Setting up work email for devices
Controlling which devices can access Exchange ActiveSync for work email and organizer data
Creating email profiles
- Create an email profile
- Email profile settings
Protecting email data sent to iOS devices using the BlackBerry Secure Gateway
- Configure BlackBerry UEM to trust the Exchange ActiveSync server or identity provider certificate
- Configure the BlackBerry Secure Gateway to use OAuth with supported TLS versions and ciphers
Enable the BlackBerry Hub app for Android Enterprise devices
Extending email security using S/MIME
Create an IMAP/POP3 email profile
Setting up CardDAV and CalDAV profiles for iOS and macOS devices
- Create a CardDAV profile
- Create a CalDAV profile

Create a gatekeeping configuration

You can create a gatekeeping configuration so that devices that comply with your organization's security policies can connect to the

Microsoft Exchange Server

Microsoft 365

Configure Microsoft IIS permissions for gatekeeping.

If you want to use modern authentication, Add an Entra app and obtain its Entra details for configuring modern authentication.

Do one of the following:

If you have

BlackBerry UEM

in an on-premises environment, on the menu bar, click

Settings > External integration > Microsoft Exchange gatekeeping

If you have

BlackBerry UEM Cloud

, in the

BlackBerry Connectivity Node

console (http:/localhost:8088), click

General settings > BlackBerry Gatekeeping Service

In the

Microsoft Exchange Server

list section, click

Perform one of the following tasks:

Task	Steps
Connect to Microsoft 365 using modern authentication	Before you configure BlackBerry UEM to use modern authentication, you must generate a certificate that has public and private keys. You can use OpenSSL or PowerShell to generate the certificate. For more information, refer to Associate a certificate with the Entra app ID for modern authentication. Select the Modern authentication check box. In the Exchange Online connection name field, type a name for the connection. Click Browse and select the certificate to use for authentication. In the Certificate password field, type the password for the certificate. Specify your Entra Application ID . Specify your Entra organization .
Connect to your Microsoft Exchange Server or Microsoft 365 using basic authentication	In the Server name field, type the name of the Microsoft Exchange Server or Microsoft 365 environment that you want to manage access to. Type the username and password for the account that you created to manage Exchange ActiveSync gatekeeping. In the Authentication type drop-down list, select the type of authentication that is used for the Microsoft Exchange Server or Microsoft 365 . To enable SSL authentication between BlackBerry UEM and the Microsoft Exchange Server or Microsoft 365 , select the Use SSL check box. Optionally, select additional certificate checks. In the Proxy type drop-down list, select the type of proxy configuration, if any, that is used between BlackBerry UEM and the Microsoft Exchange Server or Microsoft 365 . If you selected a proxy configuration in the previous step, select the authentication type that is used on the proxy server. If necessary, select Authentication required and type the username and password.

Task

Steps

Connect to

Microsoft 365

using modern authentication

Before you configure

BlackBerry UEM

to use modern authentication, you must generate a certificate that has public and private keys. You can use

OpenSSL

or PowerShell to generate the certificate. For more information, refer to Associate a certificate with the Entra app ID for modern authentication.

Select the

Modern authentication

check box.

In the

Exchange Online connection name

field, type a name for the connection.

Click

Browse

and select the certificate to use for authentication.

In the

Certificate password

field, type the password for the certificate.

Specify your

Entra Application ID

Specify your

Entra organization

Connect to your

Microsoft Exchange Server

Microsoft 365

using basic authentication

In the

Server name

field, type the name of the

Microsoft Exchange Server

Microsoft 365

environment that you want to manage access to.

Type the username and password for the account that you created to manage

Exchange ActiveSync

gatekeeping.

In the

Authentication type

drop-down list, select the type of authentication that is used for the

Microsoft Exchange Server

Microsoft 365

To enable SSL authentication between

BlackBerry UEM

and the

Microsoft Exchange Server

Microsoft 365

, select the

Use SSL

check box. Optionally, select additional certificate checks.

In the

Proxy type

drop-down list, select the type of proxy configuration, if any, that is used between

BlackBerry UEM

and the

Microsoft Exchange Server

Microsoft 365

If you selected a proxy configuration in the previous step, select the authentication type that is used on the proxy server.

If necessary, select

Authentication required

and type the username and password.

Click

Test Connection

to verify that the connection is successful.

Click

Save

Create a gatekeeping profile and assign it to user accounts, user groups, or device groups.

If you configured a

BlackBerry Connectivity Node

server group with one or more active instances of the

BlackBerry Gatekeeping Service

, associate the gatekeeping profile with the appropriate server group. Any user that is assigned that gatekeeping profile can use any active instance of the

BlackBerry Gatekeeping Service

in that server group.

Section:

Controlling which devices can access Exchange ActiveSync for work email and organizer data