What's new in
BlackBerry UEM

What's new in
UEM
version 12.20 and
UEM Cloud

Feature	Cloud release date and on-prem version	Description
Compliance events view	June 2024 12.20	This release introduces a new compliance events view in the management console that allows you to monitor and track the compliance events that UEM detects across iOS , Android , macOS , and Windows devices, including compliance events for CylancePROTECT Mobile features. For more information, see Monitor compliance events.
CylancePROTECT Mobile enhancements	June 2024 12.20	Insecure Wi-Fi access point detection is now supported for iOS devices. For more information, see Protecting devices from network threats in the CylancePROTECT Mobile Administration content. Scanning text messages to detect malicious URLs is now supported for Android devices ( Android Enterprise and Android Management work space only activation types). For more information, see Scanning URLs in SMS text messages in the CylancePROTECT Mobile Administration content. CylancePROTECT Mobile settings and compliance rules are now applicable to Android Management devices.
New IT policy rules to manage iOS software updates	June 2024 12.20	The "Automatically update device OS (supervised only)" IT policy rule has been added to the “Software updates” group on the iOS tab to provide new options to manage iOS software updates on devices. When you enable this rule, you can enable or disable the following sub-rules (enabled by default): Automatically update major versions Automatically update minor versions Automatically update patch versions Automatically update rapid security responses Update schedule You can set the Update schedule to Immediate or you can specify the update schedule. The "Automatically update device OS (supervised only)" rule and sub-rules are supported for iOS devices with the MDM controls activation type. For more information, see the Policy reference spreadsheet.
Schedule OS updates on supervised iOS devices	June 2024 12.20	You can now schedule the date and time of OS updates for one or more supervised iOS devices. For more information, see Update the OS on supervised iOS devices.
Include devices in a device group based on pending OS updates	June 2024 12.20	When you add or make changes to a device group, you can specify the new device query option “Pending OS update age (days)” to include devices in the device group based on whether pending OS updates have not been installed within a specified number of days. For more information, see Parameters for device groups.
Changes to IT policy rules for Android password complexity	June 2024 12.20	The Android Global Password complexity IT policy rule now applies only to devices with Android OS 12 or later with a user privacy activation type ( Android Enterprise and Android Management ). The Android Global Password requirements IT policy rule now applies to full control and work space only activation types ( Android Enterprise and Android Management ), and to user privacy activation types ( Android Enterprise and Android Management ) on devices with Android 11 only. The Password complexity IT policy rule in the Android Work profile section is no longer applicable as of UEM Client version 12.44.x. The Password requirements rule in the Work profile section now applies to all Android activation types. When users upgrade the UEM Client to version 12.44.0.157981 or later, if the device and work passwords do not meet the requirements set by an administrator in the IT policy, users will be prompted to set the device and work passwords according to the IT policy rules. For more information, see the Policy reference spreadsheet.
Changes to compliance profiles	June 2024 12.20	A new option is available in compliance profiles that allows you to specify the compliance actions to take when iOS or Android devices have pending OS updates that exceed a specified period of time. For rules that support email notifications, you can now specify the email template that you want to use for each compliance rule that you enable. You can now specify the email template that you want to use for different compliance rules that you enable (when the email template option is applicable). The “Prompt for compliance” option has been removed for the Jailbroken OS rule for iOS and for the Rooted OS rule for Android . If you configured this option previously, it will change to immediate enforcement action when you upgrade to UEM 12.20. For more information, see Create a compliance profile.
New option when activating devices with Entra ID conditional access	June 2024 12.20	The BlackBerry Dynamics profile includes a new option that allows you to delay conditional access enrollment for a user until the Microsoft Authenticator app is installed on the user’s device. For more information, see Configuring BlackBerry UEM as an Intune compliance partner in Entra and BlackBerry Dynamics profile settings.
Prevent screenshots in BlackBerry Dynamics apps for iOS	June 2024 12.20	If you want to prevent users from taking screenshots in BlackBerry Dynamics apps on iOS devices, you can enable the new "Do not allow screenshots on iOS devices" option in the BlackBerry Dynamics profile that is assigned to users. If a device user tries to take a screenshot in a BlackBerry Dynamics app after this option is enabled, a blank image with the following message is saved instead: "Your organization prevents screenshots being taken within this app." This option is supported for BlackBerry Dynamics apps that use BlackBerry Dynamics SDK 12.1 and later (apps released in June 2024 or later), and replaces the iOS screen capture detection rule in compliance profiles. BlackBerry recommends using the new profile setting and disabling the compliance rule. The compliance rule will be deprecated in a future UEM release. For more information, see BlackBerry Dynamics profile settings.
Encrypt communication between UEM and Microsoft SQL Server	12.20 (on-prem only)	You can encrypt the connection and communication between UEM on-premises and Microsoft SQL Server . By default, the connection is not encrypted. For more information, see Encrypt the connection between BlackBerry UEM and Microsoft SQL Server.
