Overview and What's New Guide
Size: px
Start display at page:

Download "Overview and What's New Guide"

Transcription

1 Overview and What's New Guide BES12 Version 12.3

2 Published: SWD

3 Contents About this guide... 4 What is BES12?... 5 What's new in BES Key BES12 features...11 Key features for all device types Key features for each device type...16 Comparing BES12 with previous EMM solutions from BlackBerry Enterprise solution comparison chart Product documentation...27 Glossary Legal notice...30

4 About this guide About this guide 1 BES12 helps you manage ios, Android, Windows, and BlackBerry devices for your organization. This guide contains an overview of BES12, including its current features and describes how to manage the product lifecycle, from evaluation and licensing to day-to-day administration and maintenance, and which resources to consult for more in-depth information. This guide is intended for senior IT professionals who are responsible for evaluating the product as well as anyone who's interested in learning more about BES12. After you read this guide, you should understand the product's capabilities and the full set of technical resources available. 4

5 What is BES12? What is BES12? 2 BES12 is a multiplatform EMM solution from BlackBerry that provides comprehensive device, application, and content management with integrated security and connectivity. With BES12 you can: Manage BlackBerry 10, ios, Android (including devices that use Android for Work and Samsung KNOX), Windows (including Windows 10 tablets and computers), and BlackBerry OS (version 5.0 to 7.1) devices Use a simple web-based interface to manage BYOD, COPE, and COBO devices and protect business information Manage complex fleets of devices using comprehensive reporting and dashboards, dynamic filters, and robust search capabilities Keep mobile workers connected with the information that they need BES12 is the foundation to extend secure mobile productivity and collaboration within your organization beyond EMM. You can add the following services in your organization to meet your specific needs: WatchDox by BlackBerry: WatchDox is a secure, easy-to-use, file-sharing solution that allows users to access, synchronize, and edit their files and folders and share them with others from any computer. WorkLife by BlackBerry: WorkLife is a Virtual SIM Platform (VSP) that separates work numbers and personal numbers on BlackBerry 10, ios, and Android devices, making it easy for your organization to separate and split the cost of voice minutes, SMS, and data between your organization and its employees. VPN Authentication by BlackBerry: VPN Authentication is a two-factor VPN authentication solution that uses your users' BlackBerry 10, ios, Android, and BlackBerry OS (version 6.0 to 7.1) devices as the second-factor for authentication providing strong security based on PKI authentication. BBM Meetings: BBM Meetings is a cloud-based collaboration tool that allows your users to schedule, host, and participate in meetings from their devices, phones, or computers. 5

6 What's new in BES12 What's new in BES12 3 Management console Send an to users: You can send an to multiple users directly from the management console. The users must have an address associated with their account. Customize the user list: In the management console, you can toggle between default and advanced views to see options for displaying information and filtering the user list. Change the language for automated messages: In the management console, you can change the language for automated messages. BES12 uses the language that you specify in messages that you cannot edit (for example, administrator access and console password messages). Export IT policies from BES12: You can export IT policies to an.xml file. You can select the IT policies that you want to export. Copy profiles in BES12: You can copy existing profiles to quickly create similar profiles for different groups in your organization. You cannot copy certificate retrieval profiles, device SR requirements profiles, user credential profiles, or web icon profiles. Select activation template when onboarding users: You can select an activation template to use when on-boarding new directory users. Create custom organization notices: You can configure BES12 to display custom organization notices on BlackBerry 10, Windows 10, or ios devices. For example, during activation you can choose to display the conditions that a user must follow to comply with your organization s security requirements. The user must accept the notice to continue the activation process. View Secure Work Space app status on User details screen: You can view all Secure Work Space apps assigned to a user the installation status of the apps on the User details screen. For more information about the management console, see the Administration content. Windows 10 Activate Windows 10 devices: You can use BES12 to manage Windows 10 devices, including Windows 10 Mobile devices and Windows 10 tablets and computers. Silver licenses are required to activate Windows 10 devices. Set up VPN and Wi-Fi work connections, including proxy support for Windows 10 devices: You can configure VPN and Wi-Fi work connections for Windows 10 devices, including proxy server support. Set up proxy server for Windows 10 Mobile devices: You can set up a proxy server as part of the Wi-Fi profile for Windows 10 Mobile devices. Locate devices: BES12 supports device location for Windows 10 Mobile devices. You can view the current locations of Windows 10 Mobile devices on a map in the management console. You can also allow users to locate their Windows 10 Mobile devices on a map in BES12 Self-Service. 6

