Skip to content
Help and manuals  >  Enterprise services  >  BlackBerry UEM  >  Configuration
Version: 12.9

Configuring BlackBerry UEM for the first time

The following table summarizes the configuration tasks covered in this guide. The tasks are optional based on your organization's needs. Use this table to determine which configuration tasks you should complete.

After you complete the appropriate tasks, you are ready to set up administrators, set up device controls, create users and groups, and activate devices.


Required or Optional


Replace default certificates with trusted certificates


You can replace the default SSL certificate used by the BlackBerry UEM consoles and the default certificate that BlackBerry UEM uses to sign the MDM profile for iOS devices with trusted certificates.

Configure BlackBerry UEM to send data through a proxy server


You can configure BlackBerry UEM to send data through a TCP proxy server or an instance of the BlackBerry Router before it reaches the BlackBerry Infrastructure. You can also configure BlackBerry UEM to send data through an HTTP proxy before it reaches the BlackBerry Dynamics NOC.

Configure connections through internal proxy servers


If your organization uses a proxy server for connections between servers inside your network, you may need to configure server-side proxy settings to allow the BlackBerry UEM Core to communicate with remote instances of the management console.

Connect BlackBerry UEM to company directories


You can connect BlackBerry UEM to one or more company directories, such as Microsoft Active Directory or an LDAP directory, so that BlackBerry UEM can access user data to create user accounts.

Connect BlackBerry UEM to an SMTP server


If you want BlackBerry UEM to send activation emails and other notifications to users, you must specify the SMTP server settings that BlackBerry UEM can use.

Configure single sign-on for BlackBerry UEM administrators


If you connect BlackBerry UEM to Microsoft Active Directory, you can configure single sign-on authentication to permit administrators or users to bypass the login webpage and access the management console or BlackBerry UEM Self-Service directly.

Obtain and register an APNs certificate


If you want to manage and send data to iOS or macOS devices, you must obtain a signed CSR from BlackBerry, use it to obtain an APNs certificate from Apple, and register the APNs certificate with the BlackBerry UEM domain.

Control which devices can access Exchange ActiveSync


If you configured Microsoft Exchange to block devices from accessing work email and organizer data unless the devices are added to an allowed list, you must create a Microsoft Exchange configuration in BlackBerry UEM.

Configure BlackBerry UEM to support Android devices that have a work profile


To support Android devices that have a work profile, you need to configure your G Suite or Google Cloud domain to support third-party mobile device management providers and configure BlackBerry UEM to communicate with your G Suite or Google Cloud domain.

Manage attestation for Samsung KNOX devices


If you turn on attestation, BlackBerry UEM sends challenges to test the authenticity and integrity of Samsung KNOX devices.

Configure BlackBerry UEM for the Apple Device Enrollment Program


If you want to use the BlackBerry UEM management console to manage iOS devices that your organization purchased from Apple for DEP, you must configure this feature.

Set up BlackBerry UEM Self-Service


If you want to allow users to perform certain management tasks, such as changing their passwords, you can set up and distribute the BlackBerry UEM Self-Service web application.

Enable BlackBerry Enterprise Identity


You can enable BlackBerry Enterprise Identity to give users single sign-on access to service providers such as Box, Concur, Dropbox, Salesforce, Workspaces, and more.

Configure high availability


To minimize service interruptions for users, you can install more than one active BlackBerry UEM instance.

Configure database mirroring


To retain database service and data integrity if issues occur with the BlackBerry UEM database, you can install and configure a failover database that serves as a backup to the principal database.

Configure BlackBerry UEM to make TLS/SSL connections to Exchange ActiveSync


If you enable the BlackBerry Secure Gateway to provide a secure connection between your mail server and iOS devices with the MDM controls activation type, you may need to add the Exchange ActiveSync server certificate to BlackBerry UEM.

Configure your network to simplify Windows 10 activations


You can simplify the process for activating Windows 10 devices by making configuration changes to your network so that users don't need to type a server address.

Connect BlackBerry UEM to Microsoft Azure


If you want to use BlackBerry UEM to deploy iOS and Android apps managed by Microsoft Intune or if you want to manage Windows 10 apps in BlackBerry UEM, connect BlackBerry UEM to Microsoft Azure.

Migrate users, groups, and other data from BES10 or BlackBerry UEM


You can use the management console to migrate users, devices, groups, and other data from a source on-premises BES10 or BlackBerry UEM.

Configure BlackBerry Dynamics settings


You can configure settings that are specific to BlackBerry Proxy and BlackBerry Dynamics apps.

Configure certificates for BlackBerry Dynamics apps


If you want BlackBerry Dynamics apps on users' devices to be able to use client certificates, you can upload certificates to individual user accounts or configure a PKI connector to allow BlackBerry UEM to automatically enroll client certificates from your CA and send them to devices.

Integrate BlackBerry UEM with Cisco ISE


You can create a connection between Cisco ISE and BlackBerry UEM so that Cisco ISE can retrieve device data from BlackBerry UEM and enforce network access control policies.

Configure SNMP monitoring


You can use third-party SNMP tools to monitor the activity of BlackBerry UEM components.

Configuration icon Configuration