Setting up work email for devices
Controlling which devices can access Exchange ActiveSync for work email and organizer data
Creating email profiles
- Create an email profile
- Email profile settings
Protecting email data sent to iOS devices using the BlackBerry Secure Gateway
- Configure BlackBerry UEM to trust the Exchange ActiveSync server or identity provider certificate
- Configure the BlackBerry Secure Gateway to use OAuth with supported TLS versions and ciphers
Enable the BlackBerry Hub app for Android Enterprise devices
Extending email security using S/MIME
Create an IMAP/POP3 email profile
Setting up CardDAV and CalDAV profiles for iOS and macOS devices
- Create a CardDAV profile
- Create a CalDAV profile

Associate a certificate with the
Entra
app ID of UEM for modern authentication

You can request and export a new client certificate from your CA server or use a self-signed certificate. The private key must be in .pfx format. The public key can be exported as a .cer or .pem file to upload to

Microsoft Entra ID

Complete one of the following tasks:

Certificate	Task
If you are using an existing CA server	Request the certificate. The certificate that you request must include the app name in the subject of the certificate. Where <`app name`> is the name you assigned the app in step 4 of Add an Entra app and obtain its Entra details for configuring modern authentication. Export the public key of the certificate as a .cer or .pem file. The public key is used for the Entra app ID that is created. Export the private key of the certificate as a .pfx file.
If you are using a self-signed certificate	Create a self-signed certificate using the New-SelfSignedCertificate command. For more information, visit docs.microsoft.com and read New-SelfSignedCertificate. On the computer running Microsoft Windows , open the Windows PowerShell . Enter the following command: $cert=New-SelfSignedCertificate -Subject "CN=<`app name`>" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature . Where <`app name`> is the name you assigned the app in step 4 of Add an Entra app and obtain its Entra details for configuring modern authentication. The certificate that you request must include the Entra app name in the subject field. Press Enter . Export the public key from the Microsoft Management Console (MMC). Make sure to save the public certificate as a .cer or .pem file. The public key is used for the Entra app ID that is created. On the computer running Windows , open the Certificate Manager for the logged in user. Expand Personal . Click Certificates . Right-click the <`user`>@<`domain`> and click All Tasks > Export . In the Certificate Export Wizard , click No, do not export private key . Click Next . Select Base-64 encoded X.509 (.cer) . Click Next . Provide a name for the certificate and save it to your desktop. Click Next . Click Finish . Click OK . Export the private key from the Microsoft Management Console (MMC). Make sure to include the private key and save it as a .pfx file. On the computer running Windows , open the Certificate Manager for the logged in user. Expand Personal . Click Certificates . Right-click the <`user`>@<`domain`> and click All Tasks > Export . In the Certificate Export Wizard , click Yes, export private key . Click Next . Select Personal Information Exchange – PKCS #12 (.pfx) . Click Next . Select the security method. Provide a name for the certificate and save it to your desktop. Click Next . Click Finish . Click OK .

Certificate

Task

If you are using an existing CA server

Request the certificate. The certificate that you request must include the app name in the subject of the certificate. Where <app name> is the name you assigned the app in step 4 of Add an Entra app and obtain its Entra details for configuring modern authentication.

Export the public key of the certificate as a .cer or .pem file. The public key is used for the

Entra

app ID that is created.

Export the private key of the certificate as a .pfx file.

If you are using a self-signed certificate

Create a self-signed certificate using the New-SelfSignedCertificate command. For more information, visit docs.microsoft.com and read New-SelfSignedCertificate.

On the computer running

Microsoft Windows

, open the

Windows PowerShell

Enter the following command:

$cert=New-SelfSignedCertificate -Subject "CN=<app name>" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature

. Where <app name> is the name you assigned the app in step 4 of Add an Entra app and obtain its Entra details for configuring modern authentication. The certificate that you request must include the

Entra

app name in the subject field.

Press

Enter

Export the public key from the

Microsoft

Management Console (MMC). Make sure to save the public certificate as a .cer or .pem file. The public key is used for the

Entra

app ID that is created.

On the computer running

Windows

, open the Certificate Manager for the logged in user.

Expand

Personal

Click

Certificates

Right-click the <user>@<domain> and click

All Tasks > Export

In the

Certificate Export Wizard

, click

No, do not export private key

Click

Select

Base-64 encoded X.509 (.cer)

. Click

Provide a name for the certificate and save it to your desktop.

Click

Finish

Click

Export the private key from the

Microsoft

Management Console (MMC). Make sure to include the private key and save it as a .pfx file.

On the computer running

Windows

, open the Certificate Manager for the logged in user.

Expand

Personal

Click

Certificates

Right-click the <user>@<domain> and click

All Tasks > Export

In the

Certificate Export Wizard

, click

Yes, export private key

Click

Select

Personal Information Exchange – PKCS #12 (.pfx)

. Click

Select the security method.

Provide a name for the certificate and save it to your desktop.

Click

Finish

Click

Upload the public certificate (.pem or .cer file) that you exported in step 1 to associate the certificate credentials with the

Entra

app ID of UEM.

In portal.azure.com, open the <app name> you assigned the app in step 4 of Add an Entra app and obtain its Entra details for configuring modern authentication.

Click

Certificates & secrets

In the

Certificates

section, click

Upload certificate

In the

Select a file

search field, navigate to the location where you exported the certificate.

Click

Add

Section:

Add an Entra app and obtain its Entra details for configuring modern authentication

Associate a certificate with the Entra app ID of UEM for modern authentication

Associate a certificate with the
Entra
app ID of UEM for modern authentication