7 What's new in BES12 Notifications for Windows devices: Using the Windows Push Notification Services (WNS), BES12 notifies Windows devices that there are new policies and profiles for the device instead of waiting for the device to contact BES12 on a polling schedule. SCEP support for Windows 10 devices: BES12 supports SCEP profiles for Windows 10 devices. You can assign SCEP profiles to these devices by associating them with an profile. They can then request and obtain client certificates for a SCEP-compliant CA used by your organization. The SCEP profile must be associated with an profile before BES12 sends it to a Windows 10 device. For more information about managing Windows 10 Mobile devices and Windows 10 tablets and computers, see the Administration content. ios AirPrint profiles: You can configure AirPrint profiles and assign them to devices so that users don t have to configure printers manually. The AirPrint profile can help users find printers that support AirPrint, are accessible to them, or for which they have the required permissions. AirPlay profiles: You can use AirPlay profiles to set passwords for specific AirPlay devices to make sure only authorized users can access them. You can also create an allowed list of destination devices to make sure that supervised ios devices connect only to the AirPlay devices you specify. Set wallpaper on devices: You can set wallpaper for ios devices from the BES12 management console. When you create a device profile for ios devices, you can select a custom image to display on ios devices. You can use the wallpaper image to provide information for your users or to display your organization s logo. ios device location history: BES12 supports device location history for ios devices. You can view the current or previous locations of up to 100 ios devices at one time on a map in the management console. You can track the previous location of any ios device and store the location history for a specified period that you specify. Work Apps icon: You can customize the image and name for the Work Apps icon on ios devices. Convert installed personal apps to work apps: If an app is already installed on ios 9 or later devices, you can convert an app to a work app. After you add the app to BES12 and you assign the app to a user, the app can be converted to a work app and managed by BES12. Control network usage for work apps: You can create a profile to control how work apps on ios 9 or later devices use the network. A network usage profile controls whether an app can use data over the wireless network or while the device is roaming. CalDAV and CardDAV support: You can use CardDAV and CalDAV profiles to allow ios devices to access contact and calendar information on a remote server. Multiple devices can access the same information. Apple DEP enrollment configuration improvements: You can prevent users from closing the Setup Assistant before the device is configured. You can specify that users can skip the following extra panes during setup: Biometric, Payment, and Zoom. New IT policy rules for ios 9 or later: BES12 includes several new IT policy rules for devices using ios 9 or later. 7

8 What's new in BES12 Updates to profile settings for ios 9 or later: BES12 includes several new profile settings for ios 9 or later, including the following: profile: Allow Mail Drop VPN profile: Connection type: IKEv2 Wi-Fi profile: Inner authentication: EAP For more information about managing ios devices, see the Administration content. Android Activate a device with the Work space only (Android for Work) activation types: You can activate Android devices that are running Android OS 5.1 (Lollipop) or later with two new Android for Work activation types. The Work space only (Android for Work) activation type activates the device with a work profile and no personal profile. The Work space only (Android for Work - Premium) activation type activates the device with a work profile and no personal profile. It allows the device to use BlackBerry Secure Connect Plus. Silver licenses are required to activate devices with the Work space only (Android for Work) activation type. Gold or Gold - Flex licenses are required to activate devices with the Work space only (Android for Work - Premium) activation type. Activate a device with the Work and personal - user privacy (Samsung KNOX) activation type: You can activate Android devices with a new Samsung KNOX activation type. The Work and personal - user privacy (Samsung KNOX) activation type activates the device with a work space and a personal space. Administrators can use IT administration commands and IT policy rules to manage work data but personal data is kept private. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. Gold - KNOX Workspace or Gold - Flex licenses are required to activate devices with the Work and personal - user privacy (Samsung KNOX) activation type. Use proxy profiles with Samsung KNOX Workspace devices: If your organization uses proxy servers, you can associate proxy profiles with enterprise connectivity or VPN profiles. Samsung KNOX Workspace devices can then connect to proxy servers when they connect to work networks using BlackBerry Secure Connect Plus or connect to work VPNs. You can use proxy profiles with manual configuration or PAC configuration, depending on the version of KNOX that devices use. Manage internal apps on Android for Work devices: You can manage internal apps on Android for Work devices. You can host internal apps for Android for Work devices using BES12 or Google Play. Select the productivity apps used on BlackBerry smartphones powered by Android that use Android for Work: You can select either the BlackBerry Productivity Suite or Divide Productivity apps to be used on BlackBerry smartphones powered by Android that use Android for Work. For more information about managing Android devices, see the Administration content. 8

