BlackBerry Dynamics
profile settings

profiles are supported on the following device types:

iOS

macOS

Android

Windows

BlackBerry Dynamics profile setting	Description
Configuration
Require device management to use BlackBerry Dynamics apps	This setting specifies whether a device must be activated with MDM to use BlackBerry Dynamics apps.
Enable UEM Client to enroll in BlackBerry Dynamics	If a device is using the BlackBerry UEM Client , this setting specifies whether BlackBerry Dynamics manages the activation of BlackBerry Dynamics apps and whether BlackBerry Dynamics apps can be used on the device. If this option is not selected, BlackBerry Dynamics apps could be removed from the device because the device will not be enabled for BlackBerry Dynamics . If you do not plan to use BlackBerry Dynamics in your environment, do not select this setting.
Enable BlackBerry Dynamics Launcher in UEM Client	This setting specifies whether the BlackBerry Dynamics Launcher icon appears in the UEM Client .
Enable BlackBerry Dynamics Launcher first time setup	When the BlackBerry Dynamics Launcher is enabled in the UEM Client and appears for the first time, this setting specifies whether the tutorial appears.
Start Entra Conditional Access enrollment after authentication broker is installed	If you configure Entra ID conditional access, you can enable this setting to delay the conditional access enrollment process until the Microsoft Authenticator app is installed on the device. This setting is turned off by default. If enabled, after the Microsoft Authenticator app is installed, the conditional access enrollment process is initiated when the user opens the UEM Client . On Android devices, if the work profile is unlocked, the UEM Client will prompt the user to open the UEM Client to start the conditional access enrollment. This option does not apply to Android devices with the User privacy activation type (it does apply to devices with Android Enterprise user privacy and Android Management user privacy). For User privacy devices, conditional access enrollment is always initiated after the device is activated with UEM .
Password
Password expiration	This setting specifies whether the password for a BlackBerry Dynamics app expires and the number of days a password remains valid before it expires.
Do not allow previous passwords	This setting specifies whether previous passwords can be used and the maximum number of previous passwords that cannot be used for a BlackBerry Dynamics app.
Minimum password length	This setting specifies the minimum length of the password for a BlackBerry Dynamics app.
Allowed occurrences of a character	This setting specifies how many times a character can appear in a password for a BlackBerry Dynamics app.
Require both letters and numbers	This setting specifies whether the password must contain both letters and numbers for a BlackBerry Dynamics app.
Require both uppercase and lowercase	This setting specifies whether the password must contain both uppercase and lowercase letters for a BlackBerry Dynamics app.
Require at least one special character	This setting specifies whether the password must contain at least one special character for a BlackBerry Dynamics app.
Do not allow sequences of more than two numbers	This setting specifies whether the password can contain more than two sequential numbers (for example,1, 2, 3) for a BlackBerry Dynamics app.
Do not allow more than one password change per day	This setting specifies whether a password can be changed more than once every 24 hours for a BlackBerry Dynamics app.
Do not allow personal information	This setting specifies whether the following personal information can be used in a password for a BlackBerry Dynamics app: The user's first and last names (excluding initials) as recorded in Active Directory The part of an email address before the @ sign.
Do not allow password entry if screen overlay detected on Android devices	This setting specifies whether a password can be entered in a BlackBerry Dynamics app when screen overlay is detected.
Allow Biometrics	This setting specifies whether BlackBerry Dynamics apps can be unlocked using biometric input when they are already open in the app switcher on iOS devices.
Enable Touch ID and Face ID when the device or app restarts	This setting specifies whether BlackBerry Dynamics apps can be unlocked using the selected biometric input methods when they are opened for the first time after a device restarts.
Require password to be re-entered and disable Touch ID and Face ID	This setting specifies a period of time after which users must enter a password to unlock a BlackBerry Dynamics app and re-enable Touch ID , Face ID , or both.
Permit fallback to device passcode if biometric authentication fails	This option allows iOS biometric (TouchID/FaceID) authentication to fall back to the device passcode if biometric authentication fails.
Allow Android biometric authentication	This setting specifies whether BlackBerry Dynamics apps can be unlocked using any device-supported biometric authentication method. If this option is not selected, all Android biometric authentication features are blocked, including fingerprint, iris, and face recognition.
Enable Android biometric authentication after the device or app restarts	This setting specifies whether BlackBerry Dynamics apps can be unlocked using biometric authentication when they are opened for the first time after a device restarts.
Require password to be re-entered and disable Android biometric authentication	This setting specifies a period of time after which users must enter a password to unlock a BlackBerry Dynamics app and re-enable Android biometric authentication.