Web proxy support for Android Enterprise devices that use BlackBerry Secure Connect Plus	June 2024 12.20	Apps on Android Enterprise devices that use BlackBerry Secure Connect Plus can now use a web proxy server. You configure the web proxy using a proxy profile and select the proxy profile in the enterprise connectivity profile that you use to configure and enable BlackBerry Secure Connect Plus . For more information, see Android: Enterprise connectivity profile settings.
Apple managed device attestation	June 2024 12.20	You can now enable Apple managed device attestation to ensure that only authorized and uncompromised devices are being used in your organization. During attestation, the device's properties (for example, its serial number) or identifiers are verified to be legitimate and not spoofed. This feature requires unsupervised devices to be running iOS 16 or iPadOS 16.1 or later. For supervised devices, iOS 17 or iPadOS 17 or later is required. . You can turn on periodic device information attestation for Apple devices from the Settings > General settings > Attestation menu. The minimum challenge frequency is 9 days. In the activation profile, you can specify whether the attestation occurs during device activation and/or periodically. Managed device attestation applies to the MDM controls and the User privacy activation types, but not the User privacy - User enrollment activation type. When you select the User privacy activation type in the activation profile, you must select at least one of the management options (such as "Allow VPN management"). You can use the compliance profile to enforce attestation and take action against devices where attestation is not successful. The status of Apple device attestation is available from the device details screen. For more information, see Configure attestation for iOS devices.
Updates to the Microsoft Intune app protection policy	June 2024 12.20	The Microsoft Intune app protection policy has been updated in the management console to include some of the latest app policies. For more information, Create a Microsoft Intune app protection profile.
Support for Samsung Knox 3.10 with Android Enterprise activation types	June 2024 12.20	This release adds support for Android Enterprise activation types on Android 14 with Samsung Knox 3.10. For more information, see the UEM compatibility matrix.
Changes to OS support	June 2024 12.20	This release will no longer support the following device operating systems: Android 10 iOS 15 For more information, see the Mobile device OS compatibility matrix.
Changes to supported activation types	June 2024 12.20	The Work space only ( Samsung Knox ) activation type is no longer supported.
Support for different home and lock screen wallpapers on supervised iOS devices	June 2024 12.20	This release includes new options in the device profile to specify different wallpaper for the home and lock screens on supervised iOS devices. For more information, see Create a device profile.
Show or hide the BlackBerry Dynamics Launcher in the UEM Client	June 2024 12.20	In the BlackBerry Dynamics profile, you now have the option to show or hide the BlackBerry Dynamics Launcher in the UEM Client : Enable BlackBerry Dynamics Launcher in UEM Client : This setting specifies whether the BlackBerry Dynamics Launcher icon appears in the UEM Client . Enable BlackBerry Dynamics Launcher first time setup: This setting specifies whether the tutorial appears when the BlackBerry Dynamics Launcher appears for the first time in the UEM Client . For more information, see BlackBerry Dynamics profile settings.
Add a customizable text banner to the management console	June 2024 12.20	You can now add a customizable text banner that is displayed in the top-right header on every page in the management console. You can use this banner to display important information for all administrators that use the console (for example, you can display the information for the UEM tenant). For more information, see Add a text banner to the management console.
View mobile OS vulnerabilities	June 2024 12.20	The new device vulnerabilities screen in the management console allows you to view a list of Common Vulnerabilities and Exposures (CVE) for any mobile OS that is used in the UEM environment. For more information, see View mobile OS vulnerabilities.
Changes to Kerberos Constrained Delegation (KCD) for BlackBerry Dynamics apps	12.20 (on-prem only)	If you configured KCD for BlackBerry Dynamics apps, you must create and configure a krb5.conf file with specific minimum settings to continue supporting this feature in UEM 12.20 and later. If your organization uses a multi-realm Kerberos environment, additional steps are required to support KCD after you upgrade to UEM 12.20. For more information, see Prerequisites for configuring KCD for BlackBerry Dynamics apps.
New IT policy rule to allow web distribution apps for iOS	June 2024 12.20	The "Allow web distribution apps (supervised only)" IT policy rule allows you to specify whether users are allowed to install web distribution apps. The rule is enabled by default and applies to devices running iOS 17.5 and later only. For more information, see the Policy reference spreadsheet.
Return to service option for the iOS Delete all device data command	June 2024 12.20	When you send the "Delete all device data" command to devices with iOS 17 or later, you can select the “Enable Return to Service” option and select a Wi-Fi profile to assign to the devices to assist the user in setting up the device again after the data is deleted. For more information, see Send commands to users and devices.
Feature enhancements for the BlackBerry UEM Client	June 2024 12.20	See the UEM Client Release Notes to learn about the latest features: UEM Client for Android UEM Client for iOS
Feature enhancements for the BlackBerry Web Services	June 2024 12.20	See the BlackBerry Web Services Release Notes to learn about the latest features.

