Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
Connecting BlackBerry UEM to Microsoft Entra ID
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
Integrating BlackBerry UEM with Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

UEM
migration best practices and considerations

Migrating IT policies, profiles, and groups

Item	Considerations and best practices
Items copied from a source UEM server	Selected IT policies Email profiles Wi-Fi profiles VPN profiles Proxy profiles BlackBerry Dynamics connectivity profiles BlackBerry Dynamics profiles App configuration settings CA certificate profiles Shared certificate profiles Certificate retrieval User credential profiles SCEP profiles CRL profiles OSCP profiles Certification authority settings (Entrust and PKI connector only) Client certificates (app usage) Any policies and profiles that are associated with the policies and profiles you select
Items copied from a source Good Control server to UEM on-premises only	Policy sets Connectivity profiles App groups App usage (for certificates) Certificates
Group migration	User, role, and software configuration assignments are not migrated. You must manually recreate these assignments on the destination UEM server.
IT policy passwords	If any of the source IT policies you selected for Android devices has a minimum password length of less than 4 or more than 16, no UEM IT policies or profiles can be migrated. Change the source IT policy accordingly.
Profile names	After migration, you must make sure that all SCEP, user credential, shared certificate, and CA certificate profiles have unique names. If two profiles of the same type have the same name, you must edit one of the profile names.
BlackBerry Dynamics connectivity profiles	he values from the App servers tab are not migrated. The values are populated using the default values from the destination UEM server. Some of the values from the Infrastructure tab are not migrated. The administrator must manually edit each migrated profile and set the values for the Primary BlackBerry Proxy cluster and the Secondary BlackBerry Proxy cluster.
App groups ( Good Control to UEM on-premises only)	The Everyone group is migrated but has no users assigned to it and is not related to the All Users group on the destination UEM server.
Certificate usage ( UEM )	Certificate usage is migrated, except for: Certificate usages that already exist on the destination server Non- BlackBerry Dynamics apps Custom apps from another Good Control organization
Post-migration tasks for BlackBerry Dynamics users	After you migrate users, devices, groups, and other data from Good Control to UEM on-premises, or from a source UEM on-premises server to UEM Cloud , complete the following tasks: Assign app configurations to BlackBerry Dynamics apps in groups. Assign connectivity profiles to groups. Assign migrated BlackBerry Dynamics policies and Good Control compliance policies to users. Set override profiles ( BlackBerry Dynamics profiles and compliance profiles). Move .json file configurations from Good Control to UEM . In migrated connectivity profiles, specify the information for app servers and BlackBerry Proxy clusters.

Migrating users

Item
Maximum number of users	You can migrate a maximum of 1000 users at a time from a source server. If you select more than the maximum number of users, only the maximum number are migrated and the rest are skipped. You can repeat the migration process as needed to migrate all the users from the source server.
Email address	Only users with an associated email address can be migrated. You can't migrate a user who already uses the same email address in the destination UEM server. If two users in the source database have the same email address, only one user is displayed on the Migrate users screen.
Groups	You can filter users with no group assignment to include this set of users for a migration. You can't migrate a user who is an owner of a shared device group. The user does not appear in the list of users to migrate.
BlackBerry UEM Self-Service	After migration, the user must use the same login information for BlackBerry UEM Self-Service that they used before migration. After migration, local users must change their password after they log in to BlackBerry UEM Self-Service for the first time. Users who did not have permission to access BlackBerry UEM Self-Service before migration are not automatically granted permission after migration.

Migrating devices from a source server

Item	Considerations and best practices
Validate configuration	It is a best practice to migrate one device for each unique configuration (for example, different groups, policies, app configurations, and so on) to make sure the destination server is configured correctly before migrating the rest of your devices.
Maximum number of devices	You can migrate a maximum of 2000 devices at a time from a source server.
Users	The device users must exist in the destination UEM domain. You must migrate all of a user's devices at the same time.
Managed iOS devices from a UEM source	Devices must have the latest version of the UEM Client . Devices that are assigned an App lock profile can't be migrated because the UEM Client can't be opened for the migration. Migration of Apple DEP devices is not supported. DEP devices must be factory reset and reactivated on the new UEM instance. For more information, see KB 100525. User enrollment devices cannot be migrated. In the app settings for all applicable apps, clear the Remove the app from the device when the device is removed from BlackBerry UEM check box. If you attempt to migrate without performing this step, the app is removed and the device may be unenrolled from UEM .
Managed Android devices from a UEM source	Android Enterprise devices must have the latest version of the UEM Client installed. You can't migrate Android devices that have a work profile using a Google account or Google domain.
Chrome OS devices	You can migrate Chrome OS devices from a UEM source server.
Devices that are not supported for migration	Windows macOS
Shared device group	You can't migrate a device that belongs to a shared device group. These devices do not appear in the migration list.
BlackBerry Dynamics -enabled devices	In the Migrate devices screen, the Incompatible containers column displays the number of BlackBerry Dynamics apps for each device that can't be migrated and the total number of BlackBerry Dynamics apps for each device. Click on the number to see the BlackBerry Dynamics apps that are incompatible with migration. BlackBerry Access for Windows , BlackBerry Access for macOS , and BlackBerry Bridge are not supported for migration. After the migration is complete, users must re-enroll these apps. The migration process does not track or guarantee migration of the UEM Client and apps activated on a device after that device's data is cached. It is a best practice to refresh the user cache before each migration. BlackBerry Dynamics -enabled devices are always enrolled for BlackBerry Dynamics on the destination server. For migrations from a Good Control (standalone) instance, Good Dynamics MDM enrollments are not migrated. If a user has more than one device with BlackBerry Dynamics apps, all the devices are automatically selected for migration. If a user forgets the password for a BlackBerry Dynamics app after migration has been initiated, but before the container has completed migration, the unlock access key must be obtained from the UEM source server. After the migration is complete, the key must be obtained from the destination UEM server. To trigger the migration on the device, it is a best practice to first open the app that is configured as the authentication delegate on the device.

Section:

Migrating users, devices, groups, and other data from a source server

UEM migration best practices and considerations

Migrating IT policies, profiles, and groups

Migrating users

Migrating devices from a source server

UEM
migration best practices and considerations