Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.17
  3. Administration
  4. Managing iOS and macOS devices
  5. Activating iOS devices
  6. Creating activation profiles
  7. Create an activation profile

Create an activation profile

  1. On the menu bar, click
    Policies and Profiles
    .
  2. Click
    Policy > Activation
    .
  3. Click The Add icon.
  4. Type a name and description for the profile.
  5. In the
    Number of devices that a user can activate
     field, specify the maximum number of devices the user can activate.
  6. In the
    Device ownership
     drop-down list, select the default setting for device ownership.
    • Select
      Not specified
       if some users activate personal devices and some users activate work devices.
    • Select
      Work
       if most users activate work devices.
    • Select
      Personal
       if most users activate their personal devices.
  7. Optionally, select an organization notice in the
    Assign organization notice
     drop-down list. If you assign an organization notice, users activating
    iOS
    ,
    iPadOS
    ,
    macOS
    , or
    Windows 10
     devices must accept the notice to complete the activation process.
  8. In the
    Device types that users can activate
     section, select the device OS types that users can activate. Device types that you don't select are not included in the activation profile and users can't activate those devices.
  9. Perform the following actions for each device type included in the activation profile:
    1. Click the tab for the device type.
    2. In the
      Device model restrictions
       drop-down list, select one of the following options:
      • No restrictions
        : Users can activate any device model.
      • Allow selected device models
        : Users can activate only the device models that you specify. Use this option to limit the allowed devices to only some models.
      • Do not allow selected device models
        : Users can't activate the device models that you specify. Use this option to block activation of some device models or devices from specific manufacturers.
      If you restrict the device models users can activate, click
      Edit
       to select the devices you want to allow or restrict and click
      Save
      .
    3. In the
      Minimum allowed version
       drop-down list, select the minimum allowed OS version.
      Many older OS versions are no longer supported by
      BlackBerry UEM
      . You only need to select a minimum version if you don't want to support the earliest version currently supported by
      BlackBerry UEM
      . For more information on supported versions, see the Compatability Matrix.
    4. Select the supported activation types.
      For
      Android
       devices, you can select multiple activation types and rank them. For all other device types, you can select only one activation type.
      The "
      MDM controls
      " activation type is deprecated for devices with
      Android
       10 and later. It is included in the list of activation types only if the
      Enable MDM controls activation type for Android devices
       setting is selected in the default activation settings.
  10. For
    iOS
     and
    iPadOS
     devices, perform the following actions:
    1. If you selected the "
      User privacy
      " activation type and you want to enable SIM-based licensing, select
      Allow access to SIM card and device hardware information to enable SIM-based licensing
      .
    2. If you selected the "
      User privacy
      " activation type and you want to manage specific features, select the appropriate check boxes. For more information on each option, see Activation types: iOS devices.
    3. If you selected the "MDM controls" or "
      User privacy
      " (with SIM-based licensing) activation types and you only want to activate supervised devices, select
      Do not allow unsupervised devices to activate
    4. In the
      iOS app integrity check
       section, optionally select one of the following attestation methods:
      • Perform app integrity check on BlackBerry Dynamics app activation
        :  Use this method to send challenges to devices when they are activated to check the integrity of
        iOS
         work apps.
      • Perform periodic app integrity checks
        :  Use this method to send challenges to devices to check the integrity of
        iOS
         work apps.
      To perform
      iOS
       app integrity checking, you must enable
      CylancePROTECT
       in your
      BlackBerry UEM
       domain. For more information, see the BlackBerry Protect Mobile content.
  11. For
    Android
     devices, perform the following actions:
    1. If you selected more than one activation type type, click the up and down arrows to rank them.
      Devices receive the highest ranked profile that they support. For example, if you rank "MDM Controls" first, devices that don't support "MDM Controls" receive the next ranked activation type.
    2. If you selected the "
      MDM controls
      " activation type and you don't want
      Knox
       MDM policy rules to be applied to the devices that support them, clear the
      Activate Samsung KNOX APIs on MDM Controls activations
       check box.
    3. If you selected a
      Samsung Knox
       activation type and you want to use
      Google Play
       to manage work apps, select
      Google Play app management for Samsung Knox Workspace devices
      . This option is available only if you have configured a connection to a Google domain.
      Samsung Knox
       activation types will be deprecated in a future release. Devices that support
      Knox Platform for Enterprise
       can be activated using the
      Android Enterprise
       activation types. For more information, visit https://support.blackberry.com/community to read article 54614.
    4. If you selected an
      Android Enterprise
       activation type, enable the appropriate
      Android Enterprise
       options:
      • When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus
         enables
        BlackBerry Secure Connect Plus
         and
        Knox
         Platform for Enterprise features (for devices that support
        Samsung Knox
        ) on devices with an appropriate license.
      • Enable Samsung Knox DualDAR Workspace
         enables Samsung Knox DualDAR encryption for devices that support it. This option is supported only by "Work space only" and "Work and personal - full control" devices.
      • Add Google Play account to work space
         allows
        Google Play
         app management in the work space. If the device does not have access to
        Google Play
        , deselect this option.
      • Allow only approved device IDs
         allows you to restrict activation to individual devices that you specify the device ID for. This option is supported only for "Work space only" and "Work and personal - full control" devices.
      • Zero Touch QR Code enrollment
         allows you specify whether users can activate a device using a QR Code over a
        Wi-Fi
         or mobile network. The default setting is
        Wi-Fi
        . Users can activate using only the network type that you specify. This option is supported only for "Work space only" and "Work and personal - full control" devices.
    5. In the
      SafetyNet or Play Integrity attestation options
       section, optionally select one of the following attestation methods:
      • Perform SafetyNet or Play Integrity attestation for device
        : Use this method to send challenges to test the authenticity and integrity of devices.
      • Perform SafetyNet attestation on device activation (Applies only to UEM Client versions that do not support Play Integrity)
        : Use this method to send challenges to test the authenticity and integrity of devices when they are activated.
      • Perform SafetyNet or Play Integrity attestation on BlackBerry Dynamics app activation
        : Use this method to send challenges to test the authenticity and integrity of
        BlackBerry Dynamics
         apps when they are activated.
    6. In the
      Hardware attestation options
       section, select
      Enforce attestation compliance rules during activation
       if you want
      BlackBerry UEM
       to send challenges to devices when they are activated to ensure the required security patch level is installed.
  12. For
    Windows 10
     devices, select one or both form factor options.
    Windows 10 Mobile
     devices are no longer supported by
    Microsoft
     and have only limited support in
    BlackBerry UEM
    .
  13. Click
    Add
    .
If necessary, rank profiles.