9 What's new in BES12 BlackBerry 10 Allow users to deactivate devices: This new IT policy rule specifies if the user can deactivate their device and wipe all work data. If this rule is deselected, users cannot delete the work space from a BlackBerry Balance device or wipe a work space only device. This setting applies to BlackBerry 10 devices running BlackBerry 10 OS version and later that are activated with the following activation types: Work space only Work and personal - Regulated For more information about managing BlackBerry 10 devices, see the Administration content. Profiles Enterprise Management Agentz profile: You can use Enterprise Management Agentprofiles to specify under what conditions a BlackBerry 10, ios, Android, or Windows 10 device contacts BES12 for updates. You can assign Enterprise Management Agent profiles to users, user groups, and device groups. For more information about IT policy rules or profiles, see the Administration content. WorkLife Manage WorkLife by BlackBerry in BES12: WorkLife by BlackBerry is a Virtual SIM Platform (VSP) that allows organizations to separate work numbers and personal numbers on BlackBerry 10, ios, and Android devices. You can manage the WorkLife by BlackBerry plug-in in the BES12 management console. For more information on installing and managing WorkLife in BES12, see the WorkLife by BlackBerry content. Licensing License compliance: BES12 enforces license compliance for the domain. When the domain is out of compliance, you cannot activate devices using Server or SIM licenses of any license type, even if licenses are available for some license types. SIM licenses: If applicable, SIM licenses appear in license information on the Licensing summary page and in the user's device details shortly after device activation. If you activate an ios device with the Work and personal - user privacy activation type, you can select "Allow query of network information for SIM licenses" in the activation profile to enable SIM-based licensing. This allows BES12 to provide an MDM profile to the BES12 Client that can access only the SIM card and device hardware information that is required to check if an appropriate SIM license is available (for example, ICCID and IMEI). For more information about licensing, see the Licensing content. 9

10 What's new in BES12 IT policies National Information Assurance Partnership (NIAP): BES12 includes new IT policy rules to help devices meet NIAP common criteria. For more information about IT policy rules or profiles, see the Administration content. Installation and migration Supported migration to BES12 version 12.3: You can now select which IT policies, profiles, and groups you want to migrate to BES12. Supported upgrades to BES12 version 12.3: You can use the setup application to upgrade BES12 version 12.1 and later to BES12 version If you have BES12 version 12.0, you must first upgrade to BES12 version 12.1 or version 12.2 before you can upgrade to BES12 version 12.3.You can use the setup application to upgrade from BES5 to BES12. You can install BES12 and migrate IT policies, profiles, groups, users, and devices from BES10 to BES12. For more information about installation and upgrades for BES12, see the Installation and upgrade content. BlackBerry Collaboration Service Connect your organization's instant messaging server to BES12: BlackBerry Collaboration Service 12 version 12.3 now supports Skype for Business and certificate-based authentication. The BlackBerry Collaboration Service is available as a separate installation. For more information about the BlackBerry Collaboration Service, see the BlackBerry Collaboration Service content. 10

11 Key BES12 features Key BES12 features 4 Feature Multiplatform device management Single, intuitive UI Trusted and secure experience Separate work and personal needs Description You can manage ios, Android, Windows, and BlackBerry devices. You can view all devices in one place and access all management tasks in a single, web-based UI. You can share administrative duties with multiple administrators who can access the management console at the same time. You can toggle between default and advanced views to see options for displaying information and filtering the user list. Device controls give you precise management of how devices connect to your network, what capabilities are enabled, and what apps are available. Whether the devices are owned by your organization or your users, you can protect your organization's information. You can manage devices using Android for Work, Samsung KNOX, BlackBerry Balance, and Secure Work Space technologies that are designed to make sure that personal information and work information are kept separate and secure on devices. If the device is lost or the employee leaves the organization, you can delete only work-related information or all information from the device. You can manage the WorkLife by BlackBerry plug-in in the BES12 management console. WorkLife by BlackBerry is a Virtual SIM Platform (VSP) that allows you to separate work numbers and personal numbers on BlackBerry 10, ios and Android devices. For more information on installing and managing WorkLife in BlackBerry, see the WorkLife by BlackBerry content. Secure IP connectivity Simple user self-service You can use BlackBerry Secure Connect Plus to provide a secure IP tunnel between work space apps on BlackBerry 10, Samsung KNOX Workspace, and Android for Work devices and your organization s network. This tunnel gives users access to work resources behind the organization s firewall while making sure the security of data using standard IPv4 protocols (TCP and UDP) and end-to-end encryption. BES12 Self-Service reduces support requests and lowers IT costs for your organization while giving users the option to manage their devices in a timely manner. Using BES12 Self-Service, users can perform tasks like activating or switching devices, changing their device passwords remotely, deleting device 11

