BlackBerry Dynamics
profile settings

profiles are supported on the following device types:

iOS

macOS

Android

Windows

BlackBerry Dynamics profile setting	Description
Configuration
Require device management to use BlackBerry Dynamics apps	This setting specifies whether a device must be activated with MDM to use BlackBerry Dynamics apps.
Enable UEM Client to enroll in BlackBerry Dynamics	If a device is using the BlackBerry UEM Client , this setting specifies whether the BlackBerry Dynamics manages the activation of BlackBerry Dynamics apps and whether BlackBerry Dynamics apps can be used on the device. If this option is not selected, BlackBerry Dynamics apps could be removed from the device because the device will not be enabled for BlackBerry Dynamics . If you do not plan to use BlackBerry Dynamics in your environment, do not select this setting.
Enable BlackBerry Dynamics Launcher in UEM Client	This setting specifies whether the BlackBerry Dynamics Launcher icon appears in the UEM Client .
Enable BlackBerry Dynamics Launcher first time setup	When the BlackBerry Dynamics Launcher is enabled in the UEM Client and appears for the first time, this setting specifies whether the tutorial appears.
Start conditional access enrollment after authentication broker is installed	If you configure Entra ID conditional access, you can enable this setting to delay the conditional access enrollment process until the Microsoft Authenticator app is installed on the device. This setting is turned off by default. If enabled, after the Microsoft Authenticator app is installed, the conditional access enrollment process is initiated when the user opens the UEM Client . On Android devices, if the work profile is unlocked, the UEM Client will prompt the user to open the UEM Client to start the conditional access enrollment. This option does not apply to Android devices with the User privacy activation type (it does apply to devices with Android Enterprise user privacy and Android Management user privacy). For User privacy devices, conditional access enrollment is always initiated after the device is activated with UEM .
Password
Password expiration	This setting specifies whether the password for a BlackBerry Dynamics app expires and the number of days a password remains valid before it expires.
Do not allow previous passwords	This setting specifies whether previous passwords can be used and the maximum number of previous passwords that cannot be used for a BlackBerry Dynamics app.
Minimum password length	This setting specifies the minimum length of the password for a BlackBerry Dynamics app.
Allowed occurrences of a character	This setting specifies how many times a character can appear in a password for a BlackBerry Dynamics app.
Require both letters and numbers	This setting specifies whether the password must contain both letters and numbers for a BlackBerry Dynamics app.
Require both uppercase and lowercase	This setting specifies whether the password must contain both uppercase and lowercase letters for a BlackBerry Dynamics app.
Require at least one special character	This setting specifies whether the password must contain at least one special character for a BlackBerry Dynamics app.
Do not allow sequences of more than two numbers	This setting specifies whether the password can contain more than two sequential numbers (for example,1, 2, 3) for a BlackBerry Dynamics app.
Do not allow more than one password change per day	This setting specifies whether a password can be changed more than once every 24 hours for a BlackBerry Dynamics app.
Do not allow personal information	This setting specifies whether the following personal information can be used in a password for a BlackBerry Dynamics app: The user's first and last names (excluding initials) as recorded in Active Directory The part of an email address before the @ sign.
Allow Biometrics	This setting specifies whether BlackBerry Dynamics apps can be unlocked using biometric input when they are already open in the app switcher on iOS devices.
Enable Touch ID and Face ID from cold start	This setting specifies whether BlackBerry Dynamics apps can be unlocked using the selected biometric input methods when they are opened for the first time after a device restarts.
Permit fallback to device passcode if biometric authentication fails.	This option allows iOS biometric (TouchID/FaceID) authentication to fall back to the device passcode if biometric authentication fails.
Require password to be re-entered and disable Touch ID and Face ID	This setting specifies a period of time after which users must enter a password to unlock a BlackBerry Dynamics app and re-enable Touch ID , Face ID , or both.
Allow Android biometric authentication	This setting specifies whether BlackBerry Dynamics apps can be unlocked using any device-supported biometric authentication method. If this option is not selected, all Android biometric authentication features are blocked, including fingerprint, iris, and face recognition.
