BlackBerry Connection > IT Edition > Guide to IT Policies for BlackBerry Enterprise Server Express

Guide to IT Policies for BlackBerry Enterprise Server Express

Guide to IT Policies for BlackBerry Enterprise Server Express

What's in, what's out, and how to make them work for your organization

IT policies may be the best thing since sliced bread. With them you can control the behavior of the BlackBerry® smartphones in your organization. By configuring IT policies, you can, for example, prevent users from connecting to Bluetooth® devices. Or you can require strong passwords that expire every 30 days. So with the recent introduction of BlackBerry® Enterprise Server Express, here is a look at IT policies in action.

IT policies in a nutshell

You can create custom IT policies to tailor and control the behavior of your BlackBerry® Enterprise solution. Here are the basics:

  1. Create your custom IT policies in the BlackBerry Administration Service.
  2. To make IT policies work, you add IT policy rules, of which there are over 35 in BlackBerry Enterprise Server Express (see below for a complete list).
  3. BlackBerry Enterprise Server Express automatically sends your IT policies to the user accounts that you assigned to receive them.

Example: Prevent photographs and videos

For example, if you wish to prohibit employees from taking photographs and videos with their BlackBerry smartphone cameras, you could create an IT policy called, No Camera or Video. To make it work, you would configure the Disable Photo Camera and Disable Video Camera rules. Example 1 shows the values you would select.

Example 1. No Camera or Video IT policy

IT policy rule Value
Disable Photo Camera Yes (shuts off camera)
Disable Video Camera Yes (shuts off camera)

Once configured, BlackBerry Enterprise Server Express would then send the IT policy to all user accounts you assigned to receive it.

How to create an IT policy

  1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.
  2. Click Create an IT policy.
  3. Type a name and description for the IT policy.
  4. Click Save.
  5. To configure the IT policy, perform the following actions:
    1. In the IT policy information section, click the IT policy.
    2. Click Edit IT policy.
    3. On a tab for an IT policy group, configure values for the IT policy rules.
    4. Click Save All.
  6. To assign to a user or group, go to the Manage Users or Manage Groups and assign the new policy via the Policies Tab.

For more options, see the BlackBerry Enterprise Server Express Administration Guide.

The default IT policy

There is a default IT policy available when you install BlackBerry Enterprise Server Express. When you install the BlackBerry Enterprise Server Express, the IT policy rules in the default IT policy do not contain any values. You can configure and apply the default IT policy to user accounts to control the BlackBerry smartphones in your organization's environment.

Behavior in the wild

  • After a BlackBerry smartphone user activates a BlackBerry smartphone, BlackBerry Enterprise Server Express automatically sends to the BlackBerry smartphone the IT policy that you assigned to the user account or group
  • By default, if you do not assign an IT policy to the user account or group, BlackBerry Enterprise Server Express sends the Default IT policy
  • If you delete an IT policy that you assigned to the user account or group, BlackBerry Enterprise Server Express automatically re-assigns the Default IT policy to the user account and resends the Default IT policy to the BlackBerry smartphone

Example password policies

Below are two example password IT policies you can create in the BlackBerry Administration Service, and the rules to configure. We named them Password I-Basic and Password II-Strong, but you can name them whatever you want.

Example 2: Password I-Basic

IT policy rule Value
Maximum Password Age 0
Maximum Security Timeout 15
Minimum Password Length 4
Password Required Yes
User Can Disable Password No

Example 3: Password II-Strong

IT policy rule Value
Maximum Password Age 30
Maximum Security Timeout 5
Minimum Password Length 10
Password Required Yes
User Can Disable Password No
Password Pattern Checks At least 1 uppercase alpha,
one lowercased alpha,
1 numeric, and 1 special character

BlackBerry Enterprise Server Express vs. BlackBerry Enterprise Server v5.0

For the most part, IT policies work exactly the same in BlackBerry Enterprise Server Express as in the BlackBerry Enterprise Server v5.0. If you know how to use them in one, you know how to use them in the other.

The difference, however, comes in quantity of IT policy rules. BlackBerry Enterprise Server Express features over 35 IT policy rules. These core rules give you many options for customizing your organization.

In contrast, BlackBerry Enterprise Server features more than 450 IT policy rules. With the additional rules come more options—and finer control—for customizing your organization's network. (For the complete list, see the BlackBerry Enterprise Server Version: 5.0 Policy Reference Guide.)

BlackBerry Enterprise Server Express IT policy rules

As mentioned above, BlackBerry Enterprise Server Express features over 35 IT policy rules. For the complete list, including descriptions, default values, requirements, and usage, see the BlackBerry Enterprise Server Express Policy Reference Guide.

Common policy group

  • Disable MMS

Device Only items

  • Allow SMS IT
  • Maximum Password Age IT
  • Maximum Security Timeout IT
  • Minimum Password Length IT
  • Password Pattern Checks IT
  • Password Required IT
  • User Can Change Timeout IT
  • User Can Disable Password IT

Bluetooth policy group

  • Disable Bluetooth IT

Camera policy group

  • Disable Photo Camera IT
  • Disable Video Camera IT

Email Messaging policy group

  • Confirm External Image Download IT
  • Disable Manual Download of External Images IT
  • Disable Rich Content Email IT
  • Maximum Native Attachment MTH attachment size IT
  • Maximum Native Attachment MFH attachment size IT
  • Maximum Native Attachment MFH total attachment size IT

Password policy group

  • Forbidden Passwords IT
  • Maximum Password History IT
  • Set Maximum Password Attempts IT
  • Set Password Timeout IT
  • Suppress Password Echo IT

Security policy group

  • Content Protection Strength IT
  • Disable External Memory IT
  • Disable IP Modem IT

Resources

BlackBerry Enterprise Server Express Policy Reference Guide »

BlackBerry Enterprise Server Express Administration Guide »

IT Policies available in BlackBerry Enterprise Server Express version 5.0 SP1 »

Click for more on BlackBerry Enterprise Server Express »

BlackBerry Enterprise Server Express

Support Forums

The BlackBerry® Support Community Forums are a great place for your BlackBerry device users to get help—and a place for you to connect with other IT administrators. Do you have questions about BlackBerry Enterprise Solutions? Are you looking for support on devices or accessories? Visit the BlackBerry Support Community Forums.