What's new in BlackBerry UEM Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM What's New
  3. What's new in BlackBerry UEM

What's new in
BlackBerry UEM

What's new in
UEM
 version 12.19 and
UEM Cloud

Feature
Cloud release date and on-prem version
Description
New OS support
October 2023
12.19
The following operating systems are now supported:
  • iOS
     17: Includes support for RSA-PSS and DH group 32 in VPN profiles and TLS 1.3 in
    Wi-Fi
     profiles
  • Android
     14
JRE 17 required
October 2023
12.19
You must install JRE 17 on the servers where you will install
UEM
, and you must set an environment variable that points to the BB_JAVA_HOME home location.
Connect
UEM
 on-premises to
Entra ID
October  2023
12.19
You can now connect
BlackBerry UEM
 on-premises to
Entra ID
 to create and synchronize users and directory-linked groups.
New
Android Management
 activation types
October  2023
12.19
Three new activation types that support the
Android Management
 API have been added:
  • Work and personal - full control (
    Android Management
     fully managed device with work profile)
  • Work and personal - user privacy (
    Android Management
     with work profile)
  • Work space only (
    Android Management
     fully managed device)
Knox Service Plugin
 policies
October 2023
12.19
You can now configure KSP policies from the Policies and profiles menu in the
UEM
 management console instead of an app configuration.
For more information, see Create a Knox Service Plugin profile.
iOS
 app update dispositions
October 2023
12.19
You can now specify new "Required without updates" or "Optional without updates" dispositions for
iOS
 VPP apps and assign them to users, user groups, device groups, shared device groups, and public device groups. For shared
iPad
 groups you can assign "Required without updates".
iOS
 RSR versions
October 2023
12.19
You can now select an RSR version as the minimum allowed OS version in activation profiles for
iOS
 devices.
New
BlackBerry Dynamics
 profile setting
October 2023
12.19
You can use the new "Allow
WatchOS
 apps" setting to control whether end users can pair their Apple
WatchOS
 apps with
BlackBerry Dynamics
 apps. This setting is off by default.
For more information, see BlackBerry Dynamics profile settings.
Updated compliance variable
October 2023
12.19
You can now use the %ComplianceApplicationList% variable to display the names of restricted apps that are installed on a device in compliance notifications that are sent to users.
For more information, see Default variables.
LDAP directory enhancements (
UEM
  on-premises only)
October 2023
12.19
Paged search results are now supported for LDAP directories.
SIM management enhancement
October 2023
12.19
You can now view the information for multiple SIMs for a device on the Device details screen, including eSIM information.
Enhancements to the Managed device users screen
October 2023
12.19
You can now add the
Bluetooth
 MAC address as an optional field in the Advanced view of the Managed device users screen. You can also export this data from this view.
Export personal apps list
October 2023
12.19
You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date.
Feature enhancements for the
BlackBerry UEM Client
October 2023
12.19
See the
UEM Client
 Release Notes to learn about the latest features:

New in
UEM
 version 12.18 and
UEM Cloud

The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.18 Release Notes or the UEM Cloud Release Notes.
Feature
Cloud release date and on-prem version
Description
Export personal apps list
July 2023
12.18 QF1 
You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date.
Preserve the data plan on
Android
 eSIM devices
May 2023
12.18
UEM
 now provides an option to preserve the data plan on an
Android
 eSIM device when you select the delete all device data command. By default, the data plan information is preserved when you select the delete all device data command.
For more information, see Sending commands to users and devices.
Show last password change in the management console
May 2023
12.18
The date and time of the last time that a user changed the password for the
BlackBerry UEM Client
 or a
BlackBerry Dynamics
 app is now displayed in the devices table and on the device details page. This feature requires a version of the
UEM Client
 or
BlackBerry Dynamics
 apps released in June 2023 or later.
Display information for multiple device SIMs in the management console
May 2023
12.18
If a device has more than one SIM (for example, a physical and eSIM), information for all SIMs is now displayed in the device report. The device details page shows SIM information only for the phone number that has been selected by the user as the default for voice calls.
Feature enhancements for the
BlackBerry UEM Client
May 2023
12.18
See the
UEM Client
 Release Notes to learn about the latest features:

