What's new in BlackBerry UEM
BlackBerry UEM
BlackBerry
has migrated BlackBerry
Dynamics
services to new domains and IP address ranges. To ensure that there are no disruptions to your BlackBerry
Dynamics
services, you must update your firewall configuration to allow connections to the new domains and IP ranges, in addition to the existing domains and IP ranges that you have allowed for UEM
. For more information, see the new domains and IP ranges for March 2025 and later in the following sections of the UEM
Planning Guide:
What's new in UEM version 12.22 and UEM Cloud
UEM
version 12.22 and UEM Cloud
Feature | Cloud release date and on-prem version | Description |
---|---|---|
Support for Windows Server 2025 | May 2025 12.22 | This release adds support for Windows Server 2025.For more information, see the UEM compatibility matrix. |
Specify the directory when adding users to UEM with a .csv file | May 2025 12.22 | When you add user accounts to UEM using a .csv file, you can use a new column in the .csv file, Directory Instance Name, to specify the name of the directory that each directory user belongs to. This allows UEM to import the user from the specified directory without having to search multiple directories that are associated with UEM . UEM will make a single call to a directory to import all users that are associated with that directory.In the Directory Instance Name column, specify a single directory name for each directory user that you want to import. The directory name must match the name of a directory connection that has been configured in UEM (casing does not matter). If the value of this field is blank, UEM searches all available directories for the user.For more information, see Creating user accounts from a .csv file. |
Send client certificates to devices using ACME | 12.22 | You can create and assign ACME profiles to enable iOS devices that are activated on UEM to communicate with an ACME server to obtain and manage the use of client certificates from a certificate authority.After you create an ACME profile, you can associate the profile with Wi-Fi , VPN, and email profiles (Authentication type and Associated ACME profile settings).For more information, see Send client certificates to devices using ACME. |
Activation profile enhancements | 12.22 | New options to configure identity certificate settings have been added to activation profiles to support SCEP and ACME configurations. For more information, see Create an activation profile. |
New “Skip during setup” options when configuring UEM for DEP | 12.22 | When you configure UEM for DEP, several new “Skip during setup” options have been added in this release. You can hover over each option to view a tooltip with additional details. |
Support for BlackBerry
Dynamics in a dark site environment | 12.22 (on-premises only) | BlackBerry
Dynamics is now supported in dark site environments.For more information, see Installing or upgrading BlackBerry UEM in a dark site environment. |
Feature enhancements for the BlackBerry Web
Services | May 2025 12.22 | See the BlackBerry Web Services Release Notes to learn about the latest features. |
What's new in UEM version 12.21 and UEM Cloud
UEM
version 12.21 and UEM Cloud
Feature | Cloud release date and on-prem version | Description |
---|---|---|
IT policy pack for new iOS rules | April 2025 (on-premises only) | The latest IT policy pack (April 2025) includes the following new iOS IT policy rules:
For more information, see the Policy reference spreadsheet. |
Send client certificates to devices using ACME | March 2025 (cloud only) | You can create and assign ACME profiles to enable iOS devices that are activated on UEM to communicate with an ACME server to obtain and manage the use of client certificates from a certificate authority.After you create an ACME profile, you can associate the profile with Wi-Fi , VPN, and email profiles (Authentication type and Associated ACME profile settings).For more information, see Send client certificates to devices using ACME. |
Activation profile enhancements | March 2025 (cloud only) | New options to configure identity certificate settings have been added to activation profiles to support SCEP and ACME configurations. For more information, see Create an activation profile. |
New iOS IT policy rules | March 2025 (cloud only) | The following iOS IT policy rules are new in this release:
For more information, see the Policy reference spreadsheet. |
New “Skip during setup” options when configuring UEM for DEP | March 2025 (cloud only) | When you configure UEM for DEP, several new “Skip during setup” options have been added in this release. You can hover over each option to view a tooltip with additional details. |
Support for Intercede MyID | November 2024 12.21 | This release supports the use of the Intercede MyID PIV credential management solution to provide derived credentials certificates to devices activated on UEM .For more information, see Use Intercede MyID to provide derived credentials certificates to devices. |
Install the BlackBerry Connectivity Node using the command line | November 2024 (cloud only) | You can now install the BlackBerry Connectivity Node for a UEM Cloud environment using the command prompt.For more information, see Install the BlackBerry Connectivity Node for UEM Cloud using the command prompt. |
