What's new in BlackBerry UEM
BlackBerry UEM
Starting in March 2025,
BlackBerry
will migrate BlackBerry
Dynamics
services to new domains and IP address ranges. To ensure that there are no disruptions to your BlackBerry
Dynamics
services, you must update your firewall configuration to allow connections to the new domains and IP ranges, in addition to the existing domains and IP ranges that you have allowed for UEM
. For more information, see the new domains and IP ranges for March 2025 and later in the following sections of the UEM
Planning Guide:
What's new in UEM version 12.21 and UEM Cloud
UEM
version 12.21 and UEM Cloud
Feature | Cloud release date and on-prem version | Description |
---|---|---|
Support for Intercede MyID | November 2024 12.21 | This release supports the use of the Intercede MyID PIV credential management solution to provide derived credentials certificates to devices activated on UEM .For more information, see Use Intercede MyID to provide derived credentials certificates to devices. |
Install the BlackBerry Connectivity Node using the command line | November 2024 (cloud only) | You can now install the BlackBerry Connectivity Node for a UEM Cloud environment using the command prompt.For more information, see Install the BlackBerry Connectivity Node for UEM Cloud using the command prompt. |
Create local users administrator permission | November 2024 12.21 | This release includes a new Users and Devices permission, Create local users, that controls whether an administrator account can create local users. Create local users is enabled by default for the Security Administrator, Enterprise Administrator, and Senior HelpDesk roles. The Create local users permission can be enabled only if the Create users permission is also enabled. After you upgrade to UEM 12.21, custom roles that you created previously will not have the Create local users permissions by default, you must assign it manually.For more information, see Permissions for preconfigured administrative roles. |
Enhancements to BlackBerry
Dynamics profiles | November 2024 12.21 | BlackBerry
Dynamics profiles feature the following enhancements:
For more information, see BlackBerry Dynamics profile settings. |
Changes to OS support | November 2024 12.21 | This release adds support for the following device operating systems:
For more information, see the Mobile device OS compatibility matrix. |
New iOS IT policy rules | November 2024 12.21 | The following IT policy rules have been added for iOS devices.Device functionality ( iOS 17.4 or later): Allow auto dim (supervised only)Device functionality ( iOS 18.0 or later):
Device functionality ( iOS 18.1 or later):
Apps ( iOS 18.0 or later):
Apps ( iOS 18.2 or later): Allow default browser modification (supervised only)Security and privacy ( iOS 18.0 or later): Allow writing tools (supervised only)Security and privacy ( iOS 18.2 or later):
For more information, see the Policy reference spreadsheet. |
New Android IT policy rule to control Circle to Search | November 2024 12.21 | The "Allow Circle to Search" IT policy rule allows you to control whether Circle to Search functionality is enabled in the work profile. The rule is enabled by default and applies to devices running Android OS 15 or later. This rule requires the UEM Client for Android version 12.45.x or later.For more information, see the Policy reference spreadsheet. |
Changes to IT policy rules | November 2024 12.21 | The IT policy rule "Allow screenshots in the work profile to be stored in the personal profile" is not supported for devices with Android 15 or later. |
Enhancement to encrypting the connection between UEM and Microsoft SQL
Server | 12.21 (on-prem only) | Previously, you could encrypt the connection only after installing UEM . In this release you can set up an encrypted connection when you install or upgrade UEM using the command prompt.For more information, see Install or upgrade BlackBerry UEM using the command prompt window. |
Support for group Managed Service Accounts | November 2024 12.21 | This release adds support for using a group Managed Service Account (gMSA) to install or upgrade UEM and to run the UEM services. When installing or upgrading UEM on-premises, you can now select an option to use a gMSA.For more information, see the UEM Installation and Upgrade Guide. |
Designate iOS and OS X apps as Work or Personal | November 2024 12.21 | When you assign iOS or OS X apps to a user or group, you can configure a new Target field to designate the app as "Work" (default) or "Personal". This field allows you to differentiate the type of app in the management console. This setting does not impact how the app is installed or managed on the device. |
Enhancement to the device vulnerabilities view | November 2024 12.21 | The device vulnerabilities view now allows you to search and filter by a specified CVE number to see the device operating systems that are impacted by that CVE. For more information, see View mobile OS vulnerabilities. |
Copy app configurations | November 12.21 | You can now copy and modify an existing app configuration. For more information, see Manage settings for a BlackBerry Dynamics app. |