New in
UEM
 version 12.17 and
UEM Cloud

The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.17 Release Notes or the UEM Cloud Release Notes.
Feature
Cloud release date and on-prem version
Description
Export personal apps list
July 2023
12.17 MR1 QF2
You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date.
Preserve the data plan on
iOS
 eSIM devices
February 2023
12.17 MR1
UEM
 now provides an option to preserve the data plan on an
iOS
 eSIM device when you select the delete all device data command. If eSIM information is detected on the device, a pop-up will display asking if you want to preserve the data plan. The default action is to delete the data plan and you have to choose to preserve it.
For more information, see Sending commands to users and devices.
Rapid Security Response support for
iOS
February 2023
12.17 MR1
After a Rapid Security Response (RSR) build has been installed on an
iOS
 16 or later device, the RSR version is displayed in the users table, the device details page, device reports, and exports. You can also select the RSR version as a restricted OS version in compliance profiles.
Activate
Android Enterprise
 devices while on a mobile network
February 2023
12.17 MR1
Android Enterprise
 devices can now be activated when they are using a mobile network. This feature applies only to Work space only (
Android Enterprise
) and Work and personal - full control (
Android Enterprise
) activation types.
Support for multilingual compliance variables in email templates
February 2023
12.17 MR1
You can now use multiple languages (German, Spanish, French, and Japanese) with the following compliance variables in email templates:
  • %ComplianceDynamicsEnforcementAction%
  • %ComplianceDynamicsEnforcementActionWithDescription%
  • %ComplianceEnforcementAction%
  • %ComplianceEnforcementActionWithDescription%
  • %ComplianceRuleViolated%
  • %ComplianceViolationExpiration%
For more information, see Variables.
New
Android
 IT policy rule (
Samsung Knox
)
February 2023
12.17 MR1
Allow screenshots in the work profile to be stored in the personal profile: Specify whether screenshots taken in the work profile can be saved in the personal profile.
For more information, see the Policy reference spreadsheet.
New end user capabilities for
BlackBerry Dynamics
 apps using third-party identity provider credentials
September 2022
12.17
New OS support
September 2022
12.17
This release adds support for devices running:
  • Android
     13
  • iOS
     16
DEP activation enhancements for
iOS
September 2022
12.17
After the
UEM Client
 has been activated on an
iOS
 device that is enrolled in DEP, during any subsequent activation, if there is no device activation password set for the user, the
UEM Client
 displays a message that tells the user how to activate their device.
Export a list of
iOS
 devices not using a hardened channel
September 2022
12.17
You can export a list of devices that are not already using a hardened channel and migrate them so that they use a hardened channel.
BlackBerry Dynamics
 passcode fallback for
iOS
 biometric authentication
September 2022
12.17
A new option, "Permit fallback to device passcode if biometric authentication fails", has been added to the
BlackBerry Dynamics
 profile. This option allows
iOS
 biometric (TouchID/FaceID) authentication to fall back to the device passcode if biometric authentication fails.
App removal enhancements for
Android
September 2022
12.17
For devices that were activated using the
Work space only
 (
Android Enterprise
) activation type, when an app is removed from
Google Play
 or unassigned from a user, the app is removed from the device automatically.
Enhancements for
Chrome OS
 support
September 2022
12.17
  • You can now add a connection to your organization’s
    Google
     domain even when you already have a connection set up. This enables you to set up a connection to manage your organization’s
    Chrome
     devices without removing any connections that you have already set.
  • In an org unit, you can now use the 24-hour time format in the start time fields.
New
iOS
 IT policy rules
September 2022
12.17
  • Allow Mail Privacy Protection: Specify whether mail protection is enabled.
  • Allow Rapid Security Response Installation: Specify whether rapid security response is enabled.
  • Allow Rapid Security Response Removal: Specify whether users can disable rapid security response.
For more information, see the Policy reference spreadsheet.

