Managing device configurations
This guide provides instructions for using
BlackBerry UEMprofiles, IT policies, and other key features to configure work devices to meet your organization's needs and security requirements.
Configure and assign
UEMprofiles to users and groups to manage a wide variety of device features and capabilities for all device types.
Use variables in profiles, compliance notifications, activation emails, and event notifications to customize configurations and messages for individual users.
Use email templates to customize and personalize email messages that
UEMsends to users for various reasons, including providing instructions for device activation, notifying users about compliance issues, and providing access keys for
Use IT policies to control device features and functionality. For example, you can use IT policy rules to enforce password requirements, prevent the use of certain device features (for example, the camera), and control the availability of certain apps.
Display a support message on
Androiddevices when a feature is disabled by an IT policy.
Use compliance profiles to encourage users to follow your organization’s device standards. A compliance profile defines the device conditions that are not acceptable in your organization, and specifies enforcement actions for
UEMto carry out if the user does not correct compliance issues.
You can send various commands to manage user accounts and devices. For example, you can send a command to lock a device or to delete all work data from a device.
Use device SR requirements profiles to control how device software updates are installed on devices.
Enterprise Management Agentprofiles to configure how devices contact
UEMfor app or configuration updates.
Use organization notices and device profiles to display organization information on devices.
Use location service profiles to request the location of devices and view their approximate locations on a map.
Use the Activation Lock feature on
iOSdevices to allow users to protect their devices if they are lost or stolen. When the feature is enabled, the user must confirm the
AppleID and password to disable Find My
iPhone, erase the device, or reactivate and use the device.
Use custom payload profiles to control features on
iOSdevices that aren’t controlled by existing
UEMpolicies or profiles.
Use factory reset protection profiles to control the factory reset protection feature for your organization’s
Send challenges to test the authenticity and integrity of
WindowsInformation Protection profiles to protect and manage work data on
When you activate
macOSdevices, by default, the devices are assigned to a hardened data channel. If you have any
macOSdevices that are not currently using a hardened data channel, you can export a list of these devices and take action to move the devices to a hardened channel.