Enhancements to app configurations for BlackBerry
Dynamics apps | November 2024 12.21 | The following enhancements have been made to the app configuration UI for BlackBerry
Dynamics apps:
|
Support for Samsung Knox 3.11 with Android Enterprise activation types | November 2024 12.21 | This release adds support for Android Enterprise activation types on Android 15 with Samsung Knox 3.11.For more information, see the UEM compatibility matrix. Note that the MDM controls activation type is no longer supported for Samsung Knox devices with Android 15 or later. |
Enhancement to compliance profiles | November 2024 12.21 | Compliance prompts for BlackBerry
Dynamics apps are now supported for the following compliance rules:
Compliance prompts for these settings require the most recent release of BlackBerry
Dynamics apps (October 2024 or later for iOS , November 2024 or later for Android ). |
Changes to supported Android activation types for dark site environments | November 2024 12.21 | There are changes to the supported Android activation types in a dark site environment.For more information, see Installing or upgrading BlackBerry UEM in a dark site environment. |
Feature enhancements for the BlackBerry UEM Client | November 2024 12.21 | See the UEM Client Release Notes to learn about the latest features:
|
Feature enhancements for the BlackBerry Web
Services | November 2024 12.21 | See the BlackBerry Web Services Release Notes to learn about the latest features. |
What's new in UEM version 12.20 and UEM Cloud
UEM
version 12.20 and UEM Cloud
Feature | Cloud release date and on-prem version | Description |
---|---|---|
IT policy pack for new iOS and Android rules | 12.20 (on-premises only) | The latest IT policy pack (October 2024) includes the following new IT policy rules: Android The "Allow Circle to Search" IT policy rule allows you to control whether Circle to Search functionality is enabled in the work profile. The rule is enabled by default and applies to devices running Android OS 15 or later. This rule requires the UEM Client for Android version 12.45.x or later.iOS Device functionality ( iOS 17.4 or later): Allow auto dim (supervised only)Device functionality ( iOS 18.0 or later):
Device functionality ( iOS 18.1 or later):
Apps ( iOS 18.0 or later):
Security and privacy ( iOS 18.0 or later): Allow writing tools (supervised only) |
Compliance events view | June 2024 12.20 | This release introduces a new compliance events view in the management console that allows you to monitor and track the compliance events that UEM detects across iOS , Android , macOS , and Windows devices, including compliance events for CylancePROTECT Mobile features.For more information, see Monitor compliance events. |
CylancePROTECT Mobile enhancements | June 2024 12.20 |
|
New IT policy rules to manage iOS software updates | June 2024 12.20 | The "Automatically update device OS (supervised only)" IT policy rule has been added to the “Software updates” group on the iOS tab to provide new options to manage iOS software updates on devices. When you enable this rule, you can enable or disable the following sub-rules (enabled by default):
You can set the Update schedule to Immediate or you can specify the update schedule. The "Automatically update device OS (supervised only)" rule and sub-rules are supported for iOS devices with the MDM controls activation type.For more information, see the Policy reference spreadsheet. |
Schedule OS updates on supervised iOS devices | June 2024 12.20 | You can now schedule the date and time of OS updates for one or more supervised iOS devices.For more information, see Update the OS on supervised iOS devices. |
Include devices in a device group based on pending OS updates | June 2024 12.20 | When you add or make changes to a device group, you can specify the new device query option “Pending OS update age (days)” to include devices in the device group based on whether pending OS updates have not been installed within a specified number of days. For more information, see Parameters for device groups. |
Changes to IT policy rules for Android password complexity | June 2024 12.20 |
When users upgrade the UEM Client to version 12.44.0.157981 or later, if the device and work passwords do not meet the requirements set by an administrator in the IT policy, users will be prompted to set the device and work passwords according to the IT policy rules.For more information, see the Policy reference spreadsheet. |
Changes to compliance profiles | June 2024 12.20 |
For more information, see Create a compliance profile. |
New option when activating devices with Entra ID conditional access | June 2024 12.20 | The BlackBerry
Dynamics profile includes a new option that allows you to delay conditional access enrollment for a user until the Microsoft Authenticator app is installed on the user’s device.For more information, see Configuring BlackBerry UEM as an Intune compliance partner in Entra and BlackBerry Dynamics profile settings. |
Prevent screenshots in BlackBerry