12 Key BES12 features Feature Description data, or lock their lost or stolen devices, and address other critical support requirements. Powerful app management Role-based administration Company directory integration BES12 is a comprehensive app management platform for all devices. You can deploy apps from all major app stores, including App Store, Google Play, Windows Store, and BlackBerry World storefront. You can share administrative duties with multiple administrators who can access the administration consoles at the same time. You can use roles to define the actions that an administrator can perform and reduce security risks, distribute job responsibilities, and increase efficiency by limiting the options available to each administrator. You can use predefined roles or create your own custom roles. You can use local, built-in user authentication to access the management console and self-service console, or you can integrate with the Microsoft Active Directory or LDAP company directories that you use in your organization's environment (for example, IBM Domino Directory). BES12 supports connections to multiple directories. You can have any combination of both Microsoft Active Directory and LDAP. You can also configure BES12 to automatically synchronize the membership of a directory-linked group to its associated company directory groups when the scheduled synchronization occurs. 12

13 Key features for all device types Key features for all device types 5 Feature Activate devices Description When you activate a device, you associate the device with your organization's environment so that users can access work data on their devices. You can activate a device with just an address and activation password. You can allow users to activate devices themselves or you can activate devices for users and then distribute the devices. All device types can be activated over the wireless network. Manage devices You can view all devices in one place and access all management tasks in a single, web-based UI. You can manage multiple devices for each user account and view the device inventory for your organization. You can perform the following actions if the actions are supported by the device: Lock the device, change the device or work space password, or delete information from the device Connect the device securely to your organization's mail environment, using Microsoft Exchange ActiveSync for and calendar support Control how the device can connect to your organization's network, including Wi-Fi and VPN settings Configure single sign-on for the device so that it authenticates automatically with domains and web services in your organization's network Control the capabilities of the device, such as setting rules for password strength and disabling functions like the camera Manage app availability on the device, including specifying app versions and whether the apps are required or optional Search app stores directly for apps to assign to devices Install certificates on the device and optionally configure SCEP to permit automatic certificate enrollment Extend security using S/MIME or PGP Manage groups of users, apps and devices Control which devices can access Microsoft Exchange ActiveSync Groups simplify the management of users, apps, and devices. You can use groups to apply the same configuration settings to similar user accounts or similar devices. You can assign different groups of apps to different groups of users, and a user can be a member of several groups. You can use gatekeeping in BES12 to ensure that only devices managed by BES12 can access work and other information on the device and meet your organization's security policy. 13

14 Key features for all device types Feature Control how devices connect to your organization's resources Manage work apps Description You can use an enterprise connectivity profile to control how apps on devices connect to your organization s resources. When you enable enterprise connectivity, you avoid opening multiple ports in your organization's firewall to the Internet for device management and third-party applications such as the mail server, certification authority, and other web servers or content servers. Enterprise connectivity sends all traffic through the BlackBerry Infrastructure to BES12 on port On all managed devices, work apps are apps that your organization makes available for its users. You can search the app stores directly for apps to assign to devices. You can specify whether apps are required on devices, and you can view whether a work app is installed on a device. Work apps can also be proprietary apps that were developed by your organization or by thirdparty developers for your organization's use. Enforce your organization's requirements for devices Send an to users Create or import many user accounts with a.csv file View reports of user and device information Certificate-based authentication You can use a compliance profile to help enforce your organization's requirements for devices, such as not permitting access to work data for devices that are jailbroken, rooted, or have an integrity alert, or requiring that certain apps be installed on devices. You can send a notification to users to ask them to meet your organization's requirements, or you can limit users' access to your organization's resources and applications, delete work data, or delete all data on the device. You can send an to multiple users directly from the management console. The users must have an address associated with their account. You can import a.csv file into BES12 to create or import many user accounts at once. Depending on your requirements, you can also specify group membership and activation settings for the user accounts in the.csv file. The reporting dashboard displays an overview of your BES12 environment. For example, you can view the number of devices in your organization sorted by service provider. You can view details about users and devices, export the information to a.csv file, and access user accounts from the dashboard. You can send certificates to devices using certificate profiles. These profiles help to restrict access to Microsoft Exchange ActiveSync, Wi-Fi connections, or VPN connections to devices that use certificate-based authentication. Manage licenses for specific features and device controls You can manage licenses and view detailed information for each license type, such as usage and expiration. The license types that your organization uses determine the devices and features that you can manage. You must activate licenses before you can activate devices. Free trials are available so that you can try out the service. EMM SIM-Based Licensing EMM SIM-Based Licensing is an alternative licensing model that allows you to buy licenses from your service provider instead of from BlackBerry. This option allows you to pay for licenses for 14

15 Key features for all device types Feature Description BlackBerry 10, ios, Android, and Windows devices as part of your existing plan with your service provider. For more information about licensing, see the licensing content. 15