Enable Android biometric authentication after the device or app restarts	This setting specifies whether BlackBerry Dynamics apps can be unlocked using biometric authentication when they are opened for the first time after a device restarts.
Require password to be re-entered and disable Android biometric authentication	This setting specifies a period of time after which users must enter a password to unlock a BlackBerry Dynamics app and re-enable Android biometric authentication.
Do not require password	These settings specify whether a user can access a BlackBerry Dynamics app without entering a password.
Blocked password list
Blocked password file (.txt)	This setting specifies a list of banned passwords. You can download the previously uploaded list of banned passwords. Passwords in the list must meet the following requirements: each password must be separated by a hard return, only UTF-8 characters are supported, and passwords must be 14 characters or less.
Lock screen
Require password when BlackBerry Dynamics apps start	This setting specifies whether a password is required each time a BlackBerry Dynamics app is started. If you are using authentication delegation, do not select this option.
Require password after period of inactivity	This setting specifies the period of inactivity that must elapse before a password is required.
Take action after invalid password attempts	This setting specifies whether there is a limit to the number of times that a user can enter an incorrect password. If you select this rule, specify the number of times that a user can enter an incorrect password and the action that occurs after the limit has been reached.
Wearables
Allow WatchOS apps	This setting allows end users to pair their Apple WatchOS apps with the BlackBerry Dynamics apps on their iOS device.
Allow wearables	This setting specifies whether BlackBerry Dynamics apps can be used on an Android wearable device. If you select this rule, specify how much time must elapse before the wearable device is disconnected and whether the wearable can reconnect automatically. Beginning with UEM version 12.19, this setting has been deprecated.
App authentication delegation ( iOS and Android only)
App	You can designate a BlackBerry Dynamics app to act as the authentication delegate on behalf of other other BlackBerry Dynamics apps so that users do not have to create a password for each BlackBerry Dynamics app that they install. After an authentication delegate is configured, each time a user opens a BlackBerry Dynamics app, the device displays the password screen for the authentication delegate instead of the app that they are attempting to open. After the user enters the password for the authentication delegate, the user can open the BlackBerry Dynamics app. You can choose any app to be the authentication delegate for other apps, but it is recommended that you choose your most commonly used app to be the primary authentication delegate to provide the most seamless experience for the user. As a best practice, it is recommended that you set only one authentication delegate. This prevents unnecessarily complex and undesirable authentication delegate switching and simplifies administrative management. If a user accidentally deletes the authentication delegate, they must reinstall it. If more than one authentication delegate is required, for example, the primary authentication delegate does not exist for a given platform and an alternate delegate is configured, refer to the following recommendations to make sure that BlackBerry Dynamics apps are successfully installed and activated: Users should always install the primary authentication delegate first and they should not activate it using an already installed, alternate authentication delegate app. If the user already has an alternate authentication delegate installed and in use, and then later installs the primary authentication delegate, they need to make sure that the existing, installed authentication delegate is in an unlocked state to successfully complete the authentication. If the alternate authentication delegate has been force closed, the user will encounter various errors and may be blocked. Users must not delete the currently installed authentication delegate after they install their primary authentication delegate. Apps that are currently using that authentication delegate will need to automatically switch to the new authentication delegate when the app is next launched in online mode. If the primary authentication delegate is deleted, users should reactivate the authentication delegate using an access key. If they attempt to activate the authentication delegate with any other app, it may cause various errors. Even if the Allow self-authentication when no authentication delegate application is detected option is selected, or if an app that is designated as a secondary or tertiary authentication delegate is installed, there is no fallback mechanism to allow apps to change the authentication delegate without the original authentication delegate being installed and unlocked. Select the Allow self-authentication when no authentication delegate application is detect option if you want to allow the user to authenticate the app when an authentication delegate is not installed on a device.
