Managing device configurations Skip Navigation

Managing device configurations

This guide provides instructions for using
BlackBerry UEM
profiles, IT policies, and other key features to configure work devices to meet your organization's needs and security requirements.
Task
Description
Configure and assign
UEM
profiles to users and groups to manage a wide variety of device features and capabilities for all device types.
Use variables in profiles, compliance notifications, activation emails, and event notifications to customize configurations and messages for individual users.
Use email templates to customize and personalize email messages that
UEM
sends to users for various reasons, including providing instructions for device activation, notifying users about compliance issues, and providing access keys for
BlackBerry Dynamics
apps.
Use IT policies to control device features and functionality. For example, you can use IT policy rules to enforce password requirements, prevent the use of certain device features (for example, the camera), and control the availability of certain apps.
Display a support message on
Android
devices when a feature is disabled by an IT policy.
Use compliance profiles to encourage users to follow your organization’s device standards. A compliance profile defines the device conditions that are not acceptable in your organization, and specifies enforcement actions for
UEM
to carry out if the user does not correct compliance issues.
You can send various commands to manage user accounts and devices. For example, you can send a command to lock a device or to delete all work data from a device.
Use device SR requirements profiles to control how device software updates are installed on devices.
Use
Enterprise Management Agent
profiles to configure how devices contact
UEM
for app or configuration updates.
Use organization notices and device profiles to display organization information on devices.
Use location service profiles to request the location of devices and view their approximate locations on a map.
Use the Activation Lock feature on
iOS
devices to allow users to protect their devices if they are lost or stolen. When the feature is enabled, the user must confirm the
Apple
ID and password to disable Find My
iPhone
, erase the device, or reactivate and use the device.
Use custom payload profiles to control features on
iOS
devices that aren’t controlled by existing
UEM
policies or profiles.
Use factory reset protection profiles to control the factory reset protection feature for your organization’s
Android Enterprise
and
Android Management
devices.
Send challenges to test the authenticity and integrity of
Samsung Knox
,
Android
, and
Windows 10
devices.
Use
Windows
Information Protection profiles to protect and manage work data on
Windows 10
devices.
When you activate
iOS
or
macOS
devices, by default, the devices are assigned to a hardened data channel. If you have any
iOS
or
macOS
devices that are not currently using a hardened data channel, you can export a list of these devices and take action to move the devices to a hardened channel.