16 Key features for each device type Key features for each device type 6 ios devices Feature Manage work information separately on an ios device using Secure Work Space Run app lock mode Filter web content on ios 7 and later devices Link Apple VPP accounts to a BES12 domain Apple Device Enrollment Program Description Secure Work Space provides additional security for work data on ios devices. Using containerization and app wrapping, these technologies make sure that personal and work information and apps are kept separate on devices by creating a personal space and a work space and providing full management of the work space. You can choose whether you want control of the work space and personal space, or control of just the work space, to ensure user privacy. On ios devices that are supervised using Apple Configurator, you can use an app lock mode profile to limit the device to run only one app. For example, you can limit access to a single app for training purposes or for point-of-sales demonstrations. For devices that run ios 7.0 and later, you can use web content filter profiles to limit the websites that a user can view on a device. You can enable automatic filtering with the option to allow and restrict websites, or allow access only to specific websites. The Volume Purchase Program (VPP) allows you to buy and distribute ios apps in bulk. You can link Apple VPP accounts to a BES12 domain so that you can distribute purchased licenses for ios apps associated with the VPP accounts. You can configure BES12 to use Apple's Device Enrollment Program so that you can synchronize BES12 with DEP. After you configure BES12, you can use the BES12 management console to manage the activation of the ios devices that your organization purchased for the DEP. For more information about configuring BES12 and activating ios devices that are enrolled in DEP, see the Configuration and the Administration content. Use custom payload profiles You can use custom payload profiles to control features on ios devices that are not controlled by existing BES12 policies or profiles. You can create Apple configuration profiles using Apple Configurator and add them to BES12 custom payload profiles. You can assign the custom payload profiles to users, user groups, and device groups. 16

17 Key features for each device type Android devices Feature Manage devices using Android MDM Description Android MDM uses the basic management options that are native to the Android OS to manage the device. A separate, protected container is not created. For more information about managing devices using Android MDM, see the Administration content. Manage work information separately on Android devices using Secure Work Space Secure Work Space provides additional security for work data on Android devices. Using containerization and app wrapping, these technologies make sure that personal and work information and apps are kept separate on devices by creating a personal space and a work space and providing full management of the work space. You can choose whether you want control of the work space and personal space, or control of just the work space, to ensure user privacy. Manage devices using KNOX MDM and KNOX Workspace BES12 can manage Samsung devices using Samsung KNOX MDM and Samsung KNOX Workspace. KNOX Workspace provides an encrypted, password-protected container on a Samsung device that includes your work apps and data. It separates a user s personal apps and data from your organization s apps and data and protects your apps and data using enhanced security and management capabilities that Samsung developed. When a device is activated, BES12 automatically identifies whether the device supports KNOX. In addition to the standard Android management capabilities, BES12 includes the following management capabilities for devices that support KNOX: An enhanced set of IT policy rules Enhanced application management including silent app installations and uninstallations, silent uninstallations of restricted apps, and prohibitions to installing restricted apps App lock mode For more information about supported devices, see the Compatibility matrix. For more information about KNOX, visit For more information about managing devices using KNOX, see the Administration content. Manage devices using Android for Work You can activate Android devices that run Android OS 5.1 or later to use Android for Work. Android for Work is a feature developed by Google that provides additional security for organizations that want to manage Android devices and allow their data and apps on Android devices. For more information about managing devices using Android for Work, see the Administration content. 17

18 Key features for each device type Windows devices Feature Support for Windows 10 devices Proxy support for Windows 10 devices Description You can manage Windows 10 devices, including Windows 10 Mobile devices and Windows 10 tablets and computers. Silver licenses are required to activate Windows 10 devices. You can configure VPN and Wi-Fi work connections for Windows 10 devices and you can set up a proxy server as part of the Wi-Fi profile for Windows 10 Mobile devices. BlackBerry 10 devices Feature Manage work information separately on a BlackBerry 10 device Description BlackBerry Balance technology makes sure that personal and work information and apps are separated on BlackBerry 10 devices. It creates a personal space and a work space and provides full management of the work space. For government and regulated industries that want to lock the device down further, additional options include full control over the work space and some control over the personal space, or you can create only a work space on the device to give your organization full control over the device. 18

