Get the PDF

Device activation
- Activation types: iOS devices
- Activation types: macOS devices
- Activation types: Android devices
- Activation types: Windows devices
- Activation types: BlackBerry 10 devices
Steps to activate devices
Requirements: Activation
Turn on user registration with the BlackBerry Infrastructure
Managing activation settings
- Specify the default activation settings
  - Default device activation settings
- Allowing users to activate multiple devices with different activation types
- Force activation password expiry
- Set an activation password and send an activation email message
- Send an activation email to multiple users
- Allow users to set activation passwords in BlackBerry UEM Self-Service
Supporting Android Enterprise activations
- Support Android Enterprise activations using managed Google Play accounts
- Support Android Enterprise activations with a G Suite domain
- Support Android Enterprise activations with a Google Cloud domain
- Support Android Enterprise devices without access to Google Play
- Program an NFC sticker to activate devices
Supporting Windows 10 activations
Supporting Apple User Enrollment for iOS and iPadOS devices
Supporting Samsung Knox DualDAR
Enable user notification when a device has been activated
Creating activation profiles
- Create an activation profile
Device activation instructions
- Activating Android devices
- Activating iOS devices
- Activate a macOS device
- Activate an Apple TV device
- Activate a Windows 10 tablet or computer
- Activate a Windows 10 Mobile device
- Activate a BlackBerry 10 device
Activate multiple devices using zero-touch enrollment for Android Enterprise devices
Activate multiple devices using Knox Mobile Enrollment
Restricting unsupervised iOS devices
Import or export a list of approved device IDs
Activating iOS devices that are enrolled in DEP
- Steps to activate devices that are enrolled in DEP
- Register iOS devices in DEP and assign them to the BlackBerry UEM server
- Assign an enrollment configuration to iOS devices
- Add an enrollment configuration
- Remove an enrollment configuration that is assigned to iOS devices
- Delete an enrollment configuration
- Change the settings for an enrollment configuration
- View the settings for an enrollment configuration that is assigned to a device
- Assign an activation profile to iOS devices
- Remove an activation profile that is assigned to iOS devices
- Assign a user to an iOS device
- Unassign a user from an iOS device
- View the owner of an activated device
Activating iOS devices using Apple Configurator 2
- Steps to activate devices using Apple Configurator 2
- Add BlackBerry UEM server information to Apple Configurator 2
- Prepare iOS devices using Apple Configurator 2
Activating BlackBerry 10 devices using the BlackBerry Wired Activation Tool
- Install the BlackBerry Wired Activation Tool
- Configure the BlackBerry Wired Activation Tool and log in to a BlackBerry UEM instance
- Activate BlackBerry 10 devices using the BlackBerry Wired Activation Tool
Tips for troubleshooting device activation
- Device activation can't be completed because the server is out of licenses. For assistance, contact your administrator.
- Please check your username and password and try again
- Profile failed to install. The certificate "AutoMDMCert.pfx" could not be imported.
- Profile Installation Failed: The new MDM payload does not match the old payload.
- Error 3007: Server is not available
- Unable to contact server, please check connectivity or server address
- iOS or macOS device activations fail with an invalid APNs certificate
- Users are not receiving the activation email
- User details screen is showing more Windows devices activated with UEM than expected

Create an activation profile

On the menu bar, click

Policies and Profiles

Click

Policy > Activation

Click

Type a name and description for the profile.

In the

Number of devices that a user can activate

field, specify the maximum number of devices the user can activate.

In the

Device ownership

drop-down list, select the default setting for device ownership. Perform one of the following actions:

If some users activate personal devices and some users activate work devices, select

Not specified

If users typically activate work devices, select

Work

If users typically activate personal devices, select

Personal

Optionally, select an organization notice in the

Assign organization notice

drop-down list. If you assign an organization notice, users activating

BlackBerry 10

Windows 10

iOS

, or

macOS

devices must accept the notice to complete the activation process.

In the

Device types that users can activate

section, select the device types as required. Device types that you don't select are not included in the activation profile and users can't activate those devices.

Perform the following actions for each device type included in the activation profile:

Click the tab for the device type.

In the

Device model restrictions

drop-down list, select whether to allow or restrict specified devices or to have no restrictions. Click

Edit

to select the devices you want to restrict or allow, and click

Save

In the

Allowed version

drop-down list, select the minimum allowed version.

On the

Windows

tab, you can select one or both form factor options and choose whether to allow or disallow those form factors in the

Device model restrictions

drop-down list.

In the

Activation type

section, select an activation type.

For

Android

devices, you can select multiple activation types and rank them to meet your organization's requirements.

The "

MDM controls

" activation type is deprecated for devices with

Android

10 and later.

For

Android

devices, if you select an

Android Enterprise

activation type, you can select the

When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus.

option to enable

BlackBerry Secure Connect Plus

and

Knox

Platform for Enterprise features (for devices that support

Samsung Knox

For

Android

devices, if you select the "

MDM controls

" activation type and you do not want

Knox

MDM policy rules to be applied to the devices, clear the

Activate Samsung KNOX APIs on MDM Controls activations

check box. This setting applies only to devices that support KNOX MDM.

For

Android

devices, if you select one of the

Samsung Knox

activation types and want to use

Google Play

to manage work apps, select

Google Play app management for Samsung Knox Workspace devices

. This option is available only if you have configured a connection to a

Google

domain. For more information, see the Configuration content.

For

iOS

devices, if you select the "

User privacy

" activation type and you want to enable SIM-based licensing, you must select the

Allow access to SIM card and device hardware information to enable SIM-based licensing

option.

For

iOS

devices, if you select the "MDM controls" or

User privacy

(with SIM-based licensing) activation types, you can restrict unsupervised devices by selecting "Do not allow unsupervised devices to activate."

To perform

iOS

app integrity checking, you must enable CylancePROTECT in your

BlackBerry UEM

domain. For more information, see the CylancePROTECT content.

For

Android

devices, in the

SafetyNet attestation options

section, you can optionally select an attestation method. The choices are:

Perform SafetyNet attestation for device:

BlackBerry UEM

sends challenges to test the authenticity and integrity of devices.

Perform SafetyNet attestation on device activation:

BlackBerry UEM

sends challenges to test the authenticity and integrity of devices when they are activated.

Perform SafetyNet attestation on

BlackBerry Dynamics

app activation:

BlackBerry UEM

sends challenges to test the authenticity and integrity of

BlackBerry Dynamics

apps when they are activated.

Click

Add

If necessary, rank profiles.

Section:

Creating activation profiles