Create an activation profile
If you enable attestation for your organization’s
BlackBerry UEMinstance, during
Androiddevice activation, the authenticity and integrity of the device is checked. Ensure that users have
BlackBerry UEM Clientfor
Androidversion 12.9 MR1 or later installed on their devices before you enable this feature.
- On the menu bar, clickPolicies and Profiles.
- ClickPolicy > Activation.
- Click .
- Type a name and description for the profile.
- In theNumber of devices that a user can activatefield, specify the maximum number of devices the user can activate.
- In theDevice ownershipdrop-down list, select the default setting for device ownership. Perform one of the following actions:
- If some users activate personal devices and some users activate work devices, selectNot specified.
- If users typically activate work devices, selectWork.
- If users typically activate personal devices, selectPersonal.
- Optionally, select an organization notice in theAssign organization noticedrop-down list. If you assign an organization notice, users activatingBlackBerry 10,Windows 10,iOS, ormacOSdevices must accept the notice to complete the activation process.
- In theDevice types that users can activatesection, select the device types as required. Device types that you don't select are not included in the activation profile and users can't activate those devices.
- Perform the following actions for each device type included in the activation profile:
- Click the tab for the device type.
- In theDevice model restrictionsdrop-down list, select whether to allow or restrict specified devices or to have no restrictions. ClickEditto select the devices you want to restrict or allow, and clickSave.
- In theAllowed versiondrop-down list, select the minimum allowed version.
- On theWindowstab, you can select one or both form factor options and choose whether to allow or disallow those form factors in theDevice model restrictionsdrop-down list.
- In theActivation typesection, select an activation type.
- ForAndroiddevices, you can select multiple activation types and rank them to meet your organization's requirements.
- The "MDM controls" activation type is deprecated for devices withAndroid10 and later.
- ForAndroiddevices, if you select anAndroid Enterpriseactivation type, you can select theWhen activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus.option to enableBlackBerry Secure Connect PlusandKNOXPlatform for Enterprise features (for devices that supportSamsung KNOX).
- ForAndroiddevices, if you select the "MDM controls" activation type and you do not wantKNOXMDM policy rules to be applied to the devices, clear theActivate Samsung KNOX APIs on MDM Controls activationscheck box. This setting applies only to devices that support KNOX MDM.
- ForAndroiddevices, if you select one of theSamsung KNOXactivation types and want to useGoogle Playto manage work apps, selectGoogle Play app management for Samsung Knox Workspace devices. This option is available only if you have configured a connection to a
- ForiOSdevices, if you select the "User privacy" activation type and you want to enable SIM-based licensing, you must select theAllow access to SIM card and device hardware information to enable SIM-based licensingoption.
- ForiOSdevices, if you select the "MDM controls" orUser privacy(with SIM-based licensing) activation types, you can restrict unsupervised devices by selecting "Do not allow unsupervised devices to activate."
- ForAndroiddevices, in theSafetyNet attestation optionssection, you can optionally select an attestation method. The choices are:
- Perform SafetyNet attestation for device:BlackBerry UEMsends challenges to test the authenticity and integrity of devices.
- Perform SafetyNet attestation on device activation:BlackBerry UEMsends challenges to test the authenticity and integrity of devices when they are activated.
- Perform SafetyNet attestation onBlackBerry Dynamicsapp activation:BlackBerry UEMsends challenges to test the authenticity and integrity ofBlackBerry Dynamicsapps when they are activated.
- ForAndroiddevices, in theHardware attestation optionssection, you can optionally select an attestation method.
- Perform hardware attestation on device activation:BlackBerry UEMsends challenges to devices when they are activated to ensure the required security patch level is installed
- ForiOSdevices, in theiOS app integrity checksection, you can optionally select an attestation method. The choices are:
- Perform periodic app integrity checks:BlackBerry UEMsends challenges to devices check the integrity ofiOSwork apps.
- Perform app integrity check onBlackBerry Dynamicsapp activation:BlackBerry UEMsends challenges to devices when they are activated to check the integrity ofiOSwork apps
If necessary, rank profiles.