19 Comparing BES12 with previous EMM solutions from BlackBerry Comparing BES12 with previous EMM solutions from BlackBerry 7 EMM solution Supported device types Description BES12 ios (including DEP devices) Android (including Android for Work and Samsung KNOX) Windows Phone Windows 10 Windows 10 Mobile You can manage the server, user accounts, and all device types with a single UI, the management console. The software architecture has been simplified for easier management, increased scalability, and additional multiplatform features. For high availability, you can install additional active servers that share the management load automatically. To manage BlackBerry (version 5.0 to 7.1) devices with BES12, you must upgrade from BES5 to BES12. BlackBerry 10 BlackBerry OS (version 5.0 to 7.1) BlackBerry Enterprise Service 10 BlackBerry PlayBook ios Android BlackBerry 10 BlackBerry OS (version 5.0 to 7.1) You can manage the server, devices, and user accounts with dedicated, advanced UIs for different device types. You can also use BlackBerry Management Studio as a single, unified UI for basic administration of all devices. For high availability, you can install standby instances of the server. To manage BlackBerry OS (version 5.0 to 7.1) devices, you can install BlackBerry Enterprise Service 10 on the same computer as BlackBerry Enterprise Server 5.0 SP4 and use BlackBerry Management Studio for basic administration. BlackBerry Enterprise Server 5 BlackBerry OS (version 5.0 to 7.1) You can manage the server, devices, and user accounts with the BlackBerry Administration Service. For high availability, you can install standby instances of most server components. 19

20 Enterprise solution comparison chart Enterprise solution comparison chart 8 This quick reference compares supported devices and features across BES12 version 12.3, BES10 version 10.2, and BES5 version For more information about OS compatibility, see the Compatibility matrix. Device activation Feature BES5 version BES10 version 10.2 BES12 version 12.3 Supported device types Supports devices running BlackBerry OS Supports: BlackBerry 10 Supports: BlackBerry 10 BlackBerry PlayBook BlackBerry OS* Android ios Android (including Android for Work and Samsung KNOX) ios (including DEP devices**) Windows Phone Windows 10 Windows 10 Mobile Activation methods Supports wireless activation: Over the mobile network Supports wireless activation: Over the mobile network Supports wireless activation: Over the mobile network Over a Wi-Fi network Over a Wi-Fi network Over a Wi-Fi network Supports wired activation for BlackBerry OS devices using: BlackBerry Administration Service BlackBerry Desktop Software BlackBerry Web Desktop Manager Supports wired activation for BlackBerry 10 devices and BlackBerry PlayBook tablets using: BlackBerry Administration Service BlackBerry Web Desktop Manager Supports wired activation for BlackBerry 10 devices using: BlackBerry Wired Activation Tool Supports wired activations for Windows 10 using LAN/Ethernet 20

21 Enterprise solution comparison chart Feature BES5 version BES10 version 10.2 BES12 version 12.3 Simplified wireless activation using the BlackBerry Infrastructure Wired activation for more than one device at a time Activation types Supports: Supports: Supports: BlackBerry Balance (optional) Work and personal - Corporate (BlackBerry Balance) Work and personal - Corporate (BlackBerry Balance) Work and personal - Regulated (Regulated BlackBerry Balance) Work and personal - Regulated (Regulated BlackBerry Balance) Work space only Work space only Work and personal - user privacy (Secure Work Space) Work space only - (Samsung KNOX) Work and personal - full control (Secure Work Space) Work space only (Android for Work) MDM controls Work space only (Android for Work - Premium) Work and personal - user privacy Work and personal - user privacy (Secure Work Space) Work and personal - user privacy - (Samsung KNOX) Work and personal - user privacy (Android for Work) Work and personal - user privacy (Android for Work - Premium) Work and personal - full control 21

22 Enterprise solution comparison chart Feature BES5 version BES10 version 10.2 BES12 version 12.3 Work and personal - full control (Secure Work Space) Work and personal - full control (Samsung KNOX) MDM controls * Requires an upgrade from BES5. ** BES12 must be configured to use Apple's Device Enrollment Program. , calendar, and contacts synchronization Feature BES5 version BES10 version 10.2 BES12 version 12.3 Supported messaging environments Supports: Microsoft Exchange IBM Domino Novell GroupWise Supports messaging environments that support Exchange ActiveSync* Supports messaging environments that support Exchange ActiveSync* Additional support for Microsoft Exchange and IBM Domino for BlackBerry OS devices.** * For more information about supported messaging environments, see the Compatibility matrix. ** Requires an upgrade from BES5. Console features Feature BES5 version BES10 version 10.2 BES12 version 12.3 Unified management console to manage BlackBerry 10, BlackBerry OS, ios, Android, Windows Phone, Windows 10 Mobile, and Windows 10 devices Limited Custom administrative roles Limited Self-service console for device users 22

