- Configuring BlackBerry UEM Cloud for the first time
- Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- BlackBerry Connectivity Node planning information
- Steps to install and activate the BlackBerry Connectivity Node
- Prerequisites: Installing the BlackBerry Connectivity Node
- Installing or upgrading the BlackBerry Connectivity Node
- Creating server groups
- Troubleshooting BlackBerry Connectivity Node issues
- Configuring the BlackBerry Connectivity Node to use the BlackBerry Router or a TCP proxy server
- Connecting BlackBerry UEM to Microsoft Azure
- Create a Microsoft Azure account
- Configure BlackBerry UEM to synchronize with Azure Active Directory
- Synchronize Microsoft Active Directory with Microsoft Azure
- Create an app registration in Azure
- Configuring Azure Active Directory conditional access
- Configure BlackBerry UEM as a Compliance Partner in Azure
- Configure Azure Active Directory conditional access
- Configure the BlackBerry Dynamics connectivity profile to support the Azure Conditional Access feature
- Assign the Feature - Azure conditional access app to users
- Configure a BlackBerry Dynamics Profile
- Remove devices from Azure Active Directory conditional access
- Linking company directory groups to BlackBerry UEM groups
- Obtaining an APNs certificate to manage iOS and macOS devices
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Configuring BlackBerry UEM to support Android Management devices
- Extending the management of Chrome OS devices to BlackBerry UEM
- Setting up management of Chrome OS devices if you have already configured BlackBerry UEM to use Android Enterprise
- Create a service account that BlackBerry UEM uses to authenticate with your Google Cloud or Google Workspace by Google domain
- Enable additional APIs to allow BlackBerry UEM to sync the Chrome OS data
- Integrate BlackBerry UEM with your Google Cloud or Google Workspace by Google domain so you can use Chrome OS devices
- Synchronize BlackBerry UEM with the Google admin console
- Simplifying Windows 10 activations
- Configuring BlackBerry UEM Cloud to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Connecting BlackBerry Proxy to the BlackBerry Dynamics NOC
- Connect BlackBerry UEM to a BlackBerry Dynamics PKI connector
- Overriding global HTTP proxy settings for a BlackBerry Connectivity Node
- Steps to configure email notifications for BlackBerry Work
- Configure email notifications for BlackBerry Work
- Grant application impersonation permission to the service account
- Grant application impersonation permission using Exchange Administration Center
- Grant application impersonation permission using Microsoft Exchange Management Shell
- Enable Microsoft Graph API to allow BEMS Cloud to communicate with Microsoft Office 365
- Obtain an Azure app ID for BEMS with client secret authentication
- Obtain an Azure app ID for BEMS with credential or passive authentication
- Obtain an Azure app ID for BEMS with certificate-based authentication
- Associate a certificate with the Azure app ID for BEMS
- Create a trusted connection between BEMS Cloud and Microsoft Exchange Server
- Replace or delete the trusted connection SSL certificates
- Configure the password expiration warning message
- Add Read permission to the account used to authenticate to the LDAP server
- Configure email notifications for BlackBerry Work
- Configuring BlackBerry Dynamics Launcher
- Configuring BEMS-Docs
- Steps to configure BEMS-Docs
- Enable the BEMS-Docs service
- Configure BEMS-Docs settings
- Create a trusted connection between BEMS-Docs and Microsoft SharePoint
- Managing Repositories
- Configuring repositories
- Admin-defined shares
- Granting user access permissions
- Change access permissions
- Define a repository
- Add users and user groups to repositories
- Edit a repository
- Allow user-defined repositories
- Enable user-defined repository permissions
- Access permissions
- Change user access permissions
- View user repository rights
- Configuring an on-premises BEMS in a BlackBerry UEM Cloud environment
- Steps to configure BlackBerry UEM Cloud to communicate with on-premises BEMS
- Import the certificate to the BEMS Windows keystore
- Import the certificate into the Java keystore on BEMS
- Configure the BlackBerry Dynamics server in BEMS
- Configure BEMS connectivity with BlackBerry Dynamics
- Add an app server hosting the entitlement apps to a BlackBerry Dynamics connectivity profile
- Export the BlackBerry Proxy certificate to the local computer
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Complete policy and profile migration for BlackBerry Dynamics-activated users
- Migrate IT policies, profiles, and groups from a source server
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Device migration quick reference
- BlackBerry Docs
- BlackBerry UEM 12.18
- Installation and configuration
- Cloud Configuration
- Connecting BlackBerry UEM to Microsoft Azure
- Create an app registration in Azure
Create an app registration in Azure
Azure
To provide
BlackBerry UEM
access to Microsoft
Azure
, you must create an app registration within Azure
that allows UEM
to authenticate with Azure
. For more information, see Register an application with the Microsoft identity platform.
If you are connecting
UEM
to both Microsoft Intune
and the Windows Store
for Business, use a different app registration for each purpose due to differences in permissions and potential future changes.Microsoft
national cloud deployments (or any deployment that requires a login URL other than login.microsoftonline.com) require additional steps to connect UEM
with Intune
. For more information, see KB75773.- If your organization uses an on-premisesMicrosoft Active Directory, Synchronize Microsoft Active Directory with Microsoft Azure.
- Verify that you have the Reply URL. For instructions on obtaining the Reply URL for modern authentication, see Configure BlackBerry UEM to synchronize with Microsoft Intune.
- Log in to theAzureportal.
- Go toMicrosoft Azure > Azure Active Directory > App registrations.
- ClickNew registration.
- In theNamefield, enter a name for the app.
- Select which account types can use the application or access the API.
- In theRedirect URIsection, in the drop-down list, selectMobile Client/Desktopand enter a valid URL. The URL format is https://<FQDN_of_the_BlackBerry_UEM_server>:<port>/admin/intuneauth
- ClickRegister.
- Copy theApplication IDof your application and paste it into a text file.This is theClient IDrequired inUEM.
- If you are creating the application to useMicrosoft Intune, in theManagesection, clickAPI permissions. Perform the following steps:
- ClickAdd a permission.
- SelectMicrosoft Graph.
- SelectDelegated permissions.
- Scroll down in the permissions list and underDelegated Permissions, set the following permissions forMicrosoft Intune:
- Read and writeMicrosoft Intuneapps (DeviceManagementApps > DeviceManagementApps.ReadWrite.All)
- Read all groups (Group > Group.Read.All)
- Read all users' basic profile (User > User.ReadBasic.All)
- ClickAdd permissions.
- UnderGrant consent, clickGrant admin consent. You must be a global administrator to grant permissions.
- When you are prompted, clickYesto grant permissions for all accounts in the current directory.
You can use the default permissions if you are creating the app to connect to theWindows Storefor Business. - In theManagesection, clickCertificates and secrets. Perform the following actions:
- UnderClient secrets, clickNew client secret.
- Type a description for the client secret.
- Select a duration for the client secret.
- ClickAdd.
- Copy the value of the new client secret.This is theClient Keythat is required inUEM.If you do not copy the value of your key at this time, you will have to create a new key because the value is not displayed after you leave this screen.