The following use cases demonstrate the practical application of
BlackBerry Intelligent Securityand adaptive security policies in everyday scenarios. In the scenarios below, the
UEMadministrator has configured and assigned a
BlackBerry Intelligent Securitypolicy and a
BlackBerry Enterprise Identityauthentication policy.
Adapting device behavior in a high-risk scenario
Jane Smith arrives at the airport for a business trip. She uses her work device, an
iPhone, to access the airport's free
iPhonesends data to the
BlackBerry Intelligent Securityservices in the
BlackBerry Infrastructureindicating that she is on a less secure network and that she is in a location that is far away from her typical learned location for that day and time. The services calculate a high behavioral risk level and a high geozone risk level and communicate these assessments to
BlackBerry Intelligent Securitypolicy that is applied to Jane’s device takes effect and
UEMassigns Jane to user groups with more restrictive device policies and profiles, to ensure a higher level of security while Jane is at the airport.
When the new group configurations are applied to Jane’s
iPhone, she notices the following changes to device behavior:
- When Jane tries to log in to work apps and services, she must provide both aUEMpassword and completeBlackBerry 2FAauthentication.
- TheiPhonecamera is temporarily disabled.
- Bluetoothfunctionality is temporarily disabled.
- Jane’s access to her work intranet websites is currently restricted.
- Data synchronization to Jane’s work apps, such asBlackBerry Work, occurs less frequently.
The new group assignment with these high-security device behaviors remains in place until Jane’s behavioral and geozone risk level is recalculated and reduced. When she has a lower risk level,
UEMwill re-assign her to a group that corresponds to the new risk level.
Adapting device behavior in a low-risk scenario
Bob Jones arrives at his company’s main office to attend a lengthy board meeting. He checks his
Androidphone during the meeting to make sure that he doesn’t miss any important emails. His phone is using the trusted, secure work network.
Androiddevice sends data to the
BlackBerry Intelligent Securityservices indicating that he is on a secure network and in a geographic location that is typical for the current day and time. The services calculate a low behavioral risk level and geozone risk level and communicate these assessments to
BlackBerry Intelligent Securitypolicy that is applied to Bob’s device takes effect and
UEMassigns Bob to groups with less restrictive device policies and profiles to ensure easy access to work resources in a highly secure location.
When the new group configurations are applied to Bob’s phone, he notices the following changes to device behavior:
- Bob can use fingerprint authentication to access work apps.
- Bob is prompted to authenticate with work apps less frequently.
- When Bob browses to intranet websites, he is automatically authenticated and is not prompted for his username and password.
- Bob can access privileged apps that he is not able to log in to when he is out of the office.
When Bob leaves the office later that evening to go home, his device sends data to
BlackBerry Intelligent Securitythat results in a new behavioral risk level and a new geozone risk level, with corresponding assignments to groups with profiles and permissions that are appropriate for that risk level.
Adapting device behavior in a defined geozone
Evan is in Vancouver on vacation. He has brought along his work device, an
Androidphone, so that he can keep up on his emails. Because he is currently located outside of the range of his typical learned geozones, the
BlackBerry Intelligent Securityservices assess his geozone risk level to be high. As a result, the
BlackBerry Intelligent Securitypolicy that is applied to Evan’s device takes effect and
UEMassigns Evan to groups with more restrictive device policies and profiles. His access to work apps and intranet sites is very limited and he has to sign-in to work apps with both a password and
Evan decides to spend one day of his vacation visiting his company’s Vancouver office so that he can meet a few coworkers and attend an important meeting. The
UEMadministrator has created a defined geozone for the Vancouver office and configured it with a static low risk level. The administrator had previously added this defined geozone to the
BlackBerry Intelligent Securitypolicy that is assigned to Evan, and had set it to override the default geozone risk ranges.
While Evan is visiting the office, he is in a defined low-risk geozone. The
BlackBerry Intelligent Securitypolicy executes the group assignment that Evan's administrator configured for this low-risk office location. Evan has unrestricted access to his work apps and intranet sites, and he can use single sign-on authentication for his work apps.