Data leakage prevention
Do not allow copying data from BlackBerry Dynamics apps into non BlackBerry Dynamics apps	This setting specifies whether users can copy data from BlackBerry Dynamics apps into non BlackBerry Dynamics apps. iOS 18.0 and later includes the Apple Intelligence Writing Tools feature. For UEM 12.20 and earlier, if “Do not allow copying data from BlackBerry Dynamics apps into non BlackBerry Dynamics apps” is selected in the assigned profile, the Writing Tools feature is not available in BlackBerry Dynamics apps. This setting must be off (not selected) for Writing Tools to be available in BlackBerry Dynamics apps.
Do not allow copying data from non BlackBerry Dynamics apps into BlackBerry Dynamics apps	This setting specifies whether users can copy data from non BlackBerry Dynamics apps to BlackBerry Dynamics apps. If you are using an app-based PKI solution such as Purebred , do not select this option.
Do not allow Android dictation	This setting specifies whether Android device users can use voice dictation with BlackBerry Dynamics apps. This setting applies to application-specific uses of voice dictation and might not apply to the keyboard, which might allow dictation through other channels. To disable dictation on keyboards, you should also select "Enable Android keyboard restricted mode."
Do not allow screen capture and insecure video output on Android and Windows 10 devices	This setting specifies whether Android and Windows 10 device users can take screen captures and record insecure video in BlackBerry Dynamics apps.
Do not allow screen recording and sharing on iOS devices	This setting specifies whether iOS device users can share and record screens in BlackBerry Dynamics apps.
Do not allow iOS dictation	This setting specifies whether iOS device users can use voice dictation with BlackBerry Dynamics apps. This setting applies only to the system keyboard and does not apply to third-party keyboards.
Do not allow custom keyboards on iOS devices	This setting specifies whether iOS device users can use custom keyboards with BlackBerry Dynamics apps.
Do not allow custom keyboards on Android devices	This setting specifies whether Android device users can use custom keyboards with BlackBerry Dynamics apps.
Enable Android keyboard restricted mode	This setting specifies whether Android device users can use custom keyboards with BlackBerry Dynamics apps.
Enable FIPS	This setting specifies whether compliance with U.S. Federal Information Processing standard 140-2 is enforced. Federal Information Processing Standards (FIPS) are U.S. government regulations regarding computing and computing security. When you enable FIPS compliance, the major effect is on associated applications. Enabling FIPS compliance enforces the following constraints in conformance with FIPS: MD4 and MD5 are prohibited by FIPS, which means that access to NTLM- or NTLM2-protected web pages and files is blocked. Wrapped applications are blocked. In secure socket key exchanges with ephemeral keys, with servers that are not configured to use Diffie-Hellman keys of sufficient length, BlackBerry Dynamics retries with static RSA cipher suites.
Certificates
Enable device certificate store	This setting specifies whether BlackBerry Dynamics apps can get certificates from the device certificate store.
Detailed logging
Enable detailed logging for BlackBerry Dynamics apps	This setting specifies whether log files can be generated and uploaded from BlackBerry Dynamics apps.
Prevent users from turning on detailed logging in BlackBerry Dynamics apps	This setting specifies whether users can turn on the ability to generate and share detailed log files from BlackBerry Dynamics apps.
Agreement
Enable an agreement message for BlackBerry Dynamics apps	This setting specifies whether to display a message in BlackBerry Dynamics apps that the user must acknowledge. If authentication delegation is enabled, the message is displayed only in the authenticator app. If you select this rule, complete the following actions: Specify if the message is displayed each time the app is unlocked, otherwise the message is only displayed the first time the user opens the app. In the Message field, create the message that you want to display. On Android devices, only the first 4000 characters are displayed.

Section:

Controlling BlackBerry Dynamics on users devices

BlackBerry Dynamics profile settings

BlackBerry Dynamics
profile settings