- Configuring BlackBerry UEM Cloud for the first time
- Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- BlackBerry Connectivity Node planning information
- Steps to install and activate the BlackBerry Connectivity Node
- Prerequisites: Installing the BlackBerry Connectivity Node
- Installing or upgrading the BlackBerry Connectivity Node
- Creating server groups
- Troubleshooting BlackBerry Connectivity Node issues
- Configuring the BlackBerry Connectivity Node to use the BlackBerry Router or a TCP proxy server
- Connecting BlackBerry UEM to Microsoft Azure
- Create a Microsoft Azure account
- Configure BlackBerry UEM to synchronize with Azure Active Directory
- Synchronize Microsoft Active Directory with Microsoft Azure
- Create an app registration in Azure
- Configuring Azure Active Directory conditional access
- Configure BlackBerry UEM as a Compliance Partner in Azure
- Configure Azure Active Directory conditional access
- Configure the BlackBerry Dynamics connectivity profile to support the Azure Conditional Access feature
- Assign the Feature - Azure conditional access app to users
- Configure a BlackBerry Dynamics Profile
- Remove devices from Azure Active Directory conditional access
- Linking company directory groups to BlackBerry UEM groups
- Obtaining an APNs certificate to manage iOS and macOS devices
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Configuring BlackBerry UEM to support Android Management devices
- Extending the management of Chrome OS devices to BlackBerry UEM
- Setting up management of Chrome OS devices if you have already configured BlackBerry UEM to use Android Enterprise
- Create a service account that BlackBerry UEM uses to authenticate with your Google Cloud or Google Workspace by Google domain
- Enable additional APIs to allow BlackBerry UEM to sync the Chrome OS data
- Integrate BlackBerry UEM with your Google Cloud or Google Workspace by Google domain so you can use Chrome OS devices
- Synchronize BlackBerry UEM with the Google admin console
- Simplifying Windows 10 activations
- Configuring BlackBerry UEM Cloud to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Connecting BlackBerry Proxy to the BlackBerry Dynamics NOC
- Connect BlackBerry UEM to a BlackBerry Dynamics PKI connector
- Overriding global HTTP proxy settings for a BlackBerry Connectivity Node
- Steps to configure email notifications for BlackBerry Work
- Configure email notifications for BlackBerry Work
- Grant application impersonation permission to the service account
- Grant application impersonation permission using Exchange Administration Center
- Grant application impersonation permission using Microsoft Exchange Management Shell
- Enable Microsoft Graph API to allow BEMS Cloud to communicate with Microsoft Office 365
- Obtain an Azure app ID for BEMS with client secret authentication
- Obtain an Azure app ID for BEMS with credential or passive authentication
- Obtain an Azure app ID for BEMS with certificate-based authentication
- Associate a certificate with the Azure app ID for BEMS
- Create a trusted connection between BEMS Cloud and Microsoft Exchange Server
- Replace or delete the trusted connection SSL certificates
- Configure the password expiration warning message
- Add Read permission to the account used to authenticate to the LDAP server
- Configure email notifications for BlackBerry Work
- Configuring BlackBerry Dynamics Launcher
- Configuring BEMS-Docs
- Steps to configure BEMS-Docs
- Enable the BEMS-Docs service
- Configure BEMS-Docs settings
- Create a trusted connection between BEMS-Docs and Microsoft SharePoint
- Managing Repositories
- Configuring repositories
- Admin-defined shares
- Granting user access permissions
- Change access permissions
- Define a repository
- Add users and user groups to repositories
- Edit a repository
- Allow user-defined repositories
- Enable user-defined repository permissions
- Access permissions
- Change user access permissions
- View user repository rights
- Configuring an on-premises BEMS in a BlackBerry UEM Cloud environment
- Steps to configure BlackBerry UEM Cloud to communicate with on-premises BEMS
- Import the certificate to the BEMS Windows keystore
- Import the certificate into the Java keystore on BEMS
- Configure the BlackBerry Dynamics server in BEMS
- Configure BEMS connectivity with BlackBerry Dynamics
- Add an app server hosting the entitlement apps to a BlackBerry Dynamics connectivity profile
- Export the BlackBerry Proxy certificate to the local computer
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Complete policy and profile migration for BlackBerry Dynamics-activated users
- Migrate IT policies, profiles, and groups from a source server
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Device migration quick reference
- BlackBerry Docs
- BlackBerry UEM 12.18
- Installation and configuration
- Cloud Configuration
- Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- Installing or upgrading the BlackBerry Connectivity Node
- Change the default settings for BlackBerry Connectivity Node instances
Change the default settings for BlackBerry Connectivity Node instances
BlackBerry Connectivity Node
instancesBy default, the
BlackBerry Gatekeeping Service
in each BlackBerry Connectivity Node
instance is active. If you want gatekeeping data to be managed only by the BlackBerry Gatekeeping Service
that is installed with the primary BlackBerry UEM
components, you can change the default behavior to disable the BlackBerry Gatekeeping Service
in each instance. You can specify the default logging settings for all BlackBerry Connectivity Node
instances. You can also enable the BlackBerry Secure Gateway
settings for all BlackBerry Connectivity Node
instances and specify the discovery endpoint and mail server resource that iOS
devices that run iOS
13.0 or later must use to authenticate to Microsoft Exchange
Online
using modern authentication.
The default settings apply to each
BlackBerry Connectivity Node
instance that is not in a server group. When an instance is part of a server group, it uses the default settings configured for that server group.- In theBlackBerry UEMmanagement console, on the menu bar, clickSettings > External integration > BlackBerry Connectivity Node setup.
- Click
. - If you want to disable theBlackBerry Gatekeeping Servicein each instance, select theOverride BlackBerry Gatekeeping Service settingscheck box.
- If you want to configure logging settings, select theOverride logging settingscheck box. Perform any of the following tasks:
- In theServer log debug levelsdrop-down list, select the appropriate log level.
- If you want to route log events to a syslog server, select theSyslogcheck box and specify the host name and port of the syslog server.
- If you want to specify maximum limits for log file size and age, select theEnable local file destinationcheck box. Specify the size limit (in MB) and the age limit (in days).
- If you want to specify theBlackBerry Secure Gatewayin each instance, select theOverride BlackBerry Secure Gateway settingscheck box. ForiOSdevices that run 13.0 or later and use modern authentication to the connect toMicrosoft Exchange Online, complete the following steps to specify the discovery endpoint and mail server resource:
- Select theEnable OAuth for mail server authenticationcheck box.
- In theDiscovery endpointfield, specify the URL to use for discovery requests using OAuth. Enter the discovery endpoint in the format https://<identity provider>/.well-known/openid-configuration (for example,https://login.microsoftonline.com/common/.well-known/openid-configuration, orhttps://login.windows.net/common/.well-known/openid-configuration).
- In theMail server resourcefield, specify the URL of the mail server resource to use for authorization and token requests using OAuth (for example,https://outlook.office365.com).
- ClickSave.
If you disabled the
BlackBerry Gatekeeping Service
instances and you want to enable them again, select the Enable the BlackBerry Gatekeeping Service
check box. Each instance must be able to access your organization’s gatekeeping server.