New in
UEM
 version 12.16 and
UEM Cloud

The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.16 Release Notes or the UEM Cloud Release Notes.
Feature
Cloud release date and on-prem version
Description
Support for
Chrome OS
August 2022
12.16 MR1
UEM
 now supports devices that are running
Chrome OS
. The
Chrome OS
 integration with
BlackBerry UEM
 extends some of the
Chrome OS
 management functionality to
UEM
. You can perform some commands on
Chrome OS
 devices, such as view device report, view device actions, and delete only work data.
Multiple connections for
Entra ID
 conditional access
August 2022
12.16 MR1
You can now configure multiple
Entra ID
 connections for conditional access in a
UEM
 tenant. You can also configure multiple
UEM
 domains to connect to the same
Entra ID
 tenant.
Changes to the on-premises installer
August 2022
12.16 MR1
The
BlackBerry Affinity Manager
,
BlackBerry Dispatcher
, and
BlackBerry MDS Connection Service
 components have been removed from the installation and upgrade process. These components were used only for managing
BlackBerry 10
 devices, which are no longer supported.
For more information about a
BlackBerry Affinity Manager
 disconnected status, see KB 90941.
Support for shared
iPad
 devices
March 2022
12.16
iPad
 devices can now be shared between multiple users. When users sign in with a Managed
Apple
 ID, their data loads and the user has access to their own email accounts, files,
iCloud
 Photo Library, app data, and more.
For more information, see Creating and managing shared iPad groups.
Support for the CryptoTokenKit framework for
iOS
March 2022
12.16
UEM
 now supports the CryptoTokenKit framework for
iOS
 devices so that
BlackBerry Dynamics
 apps can access cryptographic tokens from PKI apps such as Purebred. Support for cryptographic tokens is enabled when you select the “Native keystore” connection option and the
iOS
 platform in the user credential profile. This feature requires apps that use
BlackBerry Dynamics SDK
 10.2 or later.
UTI requirement for Purebred 2.1 (8)
March 2022
12.16
When you use the
Purebred
 app version 2.1 (8) or later, which must be submitted through the Custom App Distribution mechanism, you must update the uniform type identifiers (UTI) that contain underscores (‘_’) to dashes ('-') for the
BlackBerry UEM Client
 app policy.
For example, use
purebred.select.all-user; purebred.select.no-filter; purebred.zip.all-user; purebred.zip.no-filter
. Users may need to reactivate the new
Purebred
 app on their device.
Profile enhancements
March 2022
12.16
Changes to the management console
March 2022
12.16
  • The
    Android
     app license page has been removed from the management console.
  • You must use the Organize Apps functionality in
    Google Play
     iFrame to manage your
    Google Play
     Store layout. You can no longer use the Category drop-down list in the app details to manage your
    Google Play
     Store layout.
New
Android
 IT policy rule
March 2022
12.16
Work apps exempt from VPN: Specify the work apps that are not required to send data over the work connection when "Force work apps to only use VPN" is selected.
For more information, see the Policy reference spreadsheet.
New
iOS
 IT policy rule
March 2022
12.16
Recommended software update cadence (supervised only): Specify how software updates are presented to the user. When there is only one update available, the system shows the update to the user. Otherwise, the updates are displayed in the specified order. This rule applies only to devices running
iOS
 14.5.0 and later.
For more information, see the Policy reference spreadsheet.

New in
UEM
 version 12.15 and
UEM Cloud

The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.15 Release Notes or the UEM Cloud Release Notes.
Feature
Cloud release date and on-prem version
Description
New OS support
September 2021
12.15
This release adds support for devices running:
  • Android
     12
  • iOS
     15
Support for
Entra ID
 conditional access
September 2021
12.15
This release adds support for
Entra ID
 conditional access. The
BlackBerry UEM Client
 with
BlackBerry Dynamics
 enabled or
BlackBerry Work
 can access
Office 365
 when conditional access is enabled.
BlackBerry Infrastructure
 regionalization
September 2021
12.15
This release continues to build on the regionalization features that allow
BlackBerry Dynamics
 traffic to use the
BlackBerry Infrastructure
 instead of the
BlackBerry Dynamics
 NOC by implementing the use of the
BlackBerry Infrastructure
 for the push notification service. Regionalization of the push notification service requires
BlackBerry Dynamics SDK
 version 10.0 or later and
BlackBerry Dynamics
 apps released in February 2020 or later.
Regionalization features are available only on new installations of
UEM
 version 12.12 and later. If you are upgrading from older versions of
UEM
, contact
BlackBerry
 Technical Support to enable these features.
Enhancement to the
BlackBerry Gatekeeping Service
September 2021
12.15
The
BlackBerry Gatekeeping Service
 can now connect to
Active Directory
 using
Microsoft
 Modern Authentication.
Support for
Android
 zero-touch enrollment
September 2021
12.15
You can now connect to an
Android
 zero-touch enrollment configuration from the management console.
New
Android
 IT policy rules
September 2021
12.15
  • Allow changing
    Wi-Fi
     networks: Specify whether the user can set up connections to
    Wi-Fi
     networks other than the one specified by the
    Wi-Fi
     profile.
  • Allowed personal apps from
    Google Play
    : Specify the apps that users can install from
    Google Play
     in the personal space. This rule does not block users from installing apps in the personal space using a method other than
    Google Play
    .
  • Personal apps: Specify the package IDs for the apps that you want to block or allow in the personal space.
  • Limit length of time work profile can be turned off: Specify whether users must turn on the work profile after a specified time limit to continue using the device. If the work profile is turned off longer than the specified time period, personal apps are disabled and the device displays a notification.
  • Maximum off-time: Specify the maximum number of hours that the user can keep the work profile turned off.
For more information, see the Policy reference spreadsheet.
New
iOS
 IT policy rules
September 2021
12.15
  • Allow Apple Watch to unlock device: Specify whether users can unlock the device from a paired Apple Watch.
  • Allow dictation to be sent to
    Siri
     servers: Specify whether the device can send dictation audio to
    Siri
     servers for the purpose of improving dictation results.
  • Allow NFC (supervised only): Specify whether a device can use NFC.
  • Allow restart to recovery mode from untrusted host (supervised only): Specify whether users can restart the device into recovery mode from any host computer. If this rule is not selected, the device can only be restarted into recovery mode from computers that the device has previously trusted.
  • Allow translation to be sent to Siri servers: Specify whether the device can send translation audio to
    Siri
     servers for the purpose of improving translation results.
  • Allow
    Wi-Fi
     connections only to specified networks (supervised only): Specify whether devices can connect only to
    Wi-Fi
     networks specified by a
    Wi-Fi
     profile.
  • Allow copy and paste between documents from managed and unmanaged sources: Specify whether copy and paste of content between documents from managed and unmanaged sources respects the settings for the "Allow documents from managed sources in unmanaged destinations" and "Allow documents from unmanaged sources in managed destinations" rules.
For more information, see the Policy reference spreadsheet.