Do not require password	These settings specify whether a user can access a BlackBerry Dynamics app without entering a password.
Blocked password list
Blocked password file (.txt)	This setting specifies a list of banned passwords. You can download the previously uploaded list of banned passwords. Passwords in the list must meet the following requirements: each password must be separated by a hard return, only UTF-8 characters are supported, and passwords must be 14 characters or less.
Lock screen
Require password when BlackBerry Dynamics apps start	This setting specifies whether a password is required each time a BlackBerry Dynamics app is started. If you are using authentication delegation, do not select this option.
Require password after period of inactivity	This setting specifies the period of inactivity that must elapse before a password is required.
Take action after invalid password attempts	This setting specifies whether there is a limit to the number of times that a user can enter an incorrect password. If you select this rule, specify the number of times that a user can enter an incorrect password and the action that occurs after the limit has been reached.
Wearables
Allow WatchOS apps	This setting allows end users to pair their Apple WatchOS apps with the supported BlackBerry Dynamics apps on their iOS device.
Allow wearables	This setting is deprecated in UEM version 12.19 and later. This setting specifies whether BlackBerry Dynamics apps can be used on an Android wearable device. If you select this rule, specify how much time must elapse before the wearable device is disconnected and whether the wearable can reconnect automatically.
App authentication delegation ( iOS and Android only)
App	You can designate a BlackBerry Dynamics app to act as the authentication delegate on behalf of other other BlackBerry Dynamics apps so that users do not have to create a password for each BlackBerry Dynamics app that they install. After an authentication delegate is configured, each time a user opens a BlackBerry Dynamics app, the device displays the password screen for the authentication delegate instead of the app that they are attempting to open. After the user enters the password for the authentication delegate, the user can open the BlackBerry Dynamics app. You can choose any app to be the authentication delegate for other apps, but it is recommended that you choose your most commonly used app to be the primary authentication delegate to provide the most seamless experience for the user. As a best practice, it is recommended that you set only one authentication delegate. This prevents unnecessarily complex and undesirable authentication delegate switching and simplifies administrative management. If a user accidentally deletes the authentication delegate, they must reinstall it. If more than one authentication delegate is required, for example, the primary authentication delegate does not exist for a given platform and an alternate delegate is configured, refer to the following recommendations to make sure that BlackBerry Dynamics apps are successfully installed and activated: Users should always install the primary authentication delegate first and they should not activate it using an already installed, alternate authentication delegate app. If the user already has an alternate authentication delegate installed and in use, and then later installs the primary authentication delegate, they need to make sure that the existing, installed authentication delegate is in an unlocked state to successfully complete the authentication. If the alternate authentication delegate has been force closed, the user will encounter various errors and may be blocked. Users must not delete the currently installed authentication delegate after they install their primary authentication delegate. Apps that are currently using that authentication delegate will need to automatically switch to the new authentication delegate when the app is next launched in online mode. If the primary authentication delegate is deleted, users should reactivate the authentication delegate using an access key. If they attempt to activate the authentication delegate with any other app, it may cause various errors. Even if the Allow self-authentication when no authentication delegate application is detected option is selected, or if an app that is designated as a secondary or tertiary authentication delegate is installed, there is no fallback mechanism to allow apps to change the authentication delegate without the original authentication delegate being installed and unlocked. Select the Allow self-authentication when no authentication delegate application is detect option if you want to allow the user to authenticate the app when an authentication delegate is not installed on a device.
Background activity ( iOS and Android )	This setting enables background process restarts if the operating system has terminated the application process. When enabled, an app may use secure networking and storage in the background after receiving a push notification. This feature requires a version of the BlackBerry Dynamics apps released in early 2025 or later.
Data leakage prevention
Do not allow copying data from BlackBerry Dynamics apps into non- BlackBerry Dynamics apps	This setting specifies whether users can copy data from BlackBerry Dynamics apps into non- BlackBerry Dynamics apps.
Character limit for cut and copy	This setting specifies the character limit for copying and cutting in a BlackBerry Dynamics app. This feature requires a version of the BlackBerry Dynamics apps released in early 2025 or later.