What's new in
UEM
version 12.19 and
UEM Cloud

Feature	Cloud release date and on-prem version	Description
Changes to iOS IT policy rules and compliance rules	April 2024 12.19 Quick Fix 3	This release includes the following changes: The "Allow marketplace apps" IT policy rule has been added to allow you to control whether users can install marketplace apps. This rule is supported for iOS 17.4 and later. (EMM-155942) The functionality of the following iOS IT policy rules now extend to marketplace apps: Allow installing apps (supervised only), Allow removing apps (supervised only). The functionality of the following iOS compliance rules now extend to marketplace apps: Show only allowed apps on the device, Restricted app is installed. For more information, see the UEM 12.19 IT policy rules reference.
New iOS IT policy rules	January 2024 12.19 Quick Fix 1	The following IT policy rules have been added for devices with iOS 17.2 and later: Preserve eSIM data plan on device wipe (supervised only) Allow Live Voicemail (supervised only) For more information, see the UEM 12.19 IT policy rules reference.
Changes to console URLs	October 2023 12.19	The UEM console URLs have changed in this release to include additional information at the end of the path: Management console: https://`<server_name>`:`<port>`/admin/index.jsp?tenant=`<tenant_ID>`&redirect=no UEM Self-Service console: https://`<server_name>`:`<port>`/mydevice/index.jsp?tenant=`<tenant_ID>`&redirect=no If you integrate UEM with Entra ID, the UEM console URLs change to the following ("&redirect=no" is removed from the end of the URL): Management console: https://`<server_name>`:`<port>`/admin/index.jsp?tenant=`<tenant_ID>` Self-service console: https://`<server_name>`:`<port>`/mydevice/index.jsp?tenant=`<tenant_ID>`
New OS support	October 2023 12.19	The following operating systems are now supported: iOS 17: Includes support for RSA-PSS and DH group 32 in VPN profiles and TLS 1.3 in Wi-Fi profiles Android 14
JRE 17 required	October 2023 12.19	You must install JRE 17 on the servers where you will install UEM , and you must set an environment variable that points to the BB_JAVA_HOME home location. For more information, see Set an environment variable for the Java location.
Connect UEM on-premises to Entra ID	October 2023 12.19	You can now connect BlackBerry UEM on-premises to Entra ID to create and synchronize users and directory-linked groups. For more information, see Connect BlackBerry UEM to Entra ID.
New Android Management activation types	October 2023 12.19	Three new activation types that support the Android Management API have been added: Work and personal - full control ( Android Management fully managed device with work profile) Work and personal - user privacy ( Android Management with work profile) Work space only ( Android Management fully managed device) For more information, see the following: Considerations for Android Management activation types Configuring BlackBerry UEM to support Android Management devices Activation types: Android devices Activating Android devices
Knox Service Plugin policies	October 2023 12.19	You can now configure KSP policies from the Policies and profiles menu in the UEM management console instead of an app configuration. For more information, see Managing Android devices with OEM app configurations profile.
iOS app update dispositions	October 2023 12.19	You can now specify new "Required without updates" or "Optional without updates" dispositions for iOS VPP apps and assign them to users, user groups, device groups, shared device groups, and public device groups. For shared iPad groups you can assign "Required without updates".