Dynamics apps for iOS | June 2024 12.20 | If you want to prevent users from taking screenshots in BlackBerry
Dynamics apps on iOS devices, you can enable the new "Do not allow screenshots on iOS devices" option in the BlackBerry
Dynamics profile that is assigned to users.If a device user tries to take a screenshot in a BlackBerry
Dynamics app after this option is enabled, a blank image with the following message is saved instead: "Your organization prevents screenshots being taken within this app."This option is supported for BlackBerry
Dynamics apps that use BlackBerry Dynamics SDK 12.1 and later (apps released in June 2024 or later), and replaces the iOS screen capture detection rule in compliance profiles. BlackBerry recommends using the new profile setting and disabling the compliance rule. The compliance rule will be deprecated in a future UEM release.For more information, see BlackBerry Dynamics profile settings. |
Encrypt communication between UEM and Microsoft SQL
Server | 12.20 (on-prem only) | You can encrypt the connection and communication between UEM on-premises and Microsoft SQL
Server . By default, the connection is not encrypted.For more information, see Encrypt the connection between BlackBerry UEM and Microsoft SQL Server. |
Web proxy support for Android Enterprise devices that use BlackBerry Secure Connect Plus | June 2024 12.20 | Apps on Android Enterprise devices that use BlackBerry Secure Connect Plus can now use a web proxy server. You configure the web proxy using a proxy profile and select the proxy profile in the enterprise connectivity profile that you use to configure and enable BlackBerry Secure Connect Plus .For more information, see Android: Enterprise connectivity profile settings. |
Apple managed device attestation | June 2024 12.20 | You can now enable Apple managed device attestation to ensure that only authorized and uncompromised devices are being used in your organization. During attestation, the device's properties (for example, its serial number) or identifiers are verified to be legitimate and not spoofed. This feature requires unsupervised devices to be running iOS 16 or iPadOS 16.1 or later. For supervised devices, iOS 17 or iPadOS 17 or later is required. .
For more information, see Configure attestation for iOS devices. |
Updates to the Microsoft Intune app protection policy | June 2024 12.20 | The Microsoft Intune app protection policy has been updated in the management console to include some of the latest app policies.For more information, Create a Microsoft Intune app protection profile. |
Support for Samsung Knox 3.10 with Android Enterprise activation types | June 2024 12.20 | This release adds support for Android Enterprise activation types on Android 14 with Samsung Knox 3.10.For more information, see the UEM compatibility matrix. |
Changes to OS support | June 2024 12.20 | This release will no longer support the following device operating systems:
For more information, see the Mobile device OS compatibility matrix. |
Changes to supported activation types | June 2024 12.20 |
|
Support for different home and lock screen wallpapers on supervised iOS devices | June 2024 12.20 | This release includes new options in the device profile to specify different wallpaper for the home and lock screens on supervised iOS devices. For more information, see Create a device profile. |
Show or hide the BlackBerry Dynamics Launcher in the UEM Client | June 2024 12.20 | In the BlackBerry
Dynamics profile, you now have the option to show or hide the BlackBerry Dynamics Launcher in the UEM Client :
For more information, see BlackBerry Dynamics profile settings. |
Add a customizable text banner to the management console | June 2024 12.20 | You can now add a customizable text banner that is displayed in the top-right header on every page in the management console. You can use this banner to display important information for all administrators that use the console (for example, you can display the information for the UEM tenant).For more information, see Add a text banner to the management console. |
View mobile OS vulnerabilities | June 2024 12.20 | The new device vulnerabilities screen in the management console allows you to view a list of Common Vulnerabilities and Exposures (CVE) for any mobile OS that is used in the UEM environment.For more information, see View mobile OS vulnerabilities. |
Changes to Kerberos Constrained Delegation (KCD) for BlackBerry
Dynamics apps | 12.20 (on-prem only) | If you configured KCD for BlackBerry
Dynamics apps, you must create and configure a krb5.conf file with specific minimum settings to continue supporting this feature in UEM 12.20 and later.If your organization uses a multi-realm Kerberos environment, additional steps are required to support KCD after you upgrade to UEM 12.20.For more information, see Prerequisites for configuring KCD for BlackBerry Dynamics apps. |
New IT policy rule to allow web distribution apps for iOS | June 2024 12.20 | The "Allow web distribution apps (supervised only)" IT policy rule allows you to specify whether users are allowed to install web distribution apps. The rule is enabled by default and applies to devices running iOS 17.5 and later only.For more information, see the Policy reference spreadsheet. |
