BES12 v12.2: What’s New for Enterprise Developers

ANNOUNCEMENTS / 07.15.15 / Ed Bourne

pic1BlackBerry Enterprise Service 12.2 (BES12.2) includes a number of new features with some interesting opportunities for Enterprise Developers.  Here are some developer notes on the items outlined in an earlier post.

The BES12 client on GooglePlay and Apple App Store has been updated to support the new features in BES12.2.

BlackBerry 10 and iOS both have Simple Certificate Enrollment Protocol (SCEP) clients that allow your BES to deploy certificates centrally using the SCEP protocol.   Android currently has no SCEP client.  Starting with the latest update to both the BES12 client and BES12.2, certificates can now be distributed to Android Secure Workspace (SWS), Android for Work (AfW) and Samsung KNOX.

Android for Work (AfW)
Starting with Android 5.1 (Lollipop MR1) you can now activate an Android for Work solution on your phone with BES12.2.  AfW does NOT require app wrapping. Almost any existing .apk file will work.  Any app on Google play can be whitelisted by the BES12.2 admin to appear in the secure part of AfW.   As awesome as this is, it does have a few differences from BB10 that Google requires.  Your enterprise must have a Google domain associated with it ( Your device must be encrypted (so ensure that your device isn’t underpowered if you’re upgrading to 5.1). An app being on Google Play is your only option for now. Currently, there is no ability to sideload or deploy an Enterprise app from BES as an AfW.

Samsung KNOX
Starting with KNOX 2.4 we now support the work container.  The experience is similar to BB10 or Android SWS (yes, it’s still being supported and even updated!).  Your device has a personal container and a work container.  No app wrapping is required to deploy to the KNOX workspace, similar to AfW, you just need a regular .apk file.  Like AfW you can whitelist apps from Google Play into your KNOX container, but you can also deploy an .apk from your BES, allowing Enterprise Apps to deploy directly into KNOX.  Like AfW there is no side-loading into the secure side of the device.  The KNOX container is encrypted, but the whole device doesn’t have to be.

It does have one unique feature; you can use an App Lock Mode to run only one app. This is useful for scenarios where the device is only performing one task.

Apple Device Enrolment Program (DEP) and Volume Purchase Program (VPP) are supported now with BES12.2.  While not strictly a development matter, the VPP program is unique, and makes for an easy way of billing for your apps in an enterprise environment over the more common tactic of selling Client Access Licenses.

BlackBerry Secure Connect Plus
This is the biggest single technical change to BES12 for developers. Look for a later blog post on this in more detail, but here is the key point. We now support UDP.

This new protocol replaces Mobile Data Service – Connection Service (MDS-CS) for end to end secure connectivity between the BES and BB10, AfW and KNOX devices.  Android SWS and iOS SWS continue to use BlackBerry Connection Protocol (BCP), which like MDS-CS is a TCP/IP only protocol.

So for those of you that have been waiting to deploy VOIP/stream audio/video/etc. over UDP, upgrade and go nuts!


For more detail on these items and other, I suggest you start with the Overview and What’s New Guide for BES12.2.

Ed Bourne

About Ed Bourne

Ed Bourne brings over 10 years of experience in mobility as a Sr. Enterprise Solutions Manager at BlackBerry. Ed manages the technical partnerships with some of our largest Strategic Partners and Customers, helping to foster BlackBerry expertise and bring a compelling mobile experience to our joint customers.