Create local users administrator permission | November 2024 12.21 | This release includes a new Users and Devices permission, Create local users, that controls whether an administrator account can create local users. Create local users is enabled by default for the Security Administrator, Enterprise Administrator, and Senior HelpDesk roles. The Create local users permission can be enabled only if the Create users permission is also enabled. After you upgrade to UEM 12.21, custom roles that you created previously will not have the Create local users permissions by default, you must assign it manually.For more information, see Permissions for preconfigured administrative roles. |
Enhancements to BlackBerry
Dynamics profiles | November 2024 12.21 | BlackBerry
Dynamics profiles feature the following enhancements:
For more information, see BlackBerry Dynamics profile settings. |
Changes to OS support | November 2024 12.21 | This release adds support for the following device operating systems:
For more information, see the Mobile device OS compatibility matrix. |
New iOS IT policy rules | November 2024 12.21 | The following IT policy rules have been added for iOS devices.Device functionality ( iOS 17.4 or later): Allow auto dim (supervised only)Device functionality ( iOS 18.0 or later):
Device functionality ( iOS 18.1 or later):
Apps ( iOS 18.0 or later):
Apps ( iOS 18.2 or later): Allow default browser modification (supervised only)Security and privacy ( iOS 18.0 or later): Allow writing tools (supervised only)Security and privacy ( iOS 18.2 or later):
For more information, see the Policy reference spreadsheet. |
New Android IT policy rule to control Circle to Search | November 2024 12.21 | The "Allow Circle to Search" IT policy rule allows you to control whether Circle to Search functionality is enabled in the work profile. The rule is enabled by default and applies to devices running Android OS 15 or later. This rule requires the UEM Client for Android version 12.45.x or later.For more information, see the Policy reference spreadsheet. |
Changes to IT policy rules | November 2024 12.21 | The IT policy rule "Allow screenshots in the work profile to be stored in the personal profile" is not supported for devices with Android 15 or later. |
Enhancement to encrypting the connection between UEM and Microsoft SQL
Server | 12.21 (on-prem only) | Previously, you could encrypt the connection only after installing UEM . In this release you can set up an encrypted connection when you install or upgrade UEM using the command prompt.For more information, see Install or upgrade BlackBerry UEM using the command prompt window. |
Support for group Managed Service Accounts | November 2024 12.21 | This release adds support for using a group Managed Service Account (gMSA) to install or upgrade UEM and to run the UEM services. When installing or upgrading UEM on-premises, you can now select an option to use a gMSA.For more information, see the UEM Installation and Upgrade Guide. |
Designate iOS and OS X apps as Work or Personal | November 2024 12.21 | When you assign iOS or OS X apps to a user or group, you can configure a new Target field to designate the app as "Work" (default) or "Personal". This field allows you to differentiate the type of app in the management console. This setting does not impact how the app is installed or managed on the device. |
Enhancement to the device vulnerabilities view | November 2024 12.21 | The device vulnerabilities view now allows you to search and filter by a specified CVE number to see the device operating systems that are impacted by that CVE. For more information, see View mobile OS vulnerabilities. |
Copy app configurations | November 12.21 | You can now copy and modify an existing app configuration. For more information, see Manage settings for a BlackBerry Dynamics app. |
Enhancements to app configurations for BlackBerry
Dynamics apps | November 2024 12.21 | The following enhancements have been made to the app configuration UI for BlackBerry
Dynamics apps:
|
Support for Samsung Knox 3.11 with Android Enterprise activation types | November 2024 12.21 | This release adds support for Android Enterprise activation types on Android 15 with Samsung Knox 3.11.For more information, see the UEM compatibility matrix. Note that the MDM controls activation type is no longer supported for Samsung Knox devices with Android 15 or later. |
Enhancement to compliance profiles | November 2024 12.21 | Compliance prompts for BlackBerry
Dynamics apps are now supported for the following compliance rules:
Compliance prompts for these settings require the most recent release of BlackBerry
Dynamics apps (October 2024 or later for iOS , November 2024 or later for Android ). |
Changes to supported Android activation types for dark site environments | November 2024 12.21 | There are changes to the supported Android activation types in a dark site environment.For more information, see Installing or upgrading BlackBerry UEM in a dark site environment. |
Feature enhancements for the BlackBerry UEM Client | November 2024 12.21 | See the UEM Client Release Notes to learn about the latest features:
|
Feature enhancements for the BlackBerry Web
Services | November 2024 12.21 | See the BlackBerry Web Services Release Notes to learn about the latest features. |
What's new in UEM version 12.20 and UEM Cloud
UEM
version 12.20 and UEM Cloud
Feature | Cloud release date and on-prem version | Description |
---|---|---|
IT policy pack for new iOS and Android rules | 12.20 (on-premises only) | The latest IT policy pack (October 2024) includes the following new IT policy rules: Android The "Allow Circle to Search" IT policy rule allows you to control whether Circle to Search functionality is enabled in the work profile. The rule is enabled by default and applies to devices running Android OS 15 or later. This rule requires the UEM Client for Android version 12.45.x or later.iOS Device functionality ( iOS 17.4 or later): Allow auto dim (supervised only)Device functionality ( iOS 18.0 or later):