iOS RSR versions	October 2023 12.19	You can now select an RSR version as the minimum allowed OS version in activation profiles for iOS devices.
New BlackBerry Dynamics profile setting	October 2023 12.19	You can use the new "Allow WatchOS apps" setting to control whether end users can pair their Apple WatchOS apps with BlackBerry Dynamics apps. This setting is off by default. For more information, see BlackBerry Dynamics profile settings.
New email profile setting for iOS	October 2023 12.19	You can use the new "Allow Mail Drop" setting to control whether users with the MDM controls activation type can send files from their account using Mail Drop. For more information, see iOS: Email profile settings.
Updated compliance variable	October 2023 12.19	You can now use the %ComplianceApplicationList% variable to display the names of restricted apps that are installed on a device in compliance notifications that are sent to users. For more information, see Using variables in profiles, emails, and notifications.
LDAP directory enhancements ( UEM on-premises only)	October 2023 12.19	Paged search results are now supported for LDAP directories.
SIM management enhancement	October 2023 12.19	You can now view the information for multiple SIMs for a device on the Device details screen, including eSIM information.
Enhancements to the Managed device users screen	October 2023 12.19	You can now add the Bluetooth MAC address as an optional field in the Advanced view of the Managed device users screen. You can also export this data from this view.
Export personal apps list	October 2023 12.19	You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date.
Feature enhancements for the BlackBerry UEM Client	October 2023 12.19	See the UEM Client Release Notes to learn about the latest features: UEM Client for Android UEM Client for iOS

New in
UEM
version 12.18 and
UEM Cloud

The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.18 Release Notes or the UEM Cloud Release Notes.

Feature	Cloud release date and on-prem version	Description
Export personal apps list	July 2023 12.18 QF1	You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date.
Preserve the data plan on Android eSIM devices	May 2023 12.18	UEM now provides an option to preserve the data plan on an Android eSIM device when you select the delete all device data command. By default, the data plan information is preserved when you select the delete all device data command. For more information, see Sending commands to users and devices.
Show last password change in the management console	May 2023 12.18	The date and time of the last time that a user changed the password for the BlackBerry UEM Client or a BlackBerry Dynamics app is now displayed in the devices table and on the device details page. This feature requires a version of the UEM Client or BlackBerry Dynamics apps released in June 2023 or later.
Display information for multiple device SIMs in the management console	May 2023 12.18	If a device has more than one SIM (for example, a physical and eSIM), information for all SIMs is now displayed in the device report. The device details page shows SIM information only for the phone number that has been selected by the user as the default for voice calls.
Feature enhancements for the BlackBerry UEM Client	May 2023 12.18	See the UEM Client Release Notes to learn about the latest features: UEM Client for Android UEM Client for iOS

New in
UEM
version 12.17 and
UEM Cloud

The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.17 Release Notes or the UEM Cloud Release Notes.

