Wie am 20. Juni 2017 angekündigt, erneuert BlackBerry ab heute die gesamte Software Palette. Heute starten wir mit BlackBerry UEM. Jedes ~halbe Jahr erneuert BlackBerry fast ihr gesamtes Software Portfolio. Von UEM, über die BlackBerry Dynamics Apps bis hin zu BBM Enterprise. In den nächsten Tagen dürfen wir uns auf einige spannende Updates freuen.
BlackBerry UEM bringt einige interessante Neuerungen mit sich. Hier ein Auszug aus den Release Notes:
Microsoft Intune integration: For iOS and Android devices, if you want to protect data in Microsoft Office 365 apps using the MAM features of Microsoft Intune, you can use Intune to protect app data while using BlackBerry UEM to manage the devices. Intune provides security features that protect data within apps. For example, Intune can require that data within apps be encrypted and prevent copying and pasting, printing, and using the Save As command. You can connect UEM to Intune, allowing you to manage Intune app protection policies from within the UEM management console. Note: The Microsoft API that allows UEM to connect to Intune is currently in Beta. Service interruptions could occur for this feature if Microsoft makes significant changes to the API.
Wearable devices: You can activate and manage certain Android-based, wearable devices in BlackBerry UEM. For example, you can manage Vuzix M300 Smart Glasses. Smart glasses provide users with hands-free access to visual information such as notifications, step-by-step instructions, images, and video and allow users to issue voice commands, scan bar-codes and use GPS navigation. Examples of BlackBerry UEM management capabilities that are supported include: Device activation using QR codes, IT policies, app management and location services.
Bulk updates: You can now send the following commands to multiple devices:
- Update device information
- Delete all device data
- Delete only work data
- Remove devices;
- Change device ownership
- Update OS (for supervised iOS devices
Upload a certificate: User credential profiles now allow administrators or users to upload a certificate to push to devices.
Customize the consoles: You can add a custom background image for the log in screen, a custom logo, and a custom name for BlackBerry UEM Self-Service.
User certificate upload: User credential profiles now allow users to upload certificates to BlackBerry UEM that can be associated with Wi-Fi, VPN, and email profiles.
Admin commands: The remove device command lets you remove a device from BlackBerry UEM.
License expiration date: The Licensing summary page in the management console now always displays the license expiration date instead of displaying the date only within the warning period.
User search: On the top right corner of the User > Managed devices screen, there is a User search link that you can use as an alternative method to search for users by name. Note that if you log out of the console when you are on the User search screen, when you log back into the console you will be returned to the User search screen.
Login notice: The character limit that can be used in the login notice for the BlackBerry UEM management console and BlackBerry UEM Self-Service has been increased. The maximum number of characters is now 50,000.
Notes field: A notes field has been added for users. Administrators can use the notes field to keep track of any special information about the user. This information is stored against the user object and not against an individual device. If the user is removed, the information in the notes field is also removed.
Password complexity: In Settings > General settings > Activation defaults, administrators can specify minimum or maximum password complexity for automatically generated activation passwords. Administrators can specify password length as well as if lowercase letters, uppercase letters, numbers, or special characters are required for the password.
Gatekeeping profile: You can now configure the gatekeeping servers in a gatekeeping profile instead of in an email profile. During an upgrade to BlackBerry UEM 12.7, gatekeeping profiles are automatically created if you previously configured gatekeeping in email profiles.
User role: A new ‘user role’ setting allows you to configure whether users have permission to create access keys in BlackBerry UEM Self-Service.
BlackBerry UEM Self-Service
Activation password email: You can configure BlackBerry UEM Self-Service to send an activation email to users when they create activation passwords using BlackBerry UEM Self-Service.
Event notifications: You can set up notifications so that emails are sent to administrators when certain events occur in BlackBerry UEM or on devices. For each event notification you can configure a recipient list, select the days and times to send notifications, and select an email template to use.
Monitor BlackBerry Work: You can monitor the performance of the BlackBerry Work app and choose the issues that you want to be reported.
New policy rules were added for BlackBerry UEM 12.7. To see the new rules, in the BlackBerry UEM Policy Reference Spreadsheet, in the ‘Introduced in BES12/BlackBerry UEM Version’ column, click the arrow and select 12.7.0.
App configuration: For Android email apps that support app configuration (such as BlackBerry Productivity Suite), you can configure the settings in an app configuration instead of in an Email profile. You must be using Android work profiles to use this feature.
