Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- Steps to install and activate the BlackBerry Connectivity Node
- Requirements: BlackBerry Connectivity Node
- Install and configure the BlackBerry Connectivity Node
- Create a server group to manage regional connections
- Troubleshooting: BlackBerry Connectivity Node
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enable and configure onboarding and offboarding
- Synchronize a directory connection
Connect BlackBerry UEM to Entra ID to create directory user accounts
Configuring BlackBerry UEM to manage Microsoft Intune app protection profiles
- Prerequisites to support Intune app protection
- Create an app registration in Entra
- Configure BlackBerry UEM to synchronize with Microsoft Intune
Configuring BlackBerry UEM as an Intune compliance partner in Entra
- Prerequisites to configure Entra ID conditional access
- Configure Entra ID conditional access
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
- Create a service account to authenticate with the Google domain
- Enable UEM to synchronize Chrome OS data
- Integrate UEM with the Google domain
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source BlackBerry server
- UEM migration best practices and considerations
- Connect to a source server
- Migrate IT policies, profiles, and groups from a source server
- Migrate users from a source server
- Migrate devices from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
  - Considerations for using a PAC file with BlackBerry Proxy
  - Configure BlackBerry Dynamics app proxy settings
- Methods for routing traffic for BlackBerry Dynamics apps
  - Example routing scenarios for BlackBerry Dynamics traffic
- Configuring Kerberos authentication for BlackBerry Dynamics apps
Encrypt the connection between BlackBerry UEM and Microsoft SQL Server
Integrating BlackBerry UEM with Cisco ISE
- Managing network access and device controls using Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Connect BlackBerry UEM to Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

Prerequisites for configuring KCD for
BlackBerry Dynamics
apps

Item	Description
Active Directory port	Port 88 on the Active Directory service must be accessible by all UEM servers.
Kerberos environment	The Kerberos environment must include the following components: Microsoft Active Directory server: The directory service that authenticates and authorizes all users and computers associated with your Windows network. Kerberos Key Distribution Center (KDC): The authentication service on the Active Directory server that supplies session tickets and keys to users and computers in the Active Directory domain. To use KCD with Microsoft 365 resources, the on-premises Active Directory domain must be integrated with Entra . For more information, see the Microsoft article "Integrate on-premises AD with Entra".
krb5.conf file	Your UEM environment requires a krb5.conf file with values specific to your KDC. It must include the following minimum settings: RC4 encryption: [libdefaults] allow_weak_crypto = true forwardable = true AES Keytab file: [libdefaults] forwardable = true If you use an AES Keytab file, you must create the file with an AES flag of /crypto AES256-SHA1 : ktpass /out outfilename.keytab /mapuser kerberos_account@REALM_IN_ALL_CAPS /princ kerberos_account@REALM_IN_ALL_CAPS /pass kerberos_account_password /ptype KRB5_NT_PRINCIPAL /crypto AES256-SHA1 You must specify the location of the krb5.conf file in Settings > BlackBerry Dynamics > Properties (see Configure KCD for BlackBerry Dynamics apps). For more information about constructing a krb5.conf file, see the MIT Kerberos Documentation.
Service Principal Names (SPN)	Create SPNs for all HTTP services, including the BlackBerry Enterprise Mobility Server . You must set an SPN for every target resource you want devices to have access to. For more information about how to create and modify SPNs, see Register a Service Principal Name for Kerberos Connections.
Multi-realm Kerberos environments	A minimum of one UEM Core must be installed in each Kerberos realm. UEM must reside in the same Kerberos realm as the resource because cross-realm resource delegation is not supported. Ensure that single-realm KCD is working before configuring multi-realm KCD. All trusts must be bidirectional, transitive forest trust. Ensure a maximum of 5 ms latency between the UEM Core instances and the Microsoft SQL Server database. If you upgrade from UEM version 12.19 or earlier to UEM 12.20 or later, you must do the following: Generate a new Kerberos keytab file and copy it to each UEM server (see step 2 in Configure KCD for BlackBerry Dynamics apps). In Settings > BlackBerry Dynamics > Properties, in the Service account name under which KCD service is running (gc.krb5.principal.name) field, specify the following: GCSvc/<UEM_Core_host_machine>

Section:

Configuring Kerberos authentication for BlackBerry Dynamics apps

Prerequisites for configuring KCD for BlackBerry Dynamics apps

Prerequisites for configuring KCD for
BlackBerry Dynamics
apps