BlackBerry Enterprise Service 12.3 (BES12.3) is a service pack (SP) update for BES12. There were a number of key new features for developers in 12.2., while there isn’t a single big change similar to what was the BlackBerry Secure Connect plus introduction, there are quite a few key new items developers will want to check out.
For iOS developers, the BES admin can set whether an app is allowed by app ID to use data roaming on wifi, cellular or both with the new network usage policy. Your app can be limited by the policy so you don’t have to build that feature if required by enterprise.
For Android developers on AfW (Android for Work) we support internal apps hosted on BES.
Windows 10
With the arrival of Windows 10 Continuum and Apples recent launch of the iPad pro the blurring of what constitutes a full computer and what is a tablet or mobile continues, and we now join in with this thinking.
MDM support for Windows 10. Note this is not just windows phone. This means that BES will now support Microsoft’s latest OS both on mobiles/tablets and computers. When your BES Admin now adds Windows activation, we support the form factors of “Phone” and “Tablet or computer”. This is an MDM support model, so there is no separate secure container.
Here is the full list of goodies you can look for with Windows 10, and the rest:
Set up VPN and Wi-Fi work connections, including proxy support for Windows 10 devices: You can configure VPN and Wi-Fi work connections for Windows 10 devices, including proxy server support.
Set up proxy server for Windows 10 Mobile devices: You can set up a proxy server as part of the Wi-Fi profile for Windows 10 Mobile devices.
Locate devices: BES12 supports device location for Windows 10 Mobile devices. You can view the current locations of Windows 10 Mobile devices on a map in the management console. You can also allow users to locate their Windows 10 Mobile devices on a map in BES12 Self-Service.
Notifications for Windows devices: Using the Windows Push Notification Services (WNS), BES12 notifies Windows devices that there are new policies and profiles for the device instead of waiting for the device to contact BES12 on a polling schedule.
SCEP support for Windows 10 devices: BES12 supports SCEP profiles for Windows 10 devices. You can assign SCEP profiles to these devices by associating them with an email profile. They can then request and obtain client certificates for a SCEP-compliant CA used by your organization. The SCEP profile must be associated with an email profile before BES12 sends it to a Windows 10 device.
iOS
AirPrint profiles: You can configure AirPrint profiles and assign them to devices so that users don’t have to configure printers manually. The AirPrint profile can help users find printers that support AirPrint, are accessible to them, or for which they have the required permissions.
AirPlay profiles: You can use AirPlay profiles to set passwords for specific AirPlay devices to make sure only authorized users can access them. You can also create an allowed list of destination devices to make sure that supervised iOS devices connect only to the AirPlay devices you specify.
Set wallpaper on devices: You can set wallpaper for iOS devices from the BES12 management console. When you create a device profile for iOS devices, you can select a custom image to display on iOS devices. You can use the wallpaper image to provide information for your users or to display your organization’s logo.
iOS device location history: BES12 supports device location history for iOS devices. You can view the current or previous locations of up to 100 iOS devices at one time on a map in the management console.
You can track the previous location of any iOS device and store the location history for a specified period that you specify.
Work Apps icon: You can customize the image and name for the Work Apps icon on iOS devices.
Convert installed personal apps to work apps: If an app is already installed on iOS 9 or later devices, you can convert an app to a work app. After you add the app to BES12 and you assign the app to a user, the app can be converted to a work app and managed by BES12.
Control network usage for work apps: You can create a profile to control how work apps on iOS 9 or later devices use the network. A network usage profile controls whether an app can use data over the wireless network or while the device is roaming.
CalDAV and CardDAV support: You can use CardDAV and CalDAV profiles to allow iOS devices to access contact and calendar information on a remote server. Multiple devices can access the same information.
Apple DEP enrollment configuration improvements: You can prevent users from closing the Setup Assistant before the device is configured. You can specify that users can skip the following extra panes during setup: Biometric, Payment, and Zoom.
New IT policy rules for iOS 9 or later: BES12 includes several new IT policy rules supported by iOS 9 or later.
Updates to profile settings for iOS 9 or later: BES12 includes several new profile settings for iOS 9 or later, including the following:
- Email profile: Allow Mail Drop
- VPN profile: Connection type: IKEv2
- Wi-Fi profile: Inner authentication: EAP
Android
Activate a device with the Work space only (Android for Work) activation types: You can activate Android devices that are running Android OS 5.1 (Lollipop) or later with two new Android for Work activation types. The Work space only (Android for Work) activation type activates the device with a work profile and no personal profile. The Work space only (Android for Work – Premium) activation type activates the device with a work profile and no personal profile. It allows the device to use BlackBerry Secure Connect Plus.
Silver licenses are required to activate devices with the Work space only (Android for Work) activation type. Gold or Gold – Flex licenses are required to activate devices with the Work space only (Android for Work – Premium) activation type.
Activate a device with the Work and personal – user privacy (Samsung KNOX) activation type: You can activate Android devices with a new Samsung KNOX activation type. The Work and personal – user privacy (Samsung KNOX) activation type activates the device with a work space and a personal space. Administrators can use IT administration commands and IT policy rules to manage work data but personal data is kept private. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint.
Gold – KNOX Workspace or Gold – Flex licenses are required to activate devices with the Work and personal – user privacy (Samsung KNOX) activation type.
Use proxy profiles with Samsung KNOX Workspace devices: If your organization uses proxy servers, you can associate proxy profiles with enterprise connectivity or VPN profiles. Samsung KNOX Workspace devices can then connect to proxy servers when they connect to work networks using BlackBerry Secure Connect Plus or connect to work VPNs. You can use proxy profiles with manual configuration or PAC configuration, depending on the version of KNOX that devices use.
Manage internal apps on Android for Work devices: You can manage internal apps on Android for Work devices. You can host internal apps for Android for Work devices using BES12 or Google Play.
Select the productivity apps used on BlackBerry smartphones powered by Android that use Android for Work: You can select either the BlackBerry Productivity Suite or Divide Productivity apps to be used on BlackBerry smartphones powered by Android that use Android for Work.
BlackBerry 10
Allow users to deactivate devices: This new IT policy rule specifies if the user can deactivate their device and wipe all work data. If this rule is deselected, users cannot delete the work space from a BlackBerry Balance device or wipe a work space only device.
This setting applies to BlackBerry 10 devices running BlackBerry 10 OS version 10.3.3 and later that are activated with the following activation types:
- Work space only
- Work and personal – Regulated
- WorkLife
Manage WorkLife by BlackBerry in BES12: WorkLife by BlackBerry is a Virtual SIM Platform (VSP) that allows organizations to separate work numbers and personal numbers on BlackBerry 10, iOS, and Android devices. You can manage the WorkLife by BlackBerry plug-in in the BES12 management console.
