- Configuring BlackBerry UEM for the first time
- Changing BlackBerry UEM certificates
- Configuring BlackBerry UEM to send data through a proxy server
- Configuring connections through internal proxy servers
- Connecting to your company directories
- Configuring Microsoft Active Directory authentication in an environment that includes Exchange linked mailboxes
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enabling onboarding
- Synchronize a company directory connection
- Removing a connection to a company directory
- Connecting to an SMTP server to send email notifications
- Configuring database mirroring
- Connecting BlackBerry UEM to Microsoft Azure
- Create a Microsoft Azure account
- Synchronize Microsoft Active Directory with Microsoft Azure
- Create an app registration in Azure
- Configuring Azure Active Directory conditional access
- Configure BlackBerry UEM as a Compliance Partner in Azure
- Configure Azure Active Directory conditional access
- Configure the BlackBerry Dynamics connectivity profile to support the Azure Conditional Access feature
- Assign the Feature - Azure conditional access app to users
- Configure a BlackBerry Dynamics Profile
- Remove devices from Azure Active Directory conditional access
- Enable access to the BlackBerry Web Services over the BlackBerry Infrastructure
- Obtaining an APNs certificate to manage iOS and macOS devices
- Obtain a signed CSR from BlackBerry
- Request an APNs certificate from Apple
- Register the APNs certificate
- Renew the APNs certificate
- Troubleshooting APNs
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Extending the management of Chrome OS devices to BlackBerry UEM
- Setting up management of Chrome OS devices if you have already configured BlackBerry UEM to use Android Enterprise
- Create a service account that BlackBerry UEM uses to authenticate with your Google Cloud or Google Workspace by Google domain
- Enable additional APIs to allow BlackBerry UEM to sync the Chrome OS data
- Integrate BlackBerry UEM with your Google Cloud or Google Workspace by Google domain so you can use Chrome OS devices
- Synchronize BlackBerry UEM with the Google admin console
- Simplifying Windows 10 activations
- Integrating UEM with Azure Active Directory join
- Configuring Windows Autopilot in Microsoft Azure
- Deploy a discovery service to simplify Windows 10 activations
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Migrate IT policies, profiles, and groups from a source server
- Complete policy and profile migration for BlackBerry Dynamics-activated users
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Migrating DEP devices
- Configuring BlackBerry UEM to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
- BlackBerry Dynamics connectivity and routing behavior
- Default routing
- Example routing scenarios
- Scenario 1: Route traffic to specific servers or domains through BlackBerry Proxy
- Scenario 2: Route all traffic through the BlackBerry Proxy and then through a web proxy server
- Scenario 3: Route some traffic internally for most apps but configure a proxy server specifically for web browsing using BlackBerry Access
- BlackBerry Dynamics data flow
- Configuring Kerberos for BlackBerry Dynamics apps
- Domains, realms, and forests
- Prerequisites for configuring Kerberos for BlackBerry Dynamics apps
- Configure Kerberos Constrained Delegation
- Troubleshooting and diagnostics
- Configuring Kerberos PKINIT
- Connect BlackBerry UEM to a BlackBerry Dynamics PKI connector
- Integrating BlackBerry UEM with Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Create an administrator account that Cisco ISE can use
- Add the BlackBerry Web Services certificate to the Cisco ISE certificate store
- Connect BlackBerry UEM to Cisco ISE
- Example: Authorization policy rules for BlackBerry UEM
- Managing network access and device controls using Cisco ISE
Create an app registration in Azure
BlackBerry UEMaccess to
Microsoft Azure, you must create an app registration within
UEMto authenticate with
Azure. For more information, see Register an application with the Microsoft identity platform.
If you are connecting
Microsoft Intuneand the
Windows Storefor Business, use a different app registration for each purpose due to differences in permissions and potential future changes.
Microsoftnational cloud deployments (or any deployment that requires a login URL other than login.microsoftonline.com) require additional steps to connect
Intune. For more information, see KB75773.
Verify that you have the Reply URL. For instructions on obtaining the Reply URL for modern authentication, see Configure BlackBerry UEM to synchronize with Microsoft Intune.
- Log in to theAzureportal.
- Go toMicrosoft Azure > Azure Active Directory > App registrations.
- ClickNew registration.
- In theNamefield, enter a name for the app.
- Select which account types can use the application or access the API.
- In theRedirect URIsection, in the drop-down list, selectMobile Client/Desktopand enter a valid URL. The URL format is https://<FQDN_of_the_BlackBerry_UEM_server>:<port>/admin/intuneauth
- Copy theApplication IDof your application and paste it into a text file.This is theClient IDrequired inUEM.
- If you are creating the application to useMicrosoft Intune, in theManagesection, clickAPI permissions. Perform the following steps:
You can use the default permissions if you are creating the app to connect to theWindows Storefor Business.
- ClickAdd a permission.
- SelectMicrosoft Graph.
- SelectDelegated permissions.
- Scroll down in the permissions list and underDelegated Permissions, set the following permissions forMicrosoft Intune:
- Read and writeMicrosoft Intuneapps (DeviceManagementApps > DeviceManagementApps.ReadWrite.All)
- Read all groups (Group > Group.Read.All)
- Read all users' basic profile (User > User.ReadBasic.All)
- ClickAdd permissions.
- UnderGrant consent, clickGrant admin consent. You must be a global administrator to grant permissions.
- When you are prompted, clickYesto grant permissions for all accounts in the current directory.
- In theManagesection, clickCertificates and secrets. Perform the following actions:
- UnderClient secrets, clickNew client secret.
- Type a description for the client secret.
- Select a duration for the client secret.
- Copy the value of the new client secret.This is theClient Keythat is required inUEM.If you do not copy the value of your key at this time, you will have to create a new key because the value is not displayed after you leave this screen.