Do not allow copying data from non- BlackBerry Dynamics apps into BlackBerry Dynamics apps	This setting specifies whether users can copy data from non- BlackBerry Dynamics apps to BlackBerry Dynamics apps. If you are using an app-based PKI solution such as Purebred , do not select this option.
Writing and AI tools
Allow Apple Intelligence in-app writing tools	This setting specifies whether iOS users are able to access built-in Apple Intelligence writing tools within BlackBerry Dynamics apps. This setting is enforced only if the following data leakage prevention setting is enabled in the profile: "Do not allow copying data from BlackBerry Dynamics apps into non- BlackBerry Dynamics apps". If this DLP setting is not selected, Apple Intelligence writing tools are allowed in BlackBerry Dynamics apps. Note that if you turn off the IT policy rule "Allow writing tools (supervised only)" in the assigned IT policy, writing tools will be blocked for all apps on supervised iOS devices, regardless of the configuration of this setting in the BlackBerry Dynamics profile. By default, the "Allow writing tools (supervised only)" IT policy rule is enabled.
Screen capture and sharing
Do not allow screenshots ( iOS )	This setting specifies whether users can take screenshots in BlackBerry Dynamics apps on iOS devices. If you enable this setting, when a device user tries to take a screenshot in a BlackBerry Dynamics app, a blank image with the following message is saved instead: "Your organization prevents screenshots being taken within this app." This option is supported for BlackBerry Dynamics apps that use BlackBerry Dynamics SDK 12.1 and later, and replaces the iOS screen capture detection rule in compliance profiles. BlackBerry recommends using this profile setting and disabling the iOS screen capture compliance rule. The compliance rule will be deprecated in a future UEM release.
Do not allow screen recording and sharing on iOS devices	This setting specifies whether an iOS user can use screen sharing or recording in a BlackBerry Dynamics app.
Do not allow screen capture and insecure video output ( Android )	This setting specifies whether Android device users can take screen captures and record insecure video in BlackBerry Dynamics apps.
Dictation and custom keyboards
Do not allow dictation ( iOS and Android )	This setting specifies whether users can use voice dictation with BlackBerry Dynamics apps. This setting applies to application-specific uses of voice dictation and might not apply to the keyboard, which can allow dictation through other channels.
Do not allow custom keyboards ( iOS and Android )	This setting specifies whether iOS or Android users can use custom keyboards in BlackBerry Dynamics apps.
Enable Android keyboard restricted mode	This setting specifies whether personalized learning is disabled on Android keyboards. This setting is only applicable to keyboards that support turning off the personalized learning feature.
Transfer files
Open files unencrypted in other selected non-Dynamics apps	This setting specifies whether users are allowed to share files to a list of non- BlackBerry Dynamics apps. This feature requires a version of the BlackBerry Dynamics apps released in early 2025 or later.
Open in selected apps	This setting specifies which non- BlackBerry Dynamics apps are allowed to open files shared from BlackBerry Dynamics apps. This feature requires a version of the BlackBerry Dynamics apps released in early 2025 or later.
Encryption of data
Enable FIPS	This setting specifies whether compliance with U.S. Federal Information Processing standard 140-2 is enforced. Federal Information Processing Standards (FIPS) are U.S. government regulations regarding computing and computing security. When you enable FIPS compliance, the major effect is on associated applications. Enabling FIPS compliance enforces the following constraints in conformance with FIPS: MD4 and MD5 are prohibited by FIPS, which means that access to NTLM- or NTLM2-protected web pages and files is blocked. Wrapped applications are blocked. In secure socket key exchanges with ephemeral keys, with servers that are not configured to use Diffie-Hellman keys of sufficient length, BlackBerry Dynamics retries with static RSA cipher suites.
Certificates
Trusted Certificate Authorities	This setting specifies whether BlackBerry Dynamics apps can get certificates from the device certificate store.
Detailed logging
Enable detailed logging for BlackBerry Dynamics apps	This setting specifies whether log files can be generated and uploaded from BlackBerry Dynamics apps.
Prevent users from turning on detailed logging in BlackBerry Dynamics apps	This setting specifies whether users can turn on the ability to generate and share detailed log files from BlackBerry Dynamics apps.
Agreement
Enable an agreement message for BlackBerry Dynamics apps	This setting specifies whether to display a message in BlackBerry Dynamics apps that the user must acknowledge. If authentication delegation is enabled, the message is displayed only in the authenticator app. If you select this rule, complete the following actions: Specify if the message is displayed each time the app is unlocked, otherwise the message is only displayed the first time the user opens the app. In the Message field, create the message that you want to display. On Android devices, only the first 4000 characters are displayed.

Section:

Controlling BlackBerry Dynamics on users devices

BlackBerry Dynamics profile settings

BlackBerry Dynamics
profile settings