Feature	Cloud release date and on-prem version	Description
Export personal apps list	July 2023 12.17 MR1 QF2	You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date.
Preserve the data plan on iOS eSIM devices	February 2023 12.17 MR1	UEM now provides an option to preserve the data plan on an iOS eSIM device when you select the delete all device data command. If eSIM information is detected on the device, a pop-up will display asking if you want to preserve the data plan. The default action is to delete the data plan and you have to choose to preserve it. For more information, see Sending commands to users and devices.
Rapid Security Response support for iOS	February 2023 12.17 MR1	After a Rapid Security Response (RSR) build has been installed on an iOS 16 or later device, the RSR version is displayed in the users table, the device details page, device reports, and exports. You can also select the RSR version as a restricted OS version in compliance profiles.
Activate Android Enterprise devices while on a mobile network	February 2023 12.17 MR1	Android Enterprise devices can now be activated when they are using a mobile network. This feature applies only to Work space only ( Android Enterprise ) and Work and personal - full control ( Android Enterprise ) activation types.
Support for multilingual compliance variables in email templates	February 2023 12.17 MR1	You can now use multiple languages (German, Spanish, French, and Japanese) with the following compliance variables in email templates: %ComplianceDynamicsEnforcementAction% %ComplianceDynamicsEnforcementActionWithDescription% %ComplianceEnforcementAction% %ComplianceEnforcementActionWithDescription% %ComplianceRuleViolated% %ComplianceViolationExpiration% For more information, see Variables.
New Android IT policy rule ( Samsung Knox )	February 2023 12.17 MR1	Allow screenshots in the work profile to be stored in the personal profile: Specify whether screenshots taken in the work profile can be saved in the personal profile. For more information, see the Policy reference spreadsheet.
New end user capabilities for BlackBerry Dynamics apps using third-party identity provider credentials	September 2022 12.17	Users can now unlock a BlackBerry Dynamics app using their third-party identity provider credentials. For more information, see Unlock a BlackBerry Dynamics app using a third-party identity provider. Users can now activate BlackBerry Dynamics apps after they restore their device using their third-party identity provider credentials. For more information, see Activate a BlackBerry Dynamics app after a device restore using a third-party identity provider. Users can now retrieve their BlackBerry Dynamics app password using their third-party identity provider credentials. For more information, see Reset your BlackBerry Dynamics app password using a third-party identity provider.
New OS support	September 2022 12.17	This release adds support for devices running: Android 13 iOS 16
DEP activation enhancements for iOS	September 2022 12.17	After the UEM Client has been activated on an iOS device that is enrolled in DEP, during any subsequent activation, if there is no device activation password set for the user, the UEM Client displays a message that tells the user how to activate their device.
Export a list of iOS devices not using a hardened channel	September 2022 12.17	You can export a list of devices that are not already using a hardened channel and migrate them so that they use a hardened channel. For more information, see Migrate iOS devices to use a hardened channel.
BlackBerry Dynamics passcode fallback for iOS biometric authentication	September 2022 12.17	A new option, "Permit fallback to device passcode if biometric authentication fails", has been added to the BlackBerry Dynamics profile. This option allows iOS biometric (TouchID/FaceID) authentication to fall back to the device passcode if biometric authentication fails. For more information, see Controlling BlackBerry Dynamics on users devices.
App removal enhancements for Android	September 2022 12.17	For devices that were activated using the Work space only ( Android Enterprise ) activation type, when an app is removed from Google Play or unassigned from a user, the app is removed from the device automatically.
Enhancements for Chrome OS support	September 2022 12.17	You can now add a connection to your organization’s Google domain even when you already have a connection set up. This enables you to set up a connection to manage your organization’s Chrome devices without removing any connections that you have already set. In an org unit, you can now use the 24-hour time format in the start time fields. For more information, see Extending the management of Chrome OS devices to BlackBerry UEM.
New iOS IT policy rules	September 2022 12.17	Allow Mail Privacy Protection: Specify whether mail protection is enabled. Allow Rapid Security Response Installation: Specify whether rapid security response is enabled. Allow Rapid Security Response Removal: Specify whether users can disable rapid security response. For more information, see the Policy reference spreadsheet.

New in
UEM
version 12.16 and
UEM Cloud

The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.16 Release Notes or the UEM Cloud Release Notes.

