Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
Connecting BlackBerry UEM to Microsoft Entra ID
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
Integrating BlackBerry UEM with Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

Prerequisites for configuring KCD for
BlackBerry Dynamics
apps

Item	Description
Active Directory port	Port 88 on the Active Directory service must be accessible by all UEM servers.
Kerberos environment	The Kerberos environment must include the following components: Microsoft Active Directory server: The directory service that authenticates and authorizes all users and computers associated with your Windows network. Kerberos Key Distribution Center (KDC): The authentication service on the Active Directory server that supplies session tickets and keys to users and computers in the Active Directory domain. To use KCD with Microsoft Office 365 resources, the on-premises Active Directory domain must be integrated with Entra . For more information, see the Microsoft article "Integrate on-premises AD with Entra".
Service Principal Names (SPN)	Create SPNs for all HTTP services, including the BlackBerry Enterprise Mobility Server . You must set an SPN for every target resource you want devices to have access to. For more information about how to create and modify SPNs, see Register a Service Principal Name for Kerberos Connections.
Multi-realm Kerberos environments	A minimum of one UEM Core must be installed in each Kerberos realm. UEM must reside in the same Kerberos realm as the resource because cross-realm resource delegation is not supported. Ensure that single-realm KCD is working before configuring multi-realm KCD. All trusts must be bidirectional, transitive forest trust. Ensure a maximum of 5 ms latency between the UEM Core instances and the Microsoft SQL Server database.

Section:

Configuring Kerberos authentication for BlackBerry Dynamics apps

Prerequisites for configuring KCD for BlackBerry Dynamics apps

Prerequisites for configuring KCD for
BlackBerry Dynamics
apps