Skip Navigation

Create a
BlackBerry Persona
policy

You create a
BlackBerry Persona
policy to define which risk engines you want
Persona
to use to determine user risk levels and the actions that the service should take for different types and levels of risk. How you configure the policy determines how
Persona
enforces adaptive security standards that are appropriate for each user’s current activity and context.
Persona
offers several actions for the different types and levels of risk, from enforcing UEM group assignments to temporarily blocking
BlackBerry Dynamics
apps. For more information about how
Persona
resolves conflicting assignments, see Resolving conflicting assignments and precedence rules.
  1. In the
    BlackBerry Persona Analytics Portal
    , on the menu bar, click
    Policies
    .
  2. Click Add icon .
  3. Type a name and description for the policy.
  4. If you don't want
    Persona
    to take action for identity risk levels, turn off
    Behavioral pattern risk
    ,
    IP address risk
    , and
    App anomaly risk
    and skip to step 8.
  5. If IP address risk is enabled, by default, all trusted and untrusted IP address configurations are applied. If you want the policy to apply to specific configurations, do the following:
    1. In the
      Critical
      risk row, in the
      IP address
      panel, click
      All untrusted IP addresses
        and clear the check box.
    2. Select the IP address configurations that you want the policy to apply to.
    3. In the
      Low
      risk row, in the
      IP address
      panel, click
      All trusted IP addresses
        and clear the check box.
    4. Select the IP address configurations that you want the policy to apply to.
  6. To configure an action for a behavioral pattern or app anomaly risk, click Add icon next to the risk level and do any of the following:
    • Click
      Assign to UEM group
      . Select a group from the list.
    • Click
      BlackBerry Dynamics apps action
      and do one of the following:
      • Click
        Assign BlackBerry Dynamics override profile
        . Select a profile from the list.
      • Click
        Block all BlackBerry Dynamics apps
        .
      • Click
        Block the BlackBerry Dynamics app that initiated the request
        .
    The Block all
    BlackBerry Dynamics
    apps and Block the
    BlackBerry Dynamics
    app that initiated the action are available for the Critical and High risk levels only.
  7. To allow users to reduce their behavioral risk level to low by completing a
    BlackBerry 2FA
    authentication prompt, do the following:
    1. In the
      Identity risk
      section, click
      Automatic risk reduction
      .
    2. In the drop-down list, click the risk levels that will allow automatic risk reduction.
    3. Click
      Apply
      .
    If a user successfully authenticates to access a
    BlackBerry Dynamics
    app, the user cannot be prompted for another authentication (for example, a continuous authentication prompt or automatic risk reduction prompt) for a grace period of at least 5 minutes.
  8. Choose one of the following methods to manage geozone risk levels and actions:
    Method
    Steps
    • Use learned geozones
    • Do not use defined geozones
    1. Verify that
      Learned geozone risk
      is turned on.
    2. Turn off
      Defined geozone risk
      .
    3. To configure an action for a learned geozone risk level, click Add icon next to a risk level and do any of the following:
      • Click
        Assign to UEM group
        . Select a group from the list.
      • Click
        BlackBerry Dynamics apps action
        and do one of the following:
        • Click
          Assign BlackBerry Dynamics override profile
          . Select a profile from the list.
        • In the high risk level, click
          Block all BlackBerry Dynamics apps
          .
        • In the high risk level, click
          Block the BlackBerry Dynamics app that initiated the request
          .
    • Use learned geozones
    • Use defined geozones
    • Optional: Take special actions for certain defined geozones
    1. Verify that
      Learned geozone risk
      and
      Defined geozone risk
      are turned on.
    2. To configure the default risk actions for both learned and defined geozones, click Add icon next to a risk level and do any of the following:
      • Click
        Assign to UEM group
        . Select a group from the list.
      • Click
        BlackBerry Dynamics apps action
        and do one of the following:
        • Click
          Assign BlackBerry Dynamics override profile
          . Select a profile from the list.
        • For defined geozones, click
          Block all BlackBerry Dynamics apps
          .
        • For defined geozones, click
          Block the BlackBerry Dynamics app that initiated the request
          .
    3. If you want to take special actions for a certain defined geozone, click Add icon in the top-right corner of the table and click the geozone. Click Add icon for the defined geozone and select the desired actions.
    • Do not use learned geozones
    • Use defined geozones
    • Optional: Take special actions for certain defined geozones
    • Optional: Take special actions for users that are not in defined geozones
    1. Turn off
      Learned geozone risk
      .
    2. Verify that
      Defined geozone risk
      is turned on.
    3. To configure an action for all defined geozones set to a certain risk level, click Add icon next to the risk level and do any of the following:
      • Click
        Assign to UEM group
        . Select a group from the list.
      • Click
        BlackBerry Dynamics apps action
        and do one of the following:
        • Click
          Assign BlackBerry Dynamics override profile
          . Select a profile from the list.
        • Click
          Block all BlackBerry Dynamics apps
          .
        • Click
          Block the BlackBerry Dynamics app that initiated the request
          .
    4. If you want to take special actions for a certain defined geozone, click Add icon in the top-right corner of the table and click the geozone. Click Add icon for the defined geozone and select the desired actions.
    5. If you want to take special actions for users that are not in defined geozones, in the top-right corner of the table, click Add icon
      > Undefined geozone
      . Click Add icon for the undefined geozone and select the desired actions.
    • Do not use learned or defined geozones
    Turn off
    Defined geozone risk
    and
    Learned geozone risk
    .
  9. Click
    Save
    .