Configure email notifications for BlackBerry Work
BEMSCloud accepts push registration requests from devices, such as
Android, and then communicates with the on-premises
Microsoft Exchange Serveror
Microsoft Office 365server to check the user's mailbox for changes. When you specify the on-premises
Microsoft Exchange Serveror
Microsoft Office 365server information, you specify the settings to create the
BEMSCloud tenant for your organization.
When the tenant is created, the following services are automatically enabled:
- BlackBerry Directory Lookup: This service allows users to look up other users by first name, last name, and associated photo or avatar from the company directory.
- BlackBerryFollow-Me: This feature supports theBlackBerry Dynamics LauncheronBlackBerry Work.
- In aMicrosoft Office 365environment, if you plan to enable modern authentication, verify that you completed the following:
- If you enable modern authentication using client-certificate authentication, do one of the following:
- In an on-premisesMicrosoft Exchangeenvironment, make sure that theMicrosoft Exchange Serveris updated to support TLS 1.2 or push notifications will fail. Weaker cipher suites such as TLSv1 or TLS 1.0 are disabled by default. Disabling the cipher suites provides enhanced security.
- In the management console, clickSettings > BlackBerry Dynamics > Email notifications.
- In theAuthentication typesection, select an authentication type based on your environment and complete the associated tasks to allowBEMSto communicate with theMicrosoft Exchange ServerorMicrosoft Office 365:Authentication typeDescriptionTaskCredentialThis option uses theBEMSusername and password to authenticate to theMicrosoft Exchange ServerorMicrosoft Office 365.
Client CertificateThis option uses a client certificate to allow theBEMSservice account to authenticate to theMicrosoft Exchange ServerorMicrosoft Office 365.
- In theService account usernamefield, enter the username of theBEMSservice account.
- ForMicrosoft Office 365, enter the service account's User Principal Name (UPN).
- For on-premisesMicrosoft Exchange Server, use the format <domain>\<username>.
- In theService account passwordfield, enter the password for the service account.
- Beside theCertificate file (.pfx)field, clickBrowse. Navigate to and select the client certificate file.
- In thePasswordfield, enter the password for the client certificate.
- If you connect to aMicrosoft Office 365environment, do the following to enable modern authentication:
- Select theEnable Modern Authenticationcheck box.
- In theAuthentication authorityfield, enter the Authentication Server URL thatBEMSaccesses to retrieve the OAuth token for authentication withMicrosoft Office 365(for example, https://login.microsoftonline.com/<tenantname>).
- In theClient application IDfield, enter one of the followingAzureapp IDs depending on the authentication type you selected. Do one of the following to obtain anAzureapp ID:
- In theServer namefield, enter the FQDN of theMicrosoft Office 365server.
- Optionally, select theUse credentials if modern authentication failscheck box to allowBEMSto communicate withMicrosoft Office 365in the event thatBEMScan't access the modern authentication source. When you select this check box, you must provide theBEMSservice account credentials.When you configure modern authentication, all nodes use the specified configuration.
- In theService account usernamefield, enter the username that is used to log in to theMicrosoft Exchange ServerorMicrosoft Office 365server. The username must be in one of the following formats:
- If your environment uses an on-premisesMicrosoft Exchange Server, use <Domain>\<Username> or UPN.
- If your environment usesMicrosoft Office 365, use <username>@<domain>.com.
- In theService account passwordfield, enter the password for the service account username you provided.
- Optionally, in theAutodiscover URL overridefield, enter the Autodiscover URL to allowBEMSto obtain user information from theMicrosoft Exchange ServerorMicrosoft Office 365server when it discovers users forBlackBerry Push Notifications.If you don't enter a URL,BEMSuses Autodiscover to locate theMicrosoft Exchange ServerorMicrosoft Office 365server to obtain user information.
- Select theAllow HTTP redirection and DNS SRV recordcheck box to allow HTTP Redirection and DNS SRV lookups for retrieving the Autodiscover URL when discovering users forBlackBerry Push Notifications. By default, this feature is enabled.
- Select theUse BlackBerry Connectivity Node routeto allowBEMSCloud to connect to theBlackBerry Infrastructureinstead of using an inbound port. This setting requires that theBlackBerry Connectivity Nodeis installed and configured in your environment.
- If your environment uses an internal URL to access and communicate with an on-premisesMicrosoft Exchange Server, select theUse internal Exchange Web Services URLcheck box. This setting requires that theUse BlackBerry Connectivity Node routeis enabled. This option is not available if modern authentication is enabled.
- Optionally, in theUser email addressfield, enter an email address to test the connection to theMicrosoft Exchange ServerorMicrosoft Office 365server. ClickTest connection. If the test fails, resolve the issues that are identified and try the test again. You can delete the email address after you complete the test.
- Test the connection to the on-premisesMicrosoft Exchange ServerorMicrosoft Office 365server and Autodiscover. Refresh or reopen the Email notifications screen. ClickTest connection.Make sure that the connection test is successful before provisioning devices to avoid any Autodiscover issues. If devices are activated prior to configuring the email notification service, have users log out ofBlackBerry Workand then log in. If the test returns an error message, complete the tasks to resolve the issue and test the connection again.
- Assign the BlackBerry Cloud Enterprise Services (com.blackberry.gdservice-entitlement.cloud) entitlement to users to receive email notifications forBlackBerry Work. For instructions, see the following administration content:
- Optionally, create a trusted connection between theBEMSCloud andMicrosoft Exchange Server. For instructions, see Create a trusted connection between BEMS Cloud and Microsoft Exchange Server.
- ConfigureBlackBerry Work. For instructions, see the BlackBerry Work, Notes, and Tasks administration content.
- Optionally, configure theBEMS-Docsservice. For instructions, see Enable the BEMS-Docs service.