Return to service option for the iOS Delete all device data command | June 2024 12.20 | When you send the "Delete all device data" command to devices with iOS 17 or later, you can select the “Enable Return to Service” option and select a Wi-Fi profile to assign to the devices to assist the user in setting up the device again after the data is deleted.For more information, see Send commands to users and devices. |
Feature enhancements for the BlackBerry UEM Client | June 2024 12.20 | See the UEM Client Release Notes to learn about the latest features:
|
Feature enhancements for the BlackBerry Web
Services | June 2024 12.20 | See the BlackBerry Web Services Release Notes to learn about the latest features. |
What's new in UEM version 12.19 and UEM Cloud
UEM
version 12.19 and UEM Cloud
Feature | Cloud release date and on-prem version | Description |
---|---|---|
Changes to iOS IT policy rules and compliance rules | April 2024 12.19 Quick Fix 3 | This release includes the following changes:
For more information, see the UEM 12.19 IT policy rules reference. |
New iOS IT policy rules | January 2024 12.19 Quick Fix 1 | The following IT policy rules have been added for devices with iOS 17.2 and later:
For more information, see the UEM 12.19 IT policy rules reference. |
Changes to console URLs | October 2023 12.19 | The UEM console URLs have changed in this release to include additional information at the end of the path:
If you integrate UEM with Entra ID, the UEM console URLs change to the following ("&redirect=no" is removed from the end of the URL):
|
New OS support | October 2023 12.19 | The following operating systems are now supported:
|
JRE 17 required | October 2023 12.19 | You must install JRE 17 on the servers where you will install UEM , and you must set an environment variable that points to the BB_JAVA_HOME home location.For more information, see Set an environment variable for the Java location. |
Connect UEM on-premises to Entra ID | October 2023 12.19 | You can now connect BlackBerry UEM on-premises to Entra ID to create and synchronize users and directory-linked groups.For more information, see Connect BlackBerry UEM to Entra ID. |
New Android Management activation types | October 2023 12.19 | Three new activation types that support the Android Management API have been added:
|
Knox Service Plugin policies | October 2023 12.19 | You can now configure KSP policies from the Policies and profiles menu in the UEM management console instead of an app configuration.For more information, see Managing Android devices with OEM app configurations profile. |
iOS app update dispositions | October 2023 12.19 | You can now specify new "Required without updates" or "Optional without updates" dispositions for iOS VPP apps and assign them to users, user groups, device groups, shared device groups, and public device groups. For shared iPad groups you can assign "Required without updates". |
iOS RSR versions | October 2023 12.19 | You can now select an RSR version as the minimum allowed OS version in activation profiles for iOS devices. |
New BlackBerry
Dynamics profile setting | October 2023 12.19 | You can use the new "Allow WatchOS apps" setting to control whether end users can pair their Apple WatchOS apps with BlackBerry
Dynamics apps. This setting is off by default.For more information, see BlackBerry Dynamics profile settings. |
New email profile setting for iOS | October 2023 12.19 | You can use the new "Allow Mail Drop" setting to control whether users with the MDM controls activation type can send files from their account using Mail Drop. For more information, see iOS: Email profile settings. |
Updated compliance variable | October 2023 12.19 | You can now use the %ComplianceApplicationList% variable to display the names of restricted apps that are installed on a device in compliance notifications that are sent to users. For more information, see Using variables in profiles, emails, and notifications. |
LDAP directory enhancements ( UEM on-premises only) | October 2023 12.19 | Paged search results are now supported for LDAP directories. |
SIM management enhancement | October 2023 12.19 | You can now view the information for multiple SIMs for a device on the Device details screen, including eSIM information. |
Enhancements to the Managed device users screen | October 2023 12.19 | You can now add the Bluetooth MAC address as an optional field in the Advanced view of the Managed device users screen. You can also export this data from this view. |
Export personal apps list | October 2023 12.19 | You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date. |
Feature enhancements for the BlackBerry UEM Client | October 2023 12.19 | See the UEM Client Release Notes to learn about the latest features:
|
New in UEM version 12.18 and UEM Cloud
UEM
version 12.18 and UEM Cloud
The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.18 Release Notes or the UEM Cloud Release Notes.
