Get the PDF

Activation types:
Android
devices

For

Android

devices, you can select multiple activation types and rank them to ensure that

BlackBerry UEM

assigns the most appropriate activation type for the device. For example, if you rank

Work and personal - user privacy

(

Samsung Knox

) first and

Work and personal - user privacy

(

Android Enterprise

) second, devices that support

Samsung Knox Workspace

receive the first activation type and devices that don't support

Samsung Knox Workspace

receive the second.

Android Management
devices

Before activating devices with

Android Management

activation types, review the Considerations for Android Management activation types.

Activation type	Description
Work and personal - user privacy ( Android Management with work profile)	This activation type maintains privacy for personal data but allows you to manage work data using commands and IT policy rules. A work profile is created on the device that separates work and personal data. Work and personal data are both protected using encryption and password authentication.
Work and personal - full control ( Android Management fully managed device with work profile)	This activation type allows you to manage the entire device using commands and IT policy rules. A work profile is created on the device that separates work and personal data. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. This activation type supports logging of device activity (SMS, MMS, and phone calls) in UEM log files. Following activation, Work and personal - full control devices have only a limited set of the standard pre-installed apps, such as Camera, Phone, and Settings, in the personal space. The list of retained pre-installed apps depends on the device vendor and OS version. This activation type requires the device to be reset to factory default settings before it is activated. If the BlackBerry UEM Client is deleted or the work profile is removed from the device, it is automatically reset to factory default settings.
Work space only ( Android Management fully managed device)	This activation type allows you to manage the entire device using commands and IT policy rules. This activation type requires the user to reset the device to factory settings before activating. The activation process installs a work profile and no personal profile. The user must create a password to access the device. All data on the device is protected using encryption and a method of authentication such as a password. During activation, the device installs the UEM Client automatically and grants it Administrator permissions. Users cannot revoke the Administrator permissions or uninstall the app. Following activation, Work space only devices have only a limited set of the standard pre-installed apps, such as Camera, Phone, and Settings, plus any apps you have assigned with a required disposition. The list of retained pre-installed apps depends on the device vendor and OS version. This activation type requires the device to be reset to factory default settings before it is activated. If the UEM Client is deleted or the work profile is removed from the device, it is automatically reset to factory default settings.

Android Enterprise
devices

Activation type	Description
Work and personal - user privacy ( Android Enterprise with work profile)	This activation type maintains privacy for personal data but allows you to manage work data using commands and IT policy rules. A work profile is created on the device that separates work and personal data. Work and personal data are both protected using encryption and password authentication. To allow Google Play app management for Android Enterprise devices, select "Add Google Play to the workspace" in the activation profile (enabled by default). If the device does not have access to Google Play , the user must download the latest UEM Client from a different source. To download the .apk file of the latest UEM Client , see KB 42607. To enable BlackBerry Secure Connect Plus and Knox Platform for Enterprise support, you must select the "When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus" option in the activation profile. Users do not have to grant Administrator permissions to the UEM Client .
Work and personal - full control ( Android Enterprise fully managed device with work profile)	This activation type allows you to manage the entire device using commands and IT policy rules. A work profile is created on the device that separates work and personal data. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. This activation type supports logging of device activity (SMS, MMS, and phone calls) in UEM log files. To allow Google Play app management for Android Enterprise devices, select "Add Google Play account to the work space" in the activation profile (enabled by default). Following activation, Work and personal - full control devices have only a limited set of the standard pre-installed apps, such as Camera, Phone, and Settings, in the personal space. The list of retained pre-installed apps depends on the device vendor and OS version. To enable BlackBerry Secure Connect Plus and Knox Platform for Enterprise support, you must select the "When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus" option in the activation profile. To specify whether UEM can limit activation by device ID, select "Allow only approved device IDs" in the activation profile. This activation type requires the device to be reset to factory default settings before it is activated. If the UEM Client is deleted or the work profile is removed from the device, it is automatically reset to factory default settings. During activation users must grant Administrator permissions to the UEM Client .
Work space only ( Android Enterprise fully managed device)	This activation type allows you to manage the entire device using commands and IT policy rules. It requires the user to reset the device to factory settings before activation. The activation process installs a work profile and no personal profile. The user must create a password to access the device. All data on the device is protected using encryption and a method of authentication such as a password. To allow Google Play app management for Android Enterprise devices, select "Add Google Play to the workspace" in the activation profile (enabled by default). If the device does not have access to Google Play , the user can download the UEM Client using an .apk file of the app. You can configure and include a QR Code that contains the location of the UEM Client source file in the activation email message that you send to users. When a user scans the QR Code code, the UEM Client automatically downloads. To configure and include a QR Code in the activation email message, you must select the “Allow QR codes for device activation” check box in the Activation defaults page (Settings > General settings > Activation defaults). You must also select the “Allow QR code to contain location of UEM Client app source file” check box and specify the location of the UEM Client app source file. To get the .apk file of the latest version of the UEM Client , see KB 42607. During activation, the device installs the UEM Client automatically and grants it Administrator permissions. Users cannot revoke the Administrator permissions or uninstall the app. Following activation, Work space only devices have only a limited set of the standard pre-installed apps, such as Camera, Phone, and Settings, plus any apps you have assigned with a required disposition. The list of retained pre-installed apps depends on the device vendor and OS version. To enable BlackBerry Secure Connect Plus and Knox Platform for Enterprise support, you must select the "When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus" option in the activation profile. To specify whether UEM can limit activation by device ID, select "Allow only approved device IDs" in the activation profile. This activation type requires the device to be reset to factory default settings before it is activated. If the UEM Client is deleted or the work profile is removed from the device, it is automatically reset to factory default settings.

