Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.21
  3. UEM Overview and Architecture
  4. Data flows: Activating devices and BlackBerry Dynamics apps
  5. Data flow: Activating a Windows 10 device

Data flow: Activating a 
Windows 10
 device

Diagram showing the steps and components mentioned in the following data flow.
  1.  You perform the following actions:
    1. Configure the discovery service to simplify 
      Windows 10
       activations
    2. Add a user to 
      BlackBerry UEM
       as a local user account or using the account information retrieved from your company directory
    3. Use one of the following options to provide the user with activation details:
      • Automatically generate a device activation password and send an email with activation instructions for the user.
      • Set a device activation password and select the option to send the activation information to the user by email.
      • Don't set a device activation password and communicate the 
        BlackBerry UEM Self-Service
         address to the user so that they can set their own activation password and view their server address.
    4. Provide the user a CA certificate generated by 
      BlackBerry UEM
       to install on their device
  2. The user completes the following actions on their device:
    1. Checks that the device has Internet connectivity on port 443
    2. Opens and installs the certificate
    3. Navigates to Settings > Accounts > Work access and taps Connect
    4. When prompted, enters their email address and activation password they received on the activation email
  3. The device establishes a connection to the discovery service that you configured to simplify 
    Windows 10
     activations in your organization.
  4. The discovery service checks that the SRP ID for the 
    BlackBerry UEM
     server is valid and redirects the device to 
    BlackBerry UEM
    .
  5. The device sends an activation request to 
    BlackBerry UEM
     on port 443. The activation request includes the username, password, device operating system, and unique device identifier.
  6. BlackBerry UEM
     performs following actions:
    1. Inspects the credentials for validity
    2. Creates a device instance
    3. Associates the device instance with the specified user account in the 
      BlackBerry UEM
       database
    4. Adds the enrollment session ID to an HTTP session
    5. Sends a successful authentication message to the device
  7. The device creates a CSR and sends it to 
    BlackBerry UEM
     over HTTPS. The CSR contains the username and activation password. 
  8. BlackBerry UEM
     validates the username and password, validates the CSR, and returns the client certificate and the CA certificate to the device.
    All communication between the device and 
    BlackBerry UEM
     is now mutually authenticated end to end using these certificates.
  9. The device requests all configuration information.
  10. BlackBerry UEM
     stores the device information in the database and sends configuration information to the device.
  11. The device sends an acknowledgment to 
    BlackBerry UEM
     that it received and applied the configuration information. The activation process is complete.