New in
UEM
 version 12.14 and
UEM Cloud

The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.14 Release Notes or the UEM Cloud Release Notes.
Feature
Cloud release date and on-prem version
Description
Upgrade support
April 2021
12.14
This release supports upgrades from
UEM
 version 12.12 and later.
Migration support
April 2021
12.14
This release supports migration from
UEM
 version 12.12 and later and from
Good Control
 version 5.0.
Deploy apps in development from
Google Play
April 2021
12.14
Google Play
 allows developers to create tracks for prerelease apps (for example, a beta track) and target those tracks to specific enterprises. If a developer has targeted prerelease apps to your organization, you can now select which app track to deploy when assigning an app to a user, group, or device.
Deprecation of
Android
 MDM controls
April 2021
12.14
Android
 10 and later devices do not support MDM controls activations. By default, new installations of
UEM
 no longer display
Android
 MDM controls as an option in the activation profile. A new
UEM
 setting allows you to remove the
Android
 MDM controls option from the activation profile on upgraded
UEM
 instances.
Android Enterprise
 device logging
April 2021
12.14
You can view security logs for
Android Enterprise
 devices that have been activated using an
Android Enterprise
 activation type.
Support for new
iOS
 features
April 2021
12.14
This release includes new settings to manage capabilities for
iOS
 14 and
iPadOS
 14. Updates include per account VPN settings (for email, IMAP/POP3, CardDav, and CalDav profiles), a new DNS profile, additional Wi-Fi and VPN settings, and the ability to send a command to set the device time zone.
Enhancements for
BlackBerry Dynamics
 apps
April 2021
12.14
  • Defer certificate enrollment for
    BlackBerry Dynamics
     apps: Previously, users could not access a
    BlackBerry Dynamics
     app unless they completed the certificate enrollment process. You can now enable a setting in user credential profiles that allows users to dismiss certificate enrollment and complete it later. For more information, see Sending client certificates to devices and apps using user credential profiles.
  • Activate devices using third-party IDP: You can use
    UEM
     and
    BlackBerry Enterprise Identity
     to redirect authentication to a third-party Identity Provider (IDP), such as
    Okta
     or
    PingFederate
    , which provides users with a familiar authentication interface. This allows users to enter their existing credentials on their device during activation. For more information, see Using authenticator level ranking and authentication policies to manage security.
Deprecation of client credentials authentication for Intune
April 2021
12.14
The client credentials authentication method for
Microsoft Intune
 has been removed in this release. For existing servers that have been upgraded to
UEM
 12.14, the administrator must take action to migrate the configuration to use modern authentication. New integrations created in
UEM
 12.14 or later will not have the client credentials option available.
For more information, see KB 80612.
New
Android
 IT policy rule
April 2021
12.14
Apps allowed to request cross-profile access: Specify which apps can request permission from the user to access data in both the work and personal profiles.
For more information, see the Policy reference spreadsheet.