Fixed issues in

UEM

12.23 and

UEM Cloud

If you upgraded the computers that host UEM to use JRE 17.0.18 or later, the BlackBerry Secure Connect Plus service did not start and remained in paused state. For more information, see KB 141054. (EMM-159587)

If you tried to import the latest IT policy pack, an error displayed and the policy pack was not imported successfully. (EMM-159579)

After upgrading to UEM version 12.23, an attempt to log in to the management console might have failed due to an authentication issue. (EMM-159152)

The following changes have been made to ACME profiles:

The "Use device serial number as the client identifier" option has been added.
If the Key algorithm is set to ECSECPrimeRandom and the ECC strength is set to P256 or greater, the "Private key is bound to the device" option is available.
If "Private key is bound to the device" is enabled, the "Provide attestations to the ACME server" option is available.

For more information, see Send client certificates to devices using ACME. (EMM-159275)

This QF release adds many new IT policy rules for macOS device and user restrictions. macOS password restrictions now apply to both the device and user. See the macOS tab in any new or existing IT policy to view tool tip descriptions for each rule. After you upgrade to QF2 or after the UEM Cloud update, you must edit existing IT policies and save them (you do not have to make any changes) to ensure that macOS user and device restriction rules are properly delivered to devices. (EMM-159027)

If you edited a Microsoft Intune app protection profile and you used the option to add Intune apps by selecting them from a list, the available apps did not display in the app list. (EMM-159018)

When a Apple DEP user that was added to UEM from a company directory tried to activate their device with a password, the activation did not complete successfully. (EMM-159508)

If you assigned a VPP app to a user as unmanaged (disposition set to optional, target set to personal, associated a user license), the VPP app was installed as managed instead. This is resolved in QF2 and the UEM Cloud February 2026 update; for any users that had this assignment prior to the upgrade or UEM Cloud update, you must remove the VPP app assignment to remove the app, then assign the VPP app to users again. (EMM-159507)

If you configured Knox Mobile Enrollment, when a user tried to activate their device with UEM using their Active Directory credentials, the activation did not complete successfully. (EMM-159496)

This QF release adds the "Allow video conferencing remote control" IT policy rule, supported for devices with iOS 18.4 and later. This rule controls whether a remote FaceTime session can request control of the device. By default, this rule is enabled. (EMM-159484)

If you enabled the "Non-assigned app is installed" compliance rule in the assigned compliance profile, iOS 26 devices were reported as out of compliance because system apps were incorrectly identified as non-assigned apps. (EMM-159462)

If you assigned both required VPP apps and more than one optional personal VPP app to an iOS device user, the required apps were not installed automatically on the user's device. (EMM-159450)

When a user tried to install an iOS VPP app, the app might not have installed due to a request timeout issue. (EMM-159224)

If you tried to use BlackBerry Web Services Applications routes (/api/v1/applications), Active Directory authentication failed, preventing access to the APIs. (EMM-159474)

When you used the GET /{tenantGuid}/api/v1/exchangeConfigurations API, the modernAuthentication value would always return false even if modern authentication was configured. (EMM-159049)

After upgrading to

UEM

12.23, if you did not edit and save an IT policy after the upgrade, the policy was not delivered as expected to

iOS

devices. (EMM-159228)

After you installed or upgraded to

UEM

12.23, if you tried to create or change a directory synchronization schedule, the management console might have stopped responding when you clicked Add, and the synchronization schedule was not saved. (EMM-159169)

In certain circumstances, after you installed

UEM

version 12.22 and you tried to log in to the management console for the first time, the authentication process might have taken longer than expected and might have stopped with a "Login failed" error message. (EMM-157944)

If you added a user to

UEM

and you did not enable the user for device management, you did not have to associate an email address with the user. If you later enabled that user for device management and you tried to migrate the user to a different

UEM

domain (Settings > Migration), the following error occurred because the user did not have an email address: “An error was encountered. The user cache could not be refreshed.” (EMM-157491)

When you enable a user for device management, if the user does not have an email address, an error message now prompts you to add an email address for the user before device management can be enabled.

When you enabled a

Chrome OS

user in the management console, the user was successfully enabled, but an error message indicated that the action could not be performed. (EMM-157206)

When you viewed managed devices in the console, for

Chrome OS

devices, the

Chrome OS

icon did not display as expected in the OS column. (EMM-157196)

If you assigned a SCEP profile with a key size of 3072 (the default setting), the profile did not apply as expected to

iOS

devices. The default key size is now 4096. (EMM-158628)

If you configured directory synchronization and enabled offboarding, when a user with more than one device activated with a user privacy activation type was supposed to be offboarded from

UEM

, the offboarding process did not complete successfully. (EMM-158001)

If you used a .csv file to import directory user accounts into

UEM

, and you used the Directory UID column to specify a unique ID that

UEM

could use to validate each directory user (instead of each user's email address), if any of the Directory UID values were not valid, the import process did not complete and no users are imported. (EMM-157829)