Feature	Cloud release date and on-prem version	Description
Support for Chrome OS	August 2022 12.16 MR1	UEM now supports devices that are running Chrome OS . The Chrome OS integration with BlackBerry UEM extends some of the Chrome OS management functionality to UEM . You can perform some commands on Chrome OS devices, such as view device report, view device actions, and delete only work data. For more information, see KB 98789 and Extending the management of Chrome OS devices to BlackBerry UEM.
Multiple connections for Entra ID conditional access	August 2022 12.16 MR1	You can now configure multiple Entra ID connections for conditional access in a UEM tenant. You can also configure multiple UEM domains to connect to the same Entra ID tenant. For more information, see Connecting BlackBerry UEM to Microsoft Azure.
Changes to the on-premises installer	August 2022 12.16 MR1	The BlackBerry Affinity Manager , BlackBerry Dispatcher , and BlackBerry MDS Connection Service components have been removed from the installation and upgrade process. These components were used only for managing BlackBerry 10 devices, which are no longer supported. For more information about a BlackBerry Affinity Manager disconnected status, see KB 90941.
Support for shared iPad devices	March 2022 12.16	iPad devices can now be shared between multiple users. When users sign in with a Managed Apple ID, their data loads and the user has access to their own email accounts, files, iCloud Photo Library, app data, and more. For more information, see Creating and managing shared iPad groups.
Support for the CryptoTokenKit framework for iOS	March 2022 12.16	UEM now supports the CryptoTokenKit framework for iOS devices so that BlackBerry Dynamics apps can access cryptographic tokens from PKI apps such as Purebred. Support for cryptographic tokens is enabled when you select the “Native keystore” connection option and the iOS platform in the user credential profile. This feature requires apps that use BlackBerry Dynamics SDK 10.2 or later. For more information, see Sending client certificates to devices and apps using user credential profiles.
UTI requirement for Purebred 2.1 (8)	March 2022 12.16	When you use the Purebred app version 2.1 (8) or later, which must be submitted through the Custom App Distribution mechanism, you must update the uniform type identifiers (UTI) that contain underscores (‘_’) to dashes ('-') for the BlackBerry UEM Client app policy. For example, use purebred.select.all-user; purebred.select.no-filter; purebred.zip.all-user; purebred.zip.no-filter . Users may need to reactivate the new Purebred app on their device.
Profile enhancements	March 2022 12.16	Device SR requirements profile: You can now apply Android OS updates to Samsung devices. For more information, see Controlling the software updates that are installed on devices. BlackBerry Dynamics profile: A new option allows you to specify whether Android device users can use custom keyboards with BlackBerry Dynamics apps. For more information, see Controlling BlackBerry Dynamics on users devices. VPN profile: You can specify an associated proxy profile when you select “IKEv2 Always On”. For more information, see Setting up work VPNs for devices. User credential profiles: In profiles that use native keystore connections, you can now specify the device OS platforms that you want the profile to apply to. For more information, see Sending client certificates to devices and apps using user credential profiles.
Changes to the management console	March 2022 12.16	The Android app license page has been removed from the management console. You must use the Organize Apps functionality in Google Play iFrame to manage your Google Play Store layout. You can no longer use the Category drop-down list in the app details to manage your Google Play Store layout.
New Android IT policy rule	March 2022 12.16	Work apps exempt from VPN: Specify the work apps that are not required to send data over the work connection when "Force work apps to only use VPN" is selected. For more information, see the Policy reference spreadsheet.
New iOS IT policy rule	March 2022 12.16	Recommended software update cadence (supervised only): Specify how software updates are presented to the user. When there is only one update available, the system shows the update to the user. Otherwise, the updates are displayed in the specified order. This rule applies only to devices running iOS 14.5.0 and later. For more information, see the Policy reference spreadsheet.

What's new in BlackBerry UEM

What's new in UEM version 12.20 and UEM Cloud

What's new in UEM version 12.19 and UEM Cloud

New in UEM version 12.18 and UEM Cloud

New in UEM version 12.17 and UEM Cloud

New in UEM version 12.16 and UEM Cloud