- Configuring BlackBerry UEM Cloud for the first time
- Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- BlackBerry Connectivity Node planning information
- Steps to install and activate the BlackBerry Connectivity Node
- Prerequisites: Installing the BlackBerry Connectivity Node
- Installing or upgrading the BlackBerry Connectivity Node
- Creating server groups
- Troubleshooting BlackBerry Connectivity Node issues
- Configuring the BlackBerry Connectivity Node to use the BlackBerry Router or a TCP proxy server
- Connecting BlackBerry UEM to Microsoft Azure
- Create a Microsoft Azure account
- Configure BlackBerry UEM to synchronize with Azure Active Directory
- Synchronize Microsoft Active Directory with Microsoft Azure
- Create an app registration in Azure
- Configuring Azure Active Directory conditional access
- Configure BlackBerry UEM as a Compliance Partner in Azure
- Configure Azure Active Directory conditional access
- Configure the BlackBerry Dynamics connectivity profile to support the Azure Conditional Access feature
- Assign the Feature - Azure conditional access app to users
- Configure a BlackBerry Dynamics Profile
- Remove devices from Azure Active Directory conditional access
- Linking company directory groups to BlackBerry UEM groups
- Obtaining an APNs certificate to manage iOS and macOS devices
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Configuring BlackBerry UEM to support Android Management devices
- Extending the management of Chrome OS devices to BlackBerry UEM
- Setting up management of Chrome OS devices if you have already configured BlackBerry UEM to use Android Enterprise
- Create a service account that BlackBerry UEM uses to authenticate with your Google Cloud or Google Workspace by Google domain
- Enable additional APIs to allow BlackBerry UEM to sync the Chrome OS data
- Integrate BlackBerry UEM with your Google Cloud or Google Workspace by Google domain so you can use Chrome OS devices
- Synchronize BlackBerry UEM with the Google admin console
- Simplifying Windows 10 activations
- Configuring BlackBerry UEM Cloud to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Connecting BlackBerry Proxy to the BlackBerry Dynamics NOC
- Connect BlackBerry UEM to a BlackBerry Dynamics PKI connector
- Overriding global HTTP proxy settings for a BlackBerry Connectivity Node
- Steps to configure email notifications for BlackBerry Work
- Configure email notifications for BlackBerry Work
- Grant application impersonation permission to the service account
- Grant application impersonation permission using Exchange Administration Center
- Grant application impersonation permission using Microsoft Exchange Management Shell
- Enable Microsoft Graph API to allow BEMS Cloud to communicate with Microsoft Office 365
- Obtain an Azure app ID for BEMS with client secret authentication
- Obtain an Azure app ID for BEMS with credential or passive authentication
- Obtain an Azure app ID for BEMS with certificate-based authentication
- Associate a certificate with the Azure app ID for BEMS
- Create a trusted connection between BEMS Cloud and Microsoft Exchange Server
- Replace or delete the trusted connection SSL certificates
- Configure the password expiration warning message
- Add Read permission to the account used to authenticate to the LDAP server
- Configure email notifications for BlackBerry Work
- Configuring BlackBerry Dynamics Launcher
- Configuring BEMS-Docs
- Steps to configure BEMS-Docs
- Enable the BEMS-Docs service
- Configure BEMS-Docs settings
- Create a trusted connection between BEMS-Docs and Microsoft SharePoint
- Managing Repositories
- Configuring repositories
- Admin-defined shares
- Granting user access permissions
- Change access permissions
- Define a repository
- Add users and user groups to repositories
- Edit a repository
- Allow user-defined repositories
- Enable user-defined repository permissions
- Access permissions
- Change user access permissions
- View user repository rights
- Configuring an on-premises BEMS in a BlackBerry UEM Cloud environment
- Steps to configure BlackBerry UEM Cloud to communicate with on-premises BEMS
- Import the certificate to the BEMS Windows keystore
- Import the certificate into the Java keystore on BEMS
- Configure the BlackBerry Dynamics server in BEMS
- Configure BEMS connectivity with BlackBerry Dynamics
- Add an app server hosting the entitlement apps to a BlackBerry Dynamics connectivity profile
- Export the BlackBerry Proxy certificate to the local computer
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Complete policy and profile migration for BlackBerry Dynamics-activated users
- Migrate IT policies, profiles, and groups from a source server
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Device migration quick reference
- BlackBerry Docs
- BlackBerry UEM 12.18
- Installation and configuration
- Cloud Configuration
- Configuring BlackBerry UEM Cloud to support BlackBerry Dynamics apps
- Steps to configure email notifications for BlackBerry Work
- Configure email notifications for BlackBerry Work
- Associate a certificate with the Azure app ID for BEMS
Associate a certificate with the Azure app ID for BEMS
Azure
app ID for BEMS
You can use an existing certificate from your CA server or the New-SelfSignedCertificate command to create a self-signed certificate. For more information, visit docs.microsoft.com and read New-SelfSignedCertificate.
Verify that you have the app name you assigned in
BEMS
with certificate-based authentication.- If you have a certificate issued by a CA server, go to step 2. Create a self-signed certificate.
- On the computer runningMicrosoft Windows, open theWindows PowerShell.
- Enter the following command:$cert=New-SelfSignedCertificate -Subject "CN=<.app name>" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec SignatureWhere <app name> is the name you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication.
- PressEnter.
- Export the certificate from the Certificate Manager. This creates the public certificate. Make sure to save the public certificate as a .CER or .PEM.
- On the computer runningWindows, open the Certificate Manager for the logged in user.
- ExpandPersonal.
- ClickCertificates.
- Right-click the <user>@<domain> and clickAll Tasks > Export.
- In theCertificate Export Wizard, clickNo, do not export private key..
- ClickNext.
- SelectBase-64 encoded X.509 (.CER). ClickNext.
- Provide a name for the certificate and save it to your desktop.
- ClickNext.
- ClickFinish.
- ClickOK.
- Upload the public certificate to associate the certificate credentials with theAzureapp ID forBEMS.
- In portal.azure.com, open the <app name> you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication.
- ClickSettings > Keys.
- ClickUpload Public Key.
- Click and navigate to the location where you exported the certificate in step 2.
- ClickOpen.
- ClickSave.
Export the certificate in .pfx format using the Manage User Certificate MMC snap-in. Make sure to include the private key. For instructions, visit docs.microsoft.com and read Export a Certificate with the Private Key.