Device functionality ( iOS 18.1 or later):
Apps ( iOS 18.0 or later):
Security and privacy ( iOS 18.0 or later): Allow writing tools (supervised only) |
Compliance events view | June 2024 12.20 | This release introduces a new compliance events view in the management console that allows you to monitor and track the compliance events that UEM detects across iOS , Android , macOS , and Windows devices, including compliance events for CylancePROTECT Mobile features.For more information, see Monitor compliance events. |
CylancePROTECT Mobile enhancements | June 2024 12.20 |
|
New IT policy rules to manage iOS software updates | June 2024 12.20 | The "Automatically update device OS (supervised only)" IT policy rule has been added to the “Software updates” group on the iOS tab to provide new options to manage iOS software updates on devices. When you enable this rule, you can enable or disable the following sub-rules (enabled by default):
You can set the Update schedule to Immediate or you can specify the update schedule. The "Automatically update device OS (supervised only)" rule and sub-rules are supported for iOS devices with the MDM controls activation type.For more information, see the Policy reference spreadsheet. |
Schedule OS updates on supervised iOS devices | June 2024 12.20 | You can now schedule the date and time of OS updates for one or more supervised iOS devices.For more information, see Update the OS on supervised iOS devices. |
Include devices in a device group based on pending OS updates | June 2024 12.20 | When you add or make changes to a device group, you can specify the new device query option “Pending OS update age (days)” to include devices in the device group based on whether pending OS updates have not been installed within a specified number of days. For more information, see Parameters for device groups. |
Changes to IT policy rules for Android password complexity | June 2024 12.20 |
When users upgrade the UEM Client to version 12.44.0.157981 or later, if the device and work passwords do not meet the requirements set by an administrator in the IT policy, users will be prompted to set the device and work passwords according to the IT policy rules.For more information, see the Policy reference spreadsheet. |
Changes to compliance profiles | June 2024 12.20 |
For more information, see Create a compliance profile. |
New option when activating devices with Entra ID conditional access | June 2024 12.20 | The BlackBerry
Dynamics profile includes a new option that allows you to delay conditional access enrollment for a user until the Microsoft Authenticator app is installed on the user’s device.For more information, see Configuring BlackBerry UEM as an Intune compliance partner in Entra and BlackBerry Dynamics profile settings. |
Prevent screenshots in BlackBerry
Dynamics apps for iOS | June 2024 12.20 | If you want to prevent users from taking screenshots in BlackBerry
Dynamics apps on iOS devices, you can enable the new "Do not allow screenshots on iOS devices" option in the BlackBerry
Dynamics profile that is assigned to users.If a device user tries to take a screenshot in a BlackBerry
Dynamics app after this option is enabled, a blank image with the following message is saved instead: "Your organization prevents screenshots being taken within this app."This option is supported for BlackBerry
Dynamics apps that use BlackBerry Dynamics SDK 12.1 and later (apps released in June 2024 or later), and replaces the iOS screen capture detection rule in compliance profiles. BlackBerry recommends using the new profile setting and disabling the compliance rule. The compliance rule will be deprecated in a future UEM release.For more information, see BlackBerry Dynamics profile settings. |
Encrypt communication between UEM and Microsoft SQL
Server | 12.20 (on-prem only) | You can encrypt the connection and communication between UEM on-premises and Microsoft SQL
Server . By default, the connection is not encrypted.For more information, see Encrypt the connection between BlackBerry UEM and Microsoft SQL Server. |
Changes to port requirements for UEM connections to Microsoft Active
Directory | June 2024 12.20 | This release includes a new port requirement for CLDAP requests for domain controller discovery. For more information, see Outbound connections: BlackBerry UEM to Microsoft Active Directory. |
Web proxy support for Android Enterprise devices that use BlackBerry Secure Connect Plus | June 2024 12.20 | Apps on Android Enterprise devices that use BlackBerry Secure Connect Plus can now use a web proxy server. You configure the web proxy using a proxy profile and select the proxy profile in the enterprise connectivity profile that you use to configure and enable BlackBerry Secure Connect Plus .For more information, see Android: Enterprise connectivity profile settings. |
Apple managed device attestation | June 2024 12.20 | You can now enable Apple managed device attestation to ensure that only authorized and uncompromised devices are being used in your organization. During attestation, the device's properties (for example, its serial number) or identifiers are verified to be legitimate and not spoofed. This feature requires unsupervised devices to be running iOS 16 or iPadOS 16.1 or later. For supervised devices, iOS 17 or iPadOS 17 or later is required. .