Android
devices without a work profile

The following activation types apply to all

Android

devices.

Activation type	Description
User privacy	You can use the User privacy activation type to provide basic control of devices, including work app management, while making sure that users' personal data remains private. A separate container is not created on the device. To provide security for work data you can install BlackBerry Dynamics apps. Devices activated with User privacy can use services such as Find my Phone and Root Detection, but administrators cannot control device policies. You can also use the User privacy activation type to activate Chrome OS devices so that you can install and manage Android BlackBerry Dynamics apps.
Device registration for BlackBerry 2FA only	This activation type supports the BlackBerry 2FA solution for devices that UEM does not manage. This activation type does not provide any device management or controls, but it allows devices to use the BlackBerry 2FA feature. To use this activation type, you must also assign the BlackBerry 2FA profile to users. When a device is activated, you can view limited device information in the management console, and you can deactivate the device using a command. This activation type is supported only for Microsoft Active Directory users. For more information, see the BlackBerry 2FA content.

Activation type

Description

User privacy

You can use the

User privacy

activation type to provide basic control of devices, including work app management, while making sure that users' personal data remains private. A separate container is not created on the device. To provide security for work data you can install

BlackBerry Dynamics

apps. Devices activated with

User privacy

can use services such as Find my Phone and Root Detection, but administrators cannot control device policies.

You can also use the

User privacy

activation type to activate

Chrome OS

devices so that you can install and manage

Android

BlackBerry Dynamics

apps.

Device registration for

BlackBerry 2FA

only

This activation type supports the

BlackBerry 2FA

solution for devices that

UEM

does not manage. This activation type does not provide any device management or controls, but it allows devices to use the

BlackBerry 2FA

feature. To use this activation type, you must also assign the

BlackBerry 2FA

profile to users.

When a device is activated, you can view limited device information in the management console, and you can deactivate the device using a command.

This activation type is supported only for

Microsoft Active Directory

users.

For more information, see the BlackBerry 2FA content.

Samsung Knox Workspace
devices

Samsung Knox

activation types will be deprecated in a future release. Devices that support

Knox Platform for Enterprise

can be activated using the

Android Enterprise

activation types. For more information, see KB 54614.

Activation type	Description
Work and personal - user privacy - ( Samsung Knox )	This activation type maintains privacy for personal data but allows you to manage work data using commands and IT policy rules. This activation type does not support the Knox MDM IT policy rules. A separate work space is created on the device, and the user must create a password to access the work space. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. The user must also create a screen lock password to protect the entire device and will not be able to use USB debugging mode. During activation, users must grant Administrator permissions to the UEM Client .
Work and personal - full control ( Samsung Knox )	This activation type allows you to manage the entire device using commands and the Knox MDM and Knox Workspace IT policy rules. A separate work space is created on the device and the user must create a password to access the work space. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. During activation users must grant Administrator permissions to the UEM Client .

Activation type

Description

Work and personal - user privacy

- (

Samsung Knox

)

This activation type maintains privacy for personal data but allows you to manage work data using commands and IT policy rules. This activation type does not support the

Knox

MDM IT policy rules. A separate work space is created on the device, and the user must create a password to access the work space. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. The user must also create a screen lock password to protect the entire device and will not be able to use USB debugging mode.

During activation, users must grant Administrator permissions to the

UEM Client

Work and personal - full control

(

Samsung Knox

)

This activation type allows you to manage the entire device using commands and the

Knox

MDM and

Knox Workspace

IT policy rules. A separate work space is created on the device and the user must create a password to access the work space. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint.

During activation users must grant Administrator permissions to the

UEM Client

Section:

Activating devices with BlackBerry UEM

Activation types: Android devices

Android Management devices

Android Enterprise devices

Android devices without a work profile

Samsung Knox Workspace devices

Activation types:
Android
devices

Android Management
devices

Android Enterprise
devices

Android
devices without a work profile

Samsung Knox Workspace
devices