23 Enterprise solution comparison chart Feature BES5 version BES10 version 10.2 BES12 version 12.3 Company directory integration Supports: Microsoft Active Directory LDAP Supports: Microsoft Active Directory LDAP Supports: Microsoft Active Directory LDAP Synchronization of users and groups from the company directory * Limited* Local user accounts Dashboard reporting Device detail reporting Device location ios and Windows 10 Mobile devices only Administration auditing High availability support Active-passive Active-passive Active-active Languages Supports: Supports: Supports: English English English Brazilian Portuguese French French German German Japanese Italian Japanese Spanish * Requires the BlackBerry Directory Sync Tool. 23

24 Enterprise solution comparison chart Security features Feature BES5 version BES10 version 10.2 BES12 version 12.3 Enhanced encryption Supports: S/MIME PGP NNE Supports S/MIME on BlackBerry 10 devices and ios devices only Supports: S/MIME on ios,android, BlackBerry 10, and BlackBerry OS devices * PGP on BlackBerry 10 and BlackBerry OS devices * NNE on ios, Android, Windows Phone, and BlackBerry 10 devices Separation between personal space and work space on the device Protection for lost and stolen devices Apply IT policy rules to control device capabilities Certificate enrollment for devices Secure connection to your intranet (through the BlackBerry Infrastructure) ** ** Configure TCP proxy for apps in the work space to connect to the BlackBerry Infrastructure End-to-end encrypted IP traffic between device and organization's network using BlackBerry Secure Connect Plus Supports: BlackBerry 10 devices KNOX Workspace devices Android for Work devices 24

25 Enterprise solution comparison chart Feature BES5 version BES10 version 10.2 BES12 version 12.3 Gatekeeping to control which devices can access Exchange ActiveSync Restrict activations by device model * Support for S/MIME and PGP on BlackBerry OS devices requires an upgrade from a BES5 server. Support for S/MIME on Android devices requires Secure Work Space. ** Requires Secure Work Space for ios and Android devices. Application management features Feature BES5 version BES10 version 10.2 BES12 version 12.3 Assign public and internal apps * * Manage groups of apps Restrict app installation on devices Search for and add apps from the management console Manage device OS updates Supports BlackBerry 10 devices only Supports: BlackBerry 10 devices BlackBerry OS devices ** Manage app licenses Supports Apple VPP for ios devices only * Optional applications are made available in BlackBerry World for Work on BlackBerry 10 devices. Required and optional applications are made available in Work Apps and the BES12 Client on Android and ios devices. Only public apps can be distributed for devices that use Android for Work. ** Ability to allow or disallow OS updates using only an IT policy requires an upgrade from BES5. 25

26 Enterprise solution comparison chart Support for additional mobility software Feature BES5 version BES10 version 10.2 BES12 version 12.3 Instant messaging environments for work Supports: IBM Sametime versions 7.5 to 8.5 Microsoft Office Communications Server 2007 Microsoft Office Communications Server 2007 R2 Supports BlackBerry 10 devices only in the following environments: IBM Sametime version 8.5 Microsoft Office Communications Server 2007 R2 Microsoft Lync Server 2010 Supports BlackBerry 10 and BlackBerry OS devices only in the following environments*: IBM Sametime version 8.5 to 9.0 Microsoft Lync Server 2010 Microsoft Lync Server 2013 Microsoft Lync Server 2010 Microsoft Lync Server 2013 Microsoft Lync Server 2013 Skype for Business (BlackBerry 10 devices only) Novell GroupWise Messenger VPN Authentication by BlackBerry BBM Protected BlackBerry Blend WatchDox by BlackBerry WorkLife by BlackBerry * Support for BlackBerry OS devices requires an upgrade from BES5. More information For more information, visit help.blackberry.com/detectlang/category/enterprise-services/ to read the overview and compatibility content for enterprise mobility management solutions from BlackBerry. 26

27 Product documentation Product documentation 9 Resource Description Overview and what's new Introduction to BES12 and its features Finding your way through the documentation Architecture Descriptions of BES12 components Descriptions of activation and other data flows, such as configuration updates and , for different types of devices Architecture and data flows Descriptions of BES12 components Descriptions of activation and other data flows, such as configuration updates and , for different types of devices Release notes and advisories Descriptions of known issues and potential workarounds Installation and upgrade System requirements Planning BES12 deployment for an installation or an upgrade from BES5 or BES10 Installation instructions Upgrade instructions Licensing Instructions to obtain, activate, and manage licenses Configuration Descriptions of different types of licenses Instructions for activating and managing licenses Instructions for how to configure server components before you start administering users and their devices Instructions for migrating BES10 data from an existing BES10 database Administration Basic and advanced administration for all supported device types, including BlackBerry 10 devices, ios devices, Android devices, Windows devices and BlackBerry OS (version 5.0 to 7.1) and earlier devices Instructions for creating user accounts, groups, roles, and administrator accounts Instructions for activating devices 27