Feature | Cloud release date and on-prem version | Description |
---|---|---|
Export personal apps list | July 2023 12.18 QF1 | You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date. |
Preserve the data plan on Android eSIM devices | May 2023 12.18 | UEM now provides an option to preserve the data plan on an Android eSIM device when you select the delete all device data command. By default, the data plan information is preserved when you select the delete all device data command.For more information, see Sending commands to users and devices. |
Show last password change in the management console | May 2023 12.18 | The date and time of the last time that a user changed the password for the BlackBerry UEM Client or a BlackBerry
Dynamics app is now displayed in the devices table and on the device details page. This feature requires a version of the UEM Client or BlackBerry
Dynamics apps released in June 2023 or later. |
Display information for multiple device SIMs in the management console | May 2023 12.18 | If a device has more than one SIM (for example, a physical and eSIM), information for all SIMs is now displayed in the device report. The device details page shows SIM information only for the phone number that has been selected by the user as the default for voice calls. |
Feature enhancements for the BlackBerry UEM Client | May 2023 12.18 | See the UEM Client Release Notes to learn about the latest features:
|
New in UEM version 12.17 and UEM Cloud
UEM
version 12.17 and UEM Cloud
The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.17 Release Notes or the UEM Cloud Release Notes.
Feature | Cloud release date and on-prem version | Description |
---|---|---|
Export personal apps list | July 2023 12.17 MR1 QF2 | You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date. |
Preserve the data plan on iOS eSIM devices | February 2023 12.17 MR1 | UEM now provides an option to preserve the data plan on an iOS eSIM device when you select the delete all device data command. If eSIM information is detected on the device, a pop-up will display asking if you want to preserve the data plan. The default action is to delete the data plan and you have to choose to preserve it.For more information, see Sending commands to users and devices. |
Rapid Security Response support for iOS | February 2023 12.17 MR1 | After a Rapid Security Response (RSR) build has been installed on an iOS 16 or later device, the RSR version is displayed in the users table, the device details page, device reports, and exports. You can also select the RSR version as a restricted OS version in compliance profiles. |
Activate Android Enterprise devices while on a mobile network | February 2023 12.17 MR1 | Android Enterprise devices can now be activated when they are using a mobile network. This feature applies only to Work space only (Android Enterprise ) and Work and personal - full control (Android Enterprise ) activation types. |
Support for multilingual compliance variables in email templates | February 2023 12.17 MR1 | You can now use multiple languages (German, Spanish, French, and Japanese) with the following compliance variables in email templates:
For more information, see Variables. |
New Android IT policy rule (Samsung Knox ) | February 2023 12.17 MR1 | Allow screenshots in the work profile to be stored in the personal profile: Specify whether screenshots taken in the work profile can be saved in the personal profile. For more information, see the Policy reference spreadsheet. |
New end user capabilities for BlackBerry
Dynamics apps using third-party identity provider credentials | September 2022 12.17 |
|
New OS support | September 2022 12.17 | This release adds support for devices running:
|
DEP activation enhancements for iOS | September 2022 12.17 | After the UEM Client has been activated on an iOS device that is enrolled in DEP, during any subsequent activation, if there is no device activation password set for the user, the UEM Client displays a message that tells the user how to activate their device. |
Export a list of iOS devices not using a hardened channel | September 2022 12.17 | You can export a list of devices that are not already using a hardened channel and migrate them so that they use a hardened channel. For more information, see Migrate iOS devices to use a hardened channel. |
BlackBerry
Dynamics passcode fallback for iOS biometric authentication | September 2022 12.17 | A new option, "Permit fallback to device passcode if biometric authentication fails", has been added to the BlackBerry
Dynamics profile. This option allows iOS biometric (TouchID/FaceID) authentication to fall back to the device passcode if biometric authentication fails.For more information, see Controlling BlackBerry Dynamics on users devices. |
App removal enhancements for Android | September 2022 12.17 | For devices that were activated using the Work space only (Android Enterprise ) activation type, when an app is removed from Google
Play or unassigned from a user, the app is removed from the device automatically. |
Enhancements for Chrome OS support | September 2022 12.17 |
For more information, see Extending the management of Chrome OS devices to BlackBerry UEM. |
New iOS IT policy rules | September 2022 12.17 |
For more information, see the Policy reference spreadsheet. |