Create an activation profile Skip Navigation

Create an activation profile

  1. On the menu bar, click
    Policies and Profiles
    .
  2. Click
    Policy > Activation
    .
  3. Click The Add icon.
  4. Type a name and description for the profile.
  5. In the
    Number of devices that a user can activate
    field, specify the maximum number of devices the user can activate.
  6. In the
    Device ownership
    drop-down list, select the default setting for device ownership. Perform one of the following actions:
    • If some users activate personal devices and some users activate work devices, select
      Not specified
      .
    • If users typically activate work devices, select
      Work
      .
    • If users typically activate personal devices, select
      Personal
      .
  7. Optionally, select an organization notice in the
    Assign organization notice
    drop-down list. If you assign an organization notice, users activating
    BlackBerry 10
    ,
    Windows 10
    ,
    iOS
    , or
    macOS
    devices must accept the notice to complete the activation process.
  8. In the
    Device types that users can activate
    section, select the device types as required. Device types that you don't select are not included in the activation profile and users can't activate those devices.
  9. Perform the following actions for each device type included in the activation profile:
    • Click the tab for the device type.
    • In the
      Device model restrictions
      drop-down list, select whether to allow or restrict specified devices or to have no restrictions. Click
      Edit
      to select the devices you want to restrict or allow, and click
      Save
      .
    • In the
      Allowed version
      drop-down list, select the minimum allowed version.
    • On the
      Windows
      tab, you can select one or both form factor options and choose whether to allow or disallow those form factors in the
      Device model restrictions
      drop-down list.
    • In the
      Activation type
      section, select an activation type.
      • For
        Android
        devices, you can select multiple activation types and rank them to meet your organization's requirements.
      • The "
        MDM controls
        " activation type is deprecated for devices with
        Android
        10 and later.
      • For
        Android
        devices, if you select an
        Android Enterprise
        activation type, you can select the
        When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus.
        option to enable
        BlackBerry Secure Connect Plus
        and
        Knox
        Platform for Enterprise features (for devices that support
        Samsung Knox
        ).
      • For
        Android
        devices, if you select the "
        MDM controls
        " activation type and you do not want
        Knox
        MDM policy rules to be applied to the devices, clear the
        Activate Samsung KNOX APIs on MDM Controls activations
        check box. This setting applies only to devices that support KNOX MDM.
      • For
        Android
        devices, if you select one of the
        Samsung Knox
        activation types and want to use
        Google Play
        to manage work apps, select
        Google Play app management for Samsung Knox Workspace devices
        . This option is available only if you have configured a connection to a
        Google
        domain. For more information, see the Configuration content.
      • For
        iOS
        devices, if you select the "
        User privacy
        " activation type and you want to enable SIM-based licensing, you must select the
        Allow access to SIM card and device hardware information to enable SIM-based licensing
        option.
      • For
        iOS
        devices, if you select the "MDM controls" or
        User privacy
        (with SIM-based licensing) activation types, you can restrict unsupervised devices by selecting "Do not allow unsupervised devices to activate."
        To perform
        iOS
        app integrity checking, you must enable CylancePROTECT in your
        BlackBerry UEM
        domain. For more information, see the CylancePROTECT content.
  10. For
    Android
    devices, in the
    SafetyNet attestation options
    section, you can optionally select an attestation method. The choices are:
    • Perform SafetyNet attestation for device:
      BlackBerry UEM
      sends challenges to test the authenticity and integrity of devices.
    • Perform SafetyNet attestation on device activation:
      BlackBerry UEM
      sends challenges to test the authenticity and integrity of devices when they are activated.
    • Perform SafetyNet attestation on
      BlackBerry Dynamics
      app activation:
      BlackBerry UEM
      sends challenges to test the authenticity and integrity of
      BlackBerry Dynamics
      apps when they are activated.
  11. Click
    Add
    .
If necessary, rank profiles.