Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- Steps to install and activate the BlackBerry Connectivity Node
- Requirements: BlackBerry Connectivity Node
- Install and configure the BlackBerry Connectivity Node
- Create a server group to manage regional connections
- Troubleshooting: BlackBerry Connectivity Node
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enable and configure onboarding and offboarding
- Synchronize a directory connection
Connect BlackBerry UEM to Entra ID to create directory user accounts
Configuring BlackBerry UEM to manage Microsoft Intune app protection profiles
- Prerequisites to support Intune app protection
- Create an app registration in Entra
- Configure BlackBerry UEM to synchronize with Microsoft Intune
Configuring BlackBerry UEM as an Intune compliance partner in Entra
- Prerequisites to configure Entra ID conditional access
- Configure Entra ID conditional access
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
- Create a service account to authenticate with the Google domain
- Enable UEM to synchronize Chrome OS data
- Integrate UEM with the Google domain
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source BlackBerry server
- UEM migration best practices and considerations
- Connect to a source server
- Migrate IT policies, profiles, and groups from a source server
- Migrate users from a source server
- Migrate devices from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
  - Considerations for using a PAC file with BlackBerry Proxy
  - Configure BlackBerry Dynamics app proxy settings
- Methods for routing traffic for BlackBerry Dynamics apps
  - Example routing scenarios for BlackBerry Dynamics traffic
- Configuring Kerberos authentication for BlackBerry Dynamics apps
Encrypt the connection between BlackBerry UEM and Microsoft SQL Server
Integrating BlackBerry UEM with Cisco ISE
- Managing network access and device controls using Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Connect BlackBerry UEM to Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

Prerequisites to configure
Entra ID
conditional access

Verify that you have a

Microsoft

account with an

Intune

license and with one of the following permissions in the

Entra

portal: global administrator, limited administrator with the Intune Service administrator role, or a custom role with the permissions described in KB 50341.

In the

Microsoft

Endpoint Manager admin center, in the section for Partner Compliance Management, add

BlackBerry UEM Entra Conditional Access

as a compliance partner for

iOS

and

Android

devices and assign it to users and groups.

Entra ID

, create and configure a conditional access profile and enable the option "Require device to be marked as compliant". Note that this is the only conditional access profile setting that

UEM

interacts with.

To use this feature, device users must meet the following requirements:

Users must exist in

Entra ID

and must have a valid

Intune

license. For more information, see Microsoft Intune licenses.

If you synchronize your on-premises

Active Directory

with

Entra ID

, users’ on-premises

Active Directory

UPN must match their

Entra ID

UPN.

Users must be added to

UEM

as directory users.

After you verify the prerequisites above, follow the steps in Configure Entra ID conditional access.

Note that the configuration steps will instruct you to enable the

UEM Client

to enroll in

BlackBerry Dynamics

and to install the

UEM Client

on devices.

The steps will instruct you to install the

Microsoft Authenticator

app on users' devices before activation with

UEM

. If you want to delay conditional access enrollment on the device until the

Microsoft Authenticator

app is installed (either manually by the user or deployed with

UEM

), you can enable the "Start conditional access enrollment after authentication broker is installed" setting in the assigned

BlackBerry Dynamics

profile. Note that this option is not supported for

Android

devices with the User privacy activation type (it does apply to

Android Enterprise

user privacy and

Android Management

user privacy). If enabled, after the

Microsoft Authenticator

app is installed, the conditional access enrollment process is initiated when the user opens the

UEM Client

. On

Android

devices, if the work space is unlocked, the user will be prompted to open the

UEM Client

to start the conditional access enrollment.

Section:

Configuring BlackBerry UEM as an Intune compliance partner in Entra

Prerequisites to configure Entra ID conditional access

Prerequisites to configure
Entra ID
conditional access