Skip to content
Help and manuals  >  Enterprise services  >  BlackBerry UEM  >  Configuration
Version: 12.7

Configuring BlackBerry UEM for the first time

The following table summarizes the configuration tasks covered in this guide. The tasks are optional based on your organization's needs. Use this table to determine which configuration tasks you should complete.

After you complete the appropriate tasks, you are ready to set up administrators, set up device controls, create users and groups, and activate devices.

Task

Required or Optional

Description

Replace default certificates with trusted certificates

Optional

You can replace the default SSL certificate used by the BlackBerry UEM consoles and the default certificate that BlackBerry UEM uses to sign the MDM profile for iOS devices with trusted certificates.

Configure BlackBerry UEM to send data through a proxy server

Optional

You can configure BlackBerry UEM to send data through a TCP proxy server or an instance of the BlackBerry Router before it reaches the BlackBerry Infrastructure.

Configure connections through internal proxy servers

Optional

If your organization uses a proxy server for connections between servers inside your network, you may need to configure server-side proxy settings to allow the BlackBerry UEM Core to communicate with remote instances of the management console.

Connect BlackBerry UEM to company directories

Optional

You can connect BlackBerry UEM to one or more company directories, such as Microsoft Active Directory or an LDAP directory, so that BlackBerry UEM can access user data to create user accounts.

Synchronize Good Control with BlackBerry UEM

Optional

After you install BlackBerry UEM in an environment that has an existing Good Control server, you must synchronize Good Control with BlackBerry UEM to enable BlackBerry UEM features.

Connect BlackBerry UEM to an SMTP server

Optional

If you want BlackBerry UEM to send activation emails and other notifications to users, you must specify the SMTP server settings that BlackBerry UEM can use.

Configure single sign-on for BlackBerry UEM administrators

Optional

If you connect BlackBerry UEM to Microsoft Active Directory, you can configure single sign-on authentication to permit administrators or users to bypass the login webpage and access the management console or BlackBerry UEM Self-Service directly.

Obtain and register an APNs certificate

Optional

If you want to manage and send data to iOS or macOS devices, you must obtain a signed CSR from BlackBerry, use it to obtain an APNs certificate from Apple, and register the APNs certificate with the BlackBerry UEM domain.

Control which devices can access Exchange ActiveSync

Optional

If you configured Microsoft Exchange to block devices from accessing work email and organizer data unless the devices are added to an allowed list, you must create a Microsoft Exchange configuration in BlackBerry UEM.

Configure BlackBerry UEM to support Android devices that have a work profile

Optional

To support Android devices that have a work profile, you need to configure your G Suite or Google Cloud domain to support third-party mobile device management providers and configure BlackBerry UEM to communicate with your G Suite or Google Cloud domain.

Manage attestation for Samsung KNOX devices

Optional

If you turn on attestation, BlackBerry UEM sends challenges to test the authenticity and integrity of Samsung KNOX devices.

Configure BlackBerry UEM for the Apple Device Enrollment Program

Optional

If you want to use the BlackBerry UEM management console to manage iOS devices that your organization purchased from Apple for DEP, you must configure this feature.

Set up BlackBerry UEM Self-Service

Optional

If you want to allow users to perform certain management tasks, such as changing their passwords, you can set up and distribute the BlackBerry UEM Self-Service web application.

Enable BlackBerry Enterprise Identity

Optional

You can enable BlackBerry Enterprise Identity to give users single sign-on access to service providers such as Box, Concur, Dropbox, Salesforce, Workspaces, and more.

Configure high availability

Optional

To minimize service interruptions for users, you can install more than one active BlackBerry UEM instance.

Configure database mirroring

Optional

To retain database service and data integrity if issues occur with the BlackBerry UEM database, you can install and configure a failover database that serves as a backup to the principal database.

Configure BlackBerry UEM to make TLS/SSL connections to Exchange ActiveSync

Optional

If you enable the BlackBerry Secure Gateway Service to provide a secure connection between your mail server and iOS devices with the MDM controls activation type, you may need to add the Exchange ActiveSync server certificate to BlackBerry UEM.

Configure your network to simplify Windows 10 activations

Optional

You can simplify the process for activating Windows 10 devices by making configuration changes to your network so that users don't need to type a server address.

Connect BlackBerry UEM to Microsoft Azure

Optional

If you want to use BlackBerry UEM to deploy iOS and Android apps managed by Microsoft Intune or if you want to manage Windows 10 apps in BlackBerry UEM, connect BlackBerry UEM to Microsoft Azure.

Migrate users, groups, and other data from BES10 or BlackBerry UEM

Optional

You can use the management console to migrate users, devices, groups, and other data from a source on-premises BES10, BES12 or BlackBerry UEM database.

Configure BlackBerry Control and BlackBerry Proxy

Optional

You can configure BlackBerry Control and BlackBerry Proxy to meet your organization’s standards and requirements.

Configure certificates for BlackBerry Dynamics apps

Optional

If you want BlackBerry Dynamics apps on users' devices to be able to use client certificates, you can upload certificates to individual user accounts or configure a PKI connector to allow BlackBerry UEM to automatically enroll client certificates from your CA and send them to devices.

Integrate BlackBerry UEM with Cisco ISE

Optional

You can create a connection between Cisco ISE and BlackBerry UEM so that Cisco ISE can retrieve device data from BlackBerry UEM and enforce network access control policies.

Configure SNMP monitoring

Optional

You can use third-party SNMP tools to monitor the activity of BlackBerry UEM components.

Configuration icon Configuration