For more information, see Configure attestation for iOS devices. |
Updates to the Microsoft Intune app protection policy | June 2024 12.20 | The Microsoft Intune app protection policy has been updated in the management console to include some of the latest app policies.For more information, Create a Microsoft Intune app protection profile. |
Support for Samsung Knox 3.10 with Android Enterprise activation types | June 2024 12.20 | This release adds support for Android Enterprise activation types on Android 14 with Samsung Knox 3.10.For more information, see the UEM compatibility matrix. |
Changes to OS support | June 2024 12.20 | This release will no longer support the following device operating systems:
For more information, see the Mobile device OS compatibility matrix. |
Changes to supported activation types | June 2024 12.20 |
|
Support for different home and lock screen wallpapers on supervised iOS devices | June 2024 12.20 | This release includes new options in the device profile to specify different wallpaper for the home and lock screens on supervised iOS devices. For more information, see Create a device profile. |
Show or hide the BlackBerry Dynamics Launcher in the UEM Client | June 2024 12.20 | In the BlackBerry
Dynamics profile, you now have the option to show or hide the BlackBerry Dynamics Launcher in the UEM Client :
For more information, see BlackBerry Dynamics profile settings. |
Add a customizable text banner to the management console | June 2024 12.20 | You can now add a customizable text banner that is displayed in the top-right header on every page in the management console. You can use this banner to display important information for all administrators that use the console (for example, you can display the information for the UEM tenant).For more information, see Add a text banner to the management console. |
View mobile OS vulnerabilities | June 2024 12.20 | The new device vulnerabilities screen in the management console allows you to view a list of Common Vulnerabilities and Exposures (CVE) for any mobile OS that is used in the UEM environment.For more information, see View mobile OS vulnerabilities. |
Changes to Kerberos Constrained Delegation (KCD) for BlackBerry
Dynamics apps | 12.20 (on-prem only) | If you configured KCD for BlackBerry
Dynamics apps, you must create and configure a krb5.conf file with specific minimum settings to continue supporting this feature in UEM 12.20 and later.If your organization uses a multi-realm Kerberos environment, additional steps are required to support KCD after you upgrade to UEM 12.20.For more information, see Prerequisites for configuring KCD for BlackBerry Dynamics apps. |
New IT policy rule to allow web distribution apps for iOS | June 2024 12.20 | The "Allow web distribution apps (supervised only)" IT policy rule allows you to specify whether users are allowed to install web distribution apps. The rule is enabled by default and applies to devices running iOS 17.5 and later only.For more information, see the Policy reference spreadsheet. |
Return to service option for the iOS Delete all device data command | June 2024 12.20 | When you send the "Delete all device data" command to devices with iOS 17 or later, you can select the “Enable Return to Service” option and select a Wi-Fi profile to assign to the devices to assist the user in setting up the device again after the data is deleted.For more information, see Send commands to users and devices. |
Feature enhancements for the BlackBerry UEM Client | June 2024 12.20 | See the UEM Client Release Notes to learn about the latest features:
|
Feature enhancements for the BlackBerry Web
Services | June 2024 12.20 | See the BlackBerry Web Services Release Notes to learn about the latest features. |
What's new in UEM version 12.19 and UEM Cloud
UEM
version 12.19 and UEM Cloud
Feature | Cloud release date and on-prem version | Description |
---|---|---|
Changes to iOS IT policy rules and compliance rules | April 2024 12.19 Quick Fix 3 | This release includes the following changes:
For more information, see the UEM 12.19 IT policy rules reference. |
New iOS IT policy rules | January 2024 12.19 Quick Fix 1 | The following IT policy rules have been added for devices with iOS 17.2 and later:
For more information, see the UEM 12.19 IT policy rules reference. |
Changes to console URLs | October 2023 12.19 | The UEM console URLs have changed in this release to include additional information at the end of the path:
If you integrate UEM with Entra ID, the UEM console URLs change to the following ("&redirect=no" is removed from the end of the URL):
|
New OS support | October 2023 12.19 | The following operating systems are now supported:
|
