Skip Navigation

Enable app integrity checking

  • In the activation profiles that are assigned to users, on the
    iOS
    tab, enable any of the following settings:
    • To perform an app integrity check when a
      BlackBerry Dynamics
      app is activated, select
      Perform app integrity check on BlackBerry Dynamics app activation
      .
    • To perform regular app integrity checks for
      BlackBerry Dynamics
      apps, select
      Perform periodic app integrity checks
      .
  1. In the management console, click
    Settings > General settings > Attestation
    .
  2. In the
    iOS app integrity check frequency
    section, select the
    Enable iOS app integrity check on devices
    check box.
  3. In the
    Challenge frequency
    section, specify how often apps must return an attestation response.
  4. In the
    App grace period
    section, specify a grace period.
    If the grace period expires without a successful attestation response, a device is considered out of compliance and
    UEM
    will take the compliance action specified in the user's compliance profile.
  5. In the
    Apps to receive attestation challenges
    table, click
    +
    .
  6. To use a full integrity check with the DeviceCheck framework, verify that the
    Use Apple DeviceCheck to validate device and app signature
    check box is selected. For a partial integrity check, clear the check box.
  7. If you want to add a custom app to the attestation list, in the
    DeviceCheck key name
    drop-down list, select the key for the app.
  8. Search for and select the app that you want to receive attestation challenges. Click
    Select
    . You do not need to add a key for apps released by
    BlackBerry
    .
    UEM
    will automatically use the
    BlackBerry
    DeviceCheck key when you select an app released by
    BlackBerry
    .
  9. Repeat steps 5 to 8 to add additional apps to the list.
  10. Click
    Save
    .
  11. Create a
    CylancePROTECT
    profile and assign it to user accounts and groups to enable the feature on users' devices. You can create a new
    CylancePROTECT
    profile (Policies and profiles > Protection > CylancePROTECT) or use a
    CylancePROTECT
    profile that you created previously. Note that currently there are no settings that you need to configure in the profile for integrity checking.