Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- Steps to install and activate the BlackBerry Connectivity Node
- Requirements: BlackBerry Connectivity Node
- Install and configure the BlackBerry Connectivity Node
- Create a server group to manage regional connections
- Troubleshooting: BlackBerry Connectivity Node
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enable and configure onboarding and offboarding
- Synchronize a directory connection
Connect BlackBerry UEM to Entra ID to create directory user accounts
Configuring BlackBerry UEM to manage Microsoft Intune app protection profiles
- Prerequisites to support Intune app protection
- Create an app registration in Entra
- Configure BlackBerry UEM to synchronize with Microsoft Intune
Configuring BlackBerry UEM as an Intune compliance partner in Entra
- Prerequisites to configure Entra ID conditional access
- Configure Entra ID conditional access
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
- Create a service account to authenticate with the Google domain
- Enable UEM to synchronize Chrome OS data
- Integrate UEM with the Google domain
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source BlackBerry server
- UEM migration best practices and considerations
- Connect to a source server
- Migrate IT policies, profiles, and groups from a source server
- Migrate users from a source server
- Migrate devices from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
  - Considerations for using a PAC file with BlackBerry Proxy
  - Configure BlackBerry Dynamics app proxy settings
- Methods for routing traffic for BlackBerry Dynamics apps
  - Example routing scenarios for BlackBerry Dynamics traffic
- Configuring Kerberos authentication for BlackBerry Dynamics apps
Encrypt the connection between BlackBerry UEM and Microsoft SQL Server
Integrating BlackBerry UEM with Cisco ISE
- Managing network access and device controls using Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Connect BlackBerry UEM to Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

Changing the certificates that
BlackBerry UEM
uses for authentication

When you install

BlackBerry UEM

on-premises, the setup application generates several self-signed certificates that are used to authenticate communication between various

UEM

components and with devices. You can change the certificates if your organization's security policy requires that certificates be signed by your organization's CA, or if you want to use certificates issued by a CA that devices and browsers already trust.

If problems occur when you change a certificate, communication between

UEM

components and between

UEM

and devices can be disrupted. If you choose to change any certificates, plan and test the change carefully.

You can change the following certificates:

Certificate	Description
Apple profile signing certificate	This is the certificate that UEM uses to sign the MDM profile that users must accept when they activate iOS devices. If you are using a certificate signed by a CA, verify that the root certificate for the CA is installed on users' iOS devices before activation.
SSL certificate for consoles	This is the SSL certificate that the management console and UEM Self-Service use to authenticate browsers. If you configure high availability, the certificate must have the name of the UEM domain. You can find the domain name in the management console under Settings > Infrastructure > Instances.
SSL certificates for the BlackBerry Web Services	This is the SSL certificate that the BlackBerry Web Services use to authenticate applications that use the BlackBerry Web Services APIs to manage UEM . If you configure high availability, the certificate must have the name of the UEM domain. You can find the domain name in the management console under Settings > Infrastructure > Instances.
SSL certificate for BlackBerry Dynamics apps	This is the SSL certificate that the BlackBerry Dynamics Launcher uses to establish a secure communication channel with UEM . BlackBerry Dynamics apps that include the integrated BlackBerry Dynamics Launcher can present the certificate to UEM to authenticate with the server.
Certificate for application management	This is the SSL certificate that is used for authentication between UEM and BlackBerry Dynamics apps. The root CA certificate is stored in the list of trusted CA certificates on the device. When the server authenticates with the device, the server presents this certificate to the device for validation. If you change this certificate and the change becomes effective before UEM pushes the certificate to all BlackBerry Dynamics apps, any apps that did not receive the certificate must be reactivated.
Certificate for Direct Connect	This is the SSL certificate that is used for authentication between a BlackBerry Proxy server configured for BlackBerry Dynamics Direct Connect and BlackBerry Dynamics apps on devices. When you update this certificate, the new version will always be sent to devices over a non- BlackBerry Dynamics Direct Connect connection. Any devices or containers that are not online at the time of the change will receive the update when they come back online. Updating this certificate should be done on the UEM server and any applicable networking appliances at the same time. For more information on setting up Direct Connect , see Configuring Direct Connect with BlackBerry UEM.
Certificate for BlackBerry Dynamics servers	This is the SSL certificate that authenticates connections between UEM and BlackBerry Proxy .

Considerations for changing BlackBerry Dynamics certificates

Change a BlackBerry UEM certificate

Changing the certificates that BlackBerry UEM uses for authentication

Changing the certificates that
BlackBerry UEM
uses for authentication