JRE 17 required | October 2023 12.19 | You must install JRE 17 on the servers where you will install UEM , and you must set an environment variable that points to the BB_JAVA_HOME home location.For more information, see Set an environment variable for the Java location. |
Connect UEM on-premises to Entra ID | October 2023 12.19 | You can now connect BlackBerry UEM on-premises to Entra ID to create and synchronize users and directory-linked groups.For more information, see Connect BlackBerry UEM to Entra ID. |
New Android Management activation types | October 2023 12.19 | Three new activation types that support the Android Management API have been added:
|
Knox Service Plugin policies | October 2023 12.19 | You can now configure KSP policies from the Policies and profiles menu in the UEM management console instead of an app configuration.For more information, see Managing Android devices with OEM app configurations profile. |
iOS app update dispositions | October 2023 12.19 | You can now specify new "Required without updates" or "Optional without updates" dispositions for iOS VPP apps and assign them to users, user groups, device groups, shared device groups, and public device groups. For shared iPad groups you can assign "Required without updates". |
iOS RSR versions | October 2023 12.19 | You can now select an RSR version as the minimum allowed OS version in activation profiles for iOS devices. |
New BlackBerry
Dynamics profile setting | October 2023 12.19 | You can use the new "Allow WatchOS apps" setting to control whether end users can pair their Apple WatchOS apps with BlackBerry
Dynamics apps. This setting is off by default.For more information, see BlackBerry Dynamics profile settings. |
New email profile setting for iOS | October 2023 12.19 | You can use the new "Allow Mail Drop" setting to control whether users with the MDM controls activation type can send files from their account using Mail Drop. For more information, see iOS: Email profile settings. |
Updated compliance variable | October 2023 12.19 | You can now use the %ComplianceApplicationList% variable to display the names of restricted apps that are installed on a device in compliance notifications that are sent to users. For more information, see Using variables in profiles, emails, and notifications. |
LDAP directory enhancements ( UEM on-premises only) | October 2023 12.19 | Paged search results are now supported for LDAP directories. |
SIM management enhancement | October 2023 12.19 | You can now view the information for multiple SIMs for a device on the Device details screen, including eSIM information. |
Enhancements to the Managed device users screen | October 2023 12.19 | You can now add the Bluetooth MAC address as an optional field in the Advanced view of the Managed device users screen. You can also export this data from this view. |
Export personal apps list | October 2023 12.19 | You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date. |
Feature enhancements for the BlackBerry UEM Client | October 2023 12.19 | See the UEM Client Release Notes to learn about the latest features:
|
New in UEM version 12.18 and UEM Cloud
UEM
version 12.18 and UEM Cloud
The table below details the new features in this release. For information about the fixed and known issues in this release, see the UEM 12.18 Release Notes or the UEM Cloud Release Notes.
Feature | Cloud release date and on-prem version | Description |
---|---|---|
Export personal apps list | July 2023 12.18 QF1 | You can now export a list of the personal apps that are installed on a user's device. The list includes the user and device name, the app name and version, the OS type and version, and the installation date. |
Preserve the data plan on Android eSIM devices | May 2023 12.18 | UEM now provides an option to preserve the data plan on an Android eSIM device when you select the delete all device data command. By default, the data plan information is preserved when you select the delete all device data command.For more information, see Sending commands to users and devices. |
Show last password change in the management console | May 2023 12.18 | The date and time of the last time that a user changed the password for the BlackBerry UEM Client or a BlackBerry
Dynamics app is now displayed in the devices table and on the device details page. This feature requires a version of the UEM Client or BlackBerry
Dynamics apps released in June 2023 or later. |
Display information for multiple device SIMs in the management console | May 2023 12.18 | If a device has more than one SIM (for example, a physical and eSIM), information for all SIMs is now displayed in the device report. The device details page shows SIM information only for the phone number that has been selected by the user as the default for voice calls. |
Feature enhancements for the BlackBerry UEM Client | May 2023 12.18 | See the UEM Client Release Notes to learn about the latest features:
|