- Configuring BlackBerry UEM Cloud for the first time
- Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- BlackBerry Connectivity Node planning information
- Steps to install and activate the BlackBerry Connectivity Node
- Prerequisites: Installing the BlackBerry Connectivity Node
- Installing or upgrading the BlackBerry Connectivity Node
- Creating server groups
- Troubleshooting BlackBerry Connectivity Node issues
- Configuring the BlackBerry Connectivity Node to use the BlackBerry Router or a TCP proxy server
- Connecting BlackBerry UEM to Microsoft Azure
- Create a Microsoft Azure account
- Configure BlackBerry UEM to synchronize with Azure Active Directory
- Synchronize Microsoft Active Directory with Microsoft Azure
- Create an app registration in Azure
- Configuring Azure Active Directory conditional access
- Configure BlackBerry UEM as a Compliance Partner in Azure
- Configure Azure Active Directory conditional access
- Configure the BlackBerry Dynamics connectivity profile to support the Azure Conditional Access feature
- Assign the Feature - Azure conditional access app to users
- Configure a BlackBerry Dynamics Profile
- Remove devices from Azure Active Directory conditional access
- Linking company directory groups to BlackBerry UEM groups
- Obtaining an APNs certificate to manage iOS and macOS devices
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Configuring BlackBerry UEM to support Android Management devices
- Extending the management of Chrome OS devices to BlackBerry UEM
- Setting up management of Chrome OS devices if you have already configured BlackBerry UEM to use Android Enterprise
- Create a service account that BlackBerry UEM uses to authenticate with your Google Cloud or Google Workspace by Google domain
- Enable additional APIs to allow BlackBerry UEM to sync the Chrome OS data
- Integrate BlackBerry UEM with your Google Cloud or Google Workspace by Google domain so you can use Chrome OS devices
- Synchronize BlackBerry UEM with the Google admin console
- Simplifying Windows 10 activations
- Configuring BlackBerry UEM Cloud to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Connecting BlackBerry Proxy to the BlackBerry Dynamics NOC
- Connect BlackBerry UEM to a BlackBerry Dynamics PKI connector
- Overriding global HTTP proxy settings for a BlackBerry Connectivity Node
- Steps to configure email notifications for BlackBerry Work
- Configure email notifications for BlackBerry Work
- Grant application impersonation permission to the service account
- Grant application impersonation permission using Exchange Administration Center
- Grant application impersonation permission using Microsoft Exchange Management Shell
- Enable Microsoft Graph API to allow BEMS Cloud to communicate with Microsoft Office 365
- Obtain an Azure app ID for BEMS with client secret authentication
- Obtain an Azure app ID for BEMS with credential or passive authentication
- Obtain an Azure app ID for BEMS with certificate-based authentication
- Associate a certificate with the Azure app ID for BEMS
- Create a trusted connection between BEMS Cloud and Microsoft Exchange Server
- Replace or delete the trusted connection SSL certificates
- Configure the password expiration warning message
- Add Read permission to the account used to authenticate to the LDAP server
- Configure email notifications for BlackBerry Work
- Configuring BlackBerry Dynamics Launcher
- Configuring BEMS-Docs
- Steps to configure BEMS-Docs
- Enable the BEMS-Docs service
- Configure BEMS-Docs settings
- Create a trusted connection between BEMS-Docs and Microsoft SharePoint
- Managing Repositories
- Configuring repositories
- Admin-defined shares
- Granting user access permissions
- Change access permissions
- Define a repository
- Add users and user groups to repositories
- Edit a repository
- Allow user-defined repositories
- Enable user-defined repository permissions
- Access permissions
- Change user access permissions
- View user repository rights
- Configuring an on-premises BEMS in a BlackBerry UEM Cloud environment
- Steps to configure BlackBerry UEM Cloud to communicate with on-premises BEMS
- Import the certificate to the BEMS Windows keystore
- Import the certificate into the Java keystore on BEMS
- Configure the BlackBerry Dynamics server in BEMS
- Configure BEMS connectivity with BlackBerry Dynamics
- Add an app server hosting the entitlement apps to a BlackBerry Dynamics connectivity profile
- Export the BlackBerry Proxy certificate to the local computer
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Complete policy and profile migration for BlackBerry Dynamics-activated users
- Migrate IT policies, profiles, and groups from a source server
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Device migration quick reference
- BlackBerry Docs
- BlackBerry UEM 12.18
- Installation and configuration
- Cloud Configuration
- Connecting BlackBerry UEM to Microsoft Azure
- Configure BlackBerry UEM to synchronize with Azure Active Directory
Configure BlackBerry UEM to synchronize with Azure Active
Directory
BlackBerry UEM
to synchronize with Azure
Active
Directory
If your organization uses
Microsoft
Azure
Active
Directory
, you can connect it to BlackBerry UEM
to create directory user accounts in BlackBerry UEM
by searching for and importing user data from the company directory. Directory users can use their directory credentials to access BlackBerry UEM Self-Service
.You can connect to more than one instance of
Azure
Active
Directory
. If you install the BlackBerry Connectivity Node
you can also connect to an on-premises directory.- Log in to the Azure portal.
- Go toMicrosoft Azure > Azure Active Directory > App registrations.
- Click+ New registration.
- In theNamefield, enter a name for the app.
- Select which account types can use the application or access the API.
- In theRedirect URIsection, in the drop-down list, selectWeband enterhttp://localhost.
- ClickRegister.
- CopyApplication IDof your application and paste it to a text file.This is theClient IDrequired inBlackBerry UEM.
- In theManagesection, clickAPI permissions.
- Click+ Add a permissionand perform the following actions:
- SelectMicrosoft Graph.
- SelectApplication permissions.
- Set the following permissions:
- Group.Read.All (Application)
- User.Read (Delegated)
- User.Read.All (Application)
- ClickAdd permissions.
- UnderGrant consent, clickGrant admin consent.You must be a global administrator to grant permissions.
- When you are prompted, clickYesto grant permissions for all accounts in the current directory.
- In theManagementsection, clickCertificates and secrets. Perform the following actions:
- UnderClient secrets, clickNew client secret.
- Type a description for the client secret.
- Select a duration for the client secret.
- ClickAdd.
- Copy the value of the new client secret.This is the Client key that is required forBlackBerry UEM.
- In the management console, clickSettings > External integration > + Company directory > Microsoft Azure Active Directory connection.
- Enter aDirectory connection nameand theDomainfor yourAzureActive Directory.
- Do one of the following:
- If this is a new connection toAzure, enter the information you copied from theAzureportal when you created the enterprise application inAzure.
- Client ID: The application ID generated by theAzureapplication registration
- Client key: The client secret generated by theAzureapplication registration
- If this is an existing connection toAzure, clickEnable single tenant application registrationand enter the information you copied from theAzureportal when you created the enterprise application in Azure.
- Client ID: The application ID generated by theAzureapplication registration
- Client key: The client secret generated by theAzureapplication registration
- ClickContinue.
- ClickSave.