28 Product documentation Resource Description Instructions for creating and assigning IT policies and profiles Instructions for managing apps on devices Descriptions of profile settings Descriptions of IT policy rules for BlackBerry 10 devices, ios devices, Android devices, Windows devices and BlackBerry OS (version 5.0 to 7.1) and earlier devices Security Description of the security maintained by BES12, the BlackBerry Infrastructure, and BlackBerry 10 devices to protect data and connections Description of the BlackBerry 10 OS Description of how work data is protected on BlackBerry 10 devices when you use BES12 Description of the security maintained by BES12, the BlackBerry Infrastructure, and ios, Android, and Windows devices activated on BES12 to protect data at rest and in transit Description of how work space apps are protected on work space-enabled devices when you use BES12 Compatibility matrix List of supported operating systems, database servers, browsers, and mobile operating systems for the BES12 server List of mail servers for BES12 Secure Work Space List of supported Samsung KNOX operating systems List of supported Android for Work operating systems List of mail servers for BlackBerry 10 OS 28

29 Glossary Glossary 10 BES5 BlackBerry Enterprise Server 5 BES12 BlackBerry Enterprise Service 12 BYOD CA COBO COPE ECMQV EMM IT policy LDAP LAN MDM PGP/MIME SCEP S/MIME TCP TCP/IP UDP VPN WNS bring your own device certification authority corporate-owned, business only corporate-owned, personal enabled Elliptic Curve Menezes-Qu-Vanstone Enterprise Mobility Management An IT policy consists of various IT policy rules that control the security features and behavior of BlackBerry smartphones, BlackBerry PlayBook tablets, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager. Lightweight Directory Access Protocol local area network mobile device management PGP Multipurpose Internet Mail Extensions simple certificate enrollment protocol Secure Multipurpose Internet Mail Extensions Transmission Control Protocol Transmission Control Protocol/Internet Protocol (TCP/IP) is a set of communication protocols that is used to transmit data over networks, such as the Internet. User Datagram Protocol virtual private network Windows Push Notification Services 29

30 Legal notice Legal notice BlackBerry. Trademarks, including but not limited to BLACKBERRY, EMBLEM Design, BBM, BES, MANYME, VIRTUAL SIM PLATFORM, WORKLIFE, MOVIRTU, SECUSMART, SECUSMART & Design, SECUSUITE, WATCHDOX, WATCHDOX & Design and WATCHDOX & EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or affiliates, used under license, the exclusive rights to which are expressly reserved. Android, Google and Google Apps are trademarks of Google Inc. Apple Configurator is a trademark of Apple Inc. ios is a trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. ios is used under license by Apple Inc. IBM and Domino are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. KNOX and Samsung KNOX are trademarks of Samsung Electronics Co., Ltd. Microsoft, Active Directory, SQL Server, ActiveSync, Windows, and Windows Phone are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Skype is a trademark of Skype Corporation. Wi-Fi is a trademark of the Wi-Fi Alliance. All other trademarks are the property of their respective owners. This documentation including all documentation incorporated by reference herein such as documentation provided or made available on the BlackBerry website provided or made accessible "AS IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation, or warranty of any kind by BlackBerry Limited and its affiliated companies ("BlackBerry") and BlackBerry assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or omissions in this documentation. In order to protect BlackBerry proprietary and confidential information and/or trade secrets, this documentation may describe some aspects of BlackBerry technology in generalized terms. BlackBerry reserves the right to periodically change information that is contained in this documentation; however, BlackBerry makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all. This documentation might contain references to third-party sources of information, hardware or software, products or services including components and content such as content protected by copyright and/or third-party websites (collectively the "Third Party Products and Services"). BlackBerry does not control, and is not responsible for, any Third Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement by BlackBerry of the Third Party Products and Services or the third party in any way. EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NON- INFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENT THEY CANNOT BE 30

31 Legal notice EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL BLACKBERRY BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON- PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH BLACKBERRY PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF BLACKBERRY PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF BLACKBERRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, BLACKBERRY SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY. THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT CONTRACTORS. IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF BLACKBERRY OR ANY AFFILIATES OF BLACKBERRY HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION. Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that your airtime service provider has agreed to support all of their features. Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with BlackBerry's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights. You are solely responsible for determining whether to use Third Party Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with BlackBerry's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by BlackBerry and BlackBerry assumes no liability whatsoever, in relation thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or other agreement with BlackBerry. The terms of use of any BlackBerry product or service are set out in a separate license or other agreement with BlackBerry applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN 31

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information