List of installed apps: You can use an Enterprise Management Agent profile to specify whether BlackBerry UEM receives a list of apps that are installed in the user’s personal space on iOS, Android, Windows 10, and BlackBerry 10 devices in your environment. You can view the list of apps that are installed in a user’s personal space in the user account’s device details page or the Personal apps page. This feature is turned on by default on devices that use an activation type that supports it.
Viewing the list of personal apps installed in the user’s personal space is not supported on devices that are activated with the following activation types:
- User privacy
- Work and personal – user privacy
- Work and personal – user privacy – (Samsung KNOX)
- Work and personal – Regulated
- BlackBerry 2FA
App update notifications: Device users are notified of any new or updated apps. There is a new “Updated/New” tab in the Work Apps list and in the Work apps section of the BlackBerry UEM Client.
Apple VPP account: You can configure the VPP account to automatically update VPP apps on devices.
Restricted apps: For Samsung KNOX devices activated with Work and personal, users now have full control to create a compliance profile that enforces app restrictions in the personal space as well as the workspace.
VPP apps: You can associate VPP licenses to BlackBerry Dynamics app entitlements for iOS devices just as you can for other iOS apps. You can associate VPP licenses when you assign apps (or app groups) to users or user groups.
QR code activation: Users can activate iOS and Android devices using a QR code instead of an activation password. You can send the QR code in an activation email or users can create a QR code in BlackBerry UEM Self-Service.
Supervised devices: You can configure the activation profile to restrict devices in BlackBerry UEM that are not in supervised mode. If you restrict unsupervised devices, users cannot activate unsupervised devices whether they activate devices with the BlackBerry UEM Client or using DEP.
Logging: You can use the “Get device logs” command to retrieve device logs from iOS devices that have the BlackBerry UEM Client installed
Update OS and other new commands: You can send the following new commands to iOS devices.
- Update OS (supervised DEP devices running iOS 9 and later and supervised devices running iOS 10.3 and later)
- Restart device (supervised devices running iOS 10.3 and later)
- Turn off device (supervised devices running iOS 10.3 and later)
Android for Work: The BlackBerry UEM console and documentation is updated to reflect Google’s rebranding of Android for Work.
Logging: You can use the “Get device logs” command to retrieve device logs from Android devices that have the BlackBerry UEM Client installed.
Organizational message: You can send an organizational message to appear when the device is locked or restarted.
Wallpaper: You can set the wallpaper that displays on the device and the workspace.
Transferring contacts: Samsung KNOX Workspace devices support transferring contacts using the Bluetooth Phone Book Access Profile. This capability can be disabled by an IT policy rule.
App lock mode profile: You can use an app-lock mode to limit Windows 10 Enterprise and Windows 10 Education devices managed using MDM to run only one app. For example, you can limit access to a single app for training purposes or for point-of-sales demonstrations.
SCEP profile: Administrators can now select a SCEP profile to associate with a Wi-Fi profile for Windows 10 devices.
FIPS mode and AutoConnect: Administrators can now enable FIPS mode and AutoConnect for Windows 10 devices in a Wi-Fi profile. FIPS mode can be enabled when WPA2-Personal or WPA2-Enterprise security type and the AES encryption type are selected. Administrators may choose to allow the device to connect automatically to the Wi-Fi network when it is in range.
Reboot: Administrators can now restart a Windows 10 Mobile device running RS1 and later from the BlackBerry UEM console.
Windows Information Protection profile: Administrators can now configure additional options in Windows Information Protection profiles. For example, you can configure the work IP ranges that are considered to be part of the work network, any internal proxy servers to use when connecting to work network locations, and cloud resources that need to be protected, and a list of domains that can be used for work or personal resources.
Lock Down setting: Administrators can now enable the Lock Down setting in VPN profiles for Windows 10 devices. When this setting is enabled, the device must be connected to the VPN to have a network connection and cannot be disabled.
Apple TV: You can activate and manage Apple TV devices in BlackBerry UEM.
Certificates: BlackBerry Dynamics apps now support replacing certificates issued by BlackBerry Control with certificates issued by another CA.
PKI connector enhancements: User credential profiles now allow you to set certificate renewal and revocation options for certificates issued to users through the BlackBerry Dynamics PKI connector.
BlackBerry Dynamics Launcher
Shortcuts: You can add shortcuts to the BlackBerry Dynamics Launcher so that users can quickly access web links.
BlackBerry Dynamics SDK
No password required: With a security policy enforced by the BlackBerry Dynamics SDK and BlackBerry UEM, organizations can allow users to start mobile apps without requiring a password. The “No Password” feature is available on iOS, Android, macOS, and Windows 10 devices.