Skip to content
Help and manuals  >  Enterprise services  >  BlackBerry UEM  >  Overview and what's new
Version: 12.7

What's new in BlackBerry UEM version 12.7 MR2

Support for app-based PKI solutions

Added support for app-based PKI solutions, such as Purebred, which can enroll certificates for BlackBerry Dynamics apps. You can now install the PKI app on devices and allow the latest versions of BlackBerry Dynamics apps, such as BlackBerry Work and BlackBerry Access, to use certificates enrolled through the PKI app. This option is supported only for iOS devices.

Multiple Apple Device Enrollment Program (DEP) account

Added support for using multiple DEP accounts. If you have upgraded to BlackBerry UEM 12.7 MR2 and want to configure multiple DEP accounts, you must enable the feature. If you have installed BlackBerry UEM for the first time, the feature is enabled by default.

Google account user management

New controls prevent users from adding additional accounts in the Android workspace.

Android activation

Several changes have been made to the Android activation experience including more robust explanation about password requirements, the BlackBerry UEM Client is locked into the foreground during activation, and on several screens the back button has been removed.

New IT policy rules

Group name Display name Description
Android work profiles Allow changing Wi-Fi settings Specify whether the user can change the settings in the work Wi-Fi profile. If this rule is not selected, the user can't change any settings in the profile, including their Wi-Fi connection credentials.
Android work profiles Allow additional Google accounts Specify whether the user can add additional Google accounts to the work space.
Android work profiles Disallowed account types Specify the types of accounts that cannot be added to the work space. If no account types are specified, there is no restriction. For more information, visit http://support.blackberry.com/kb/ to read article KB46860.
Android work profiles Allow NFC trust agent Specify if NFC can be used to unlock the device.
Android work profiles Allow tags with basic authentication to unlock the device Specify if NFC tags that authenticate using the tag ID can be used to unlock the device.
Android work profiles Allow secure NFC tags to unlock the device Specify if NFC tags that use challenge-response authentication can be used to unlock the device.
Android work profiles Allow Bluetooth trust agent Specify if Bluetooth can be used to unlock the device.
Android work profiles Allow places trust agent Specify if places can be used to unlock the device.
Android work profiles Allow custom places Specify if a user can trust places other than Home.
Android work profiles Allow Face trust agent Specify if face image can be used to unlock the device.
Android work profiles Allow Voice trust agent Specify if voice can be used to unlock the device.
Android work profiles Allow On-body trust agent Specify if On-body can be used to unlock the device.
Android work profiles Trust agent inactivity timeout Specify Device inactivity timeout in minutes. When a device is in an idle state for a certain period of time, trust agents will be revoked.
Android work profiles Allow obtaining device location Specify if work apps can obtain location of device. This policy will supersede any location profile assigned to the user.
Android work profiles Allow transfer of work data using NFC Specify whether the device can send work data to another device using NFC.
KNOX MDM Allow iris authentication Specify whether a user can authenticate with the device using an iris scan.
KNOX MDM Allow facial authentication Specify whether a user can authenticate with the device using facial recognition.
KNOX Premium - Workspace Allow iris authentication Specify whether a user can authenticate with the work space using an iris scan.