Using

BlackBerry Secure Connect Plus

for connections to work resources

BlackBerry Secure Connect Plus

is a

BlackBerry UEM

component that provides a secure IP tunnel between apps and your organization's network:

For
Android Enterprise
devices, all work apps use the secure tunnel.
For
Samsung Knox Workspace
devices and
Samsung Knox
devices with
Android Enterprise
activations, you can allow all work space apps to use the tunnel or specify apps using per-app VPN.
For
iOS
and
iPadOS
devices, you can allow all apps to use the tunnel or specify apps using per-app VPN.

The secure IP tunnel gives users access to work resources behind your organization’s firewall while ensuring the security of data using standard protocols and end-to-end encryption.

BlackBerry Secure Connect Plus

and a supported device establish a secure IP tunnel when it is the best available option for connecting to the organization’s network. If a device is assigned a

Wi-Fi

profile or VPN profile, and the device can access the work

Wi-Fi

network or VPN, the device uses those methods to connect to the network. If those options are not available (for example, if the user is not in range of the work

Wi-Fi

network), then

BlackBerry Secure Connect Plus

and the device establish a secure IP tunnel.

If you configure per-app VPN for

BlackBerry Secure Connect Plus

for

iOS

and

iPadOS

devices, the configured apps always use a secure tunnel connection through

BlackBerry Secure Connect Plus

, even if the app can connect to the work

Wi-Fi

network or the VPN specified in a VPN profile.

Supported devices communicate with

BlackBerry UEM

to establish the secure tunnel through the

BlackBerry Infrastructure

. One tunnel is established for each device. The tunnel supports standard IPv4 protocols (TCP and UDP) and the IP traffic that is sent between devices and

UEM

is encrypted end-to-end using AES256. As long as the tunnel is open, apps can access network resources. When the tunnel is no longer required (for example, the user is in range of the work

Wi-Fi

network), it is terminated.

When you enable

BlackBerry Secure Connect Plus

, you perform the following actions:

Step	Action
	Verify that your organization's BlackBerry UEM domain meets the requirements to use BlackBerry Secure Connect Plus .
	Enable BlackBerry Secure Connect Plus in the Default enterprise connectivity profile or in a custom enterprise connectivity profile that you create.
	Optionally, specify the DNS settings for the BlackBerry Connectivity app.
	If you have an on-premises environment that includes Android Enterprise devices and Samsung Knox Workspace devices that are BlackBerry Dynamics enabled, optimize secure tunnel connections.
	Assign the enterprise connectivity profile to user accounts and groups.