the group assignment that Evan's administrator configured for this low-risk office location. Evan has unrestricted access to his work apps and intranet sites, and he can use single sign-on authentication for his work apps.