Installation guide
BlackBerry Enterprise Solution 56
Creating new IT policy rules to control custom applications
Create new IT policy rules to control custom applications that your organization develops to run in BlackBerry
environments. After the BlackBerry Enterprise Server administrator creates a new IT policy rule, the BlackBerry
Enterprise Server administrator can add it to and assign a value to it in any new or existing IT policy. Only your
organization’s own custom applications can use new IT policy rules that the BlackBerry Enterprise Server
administrator creates. The BlackBerry Enterprise Server administrator cannot create new IT policy rules to
control standard BlackBerry device functionality.
Enforcing IT policy changes over the wireless network
Wireless IT policy enables the BlackBerry Enterprise Server administrator to immediately enforce IT policy rule
additions, deletions, or modifications on C++ enabled BlackBerry devices running BlackBerry Device Software
Version 2.5 or later and on Java enabled BlackBerry devices running BlackBerry Device Software Version 3.6 or
later. When the BlackBerry device receives an updated Default IT policy or a new IT policy, the BlackBerry device
and BlackBerry Desktop Software apply the configuration changes.
The BlackBerry Enterprise Server must resend the IT policy to the BlackBerry device to update the BlackBerry
device and the BlackBerry Desktop Software behavior over the wireless network. By default, the BlackBerry
Enterprise Server is designed to resend the IT policy to BlackBerry devices of users that are assigned to that IT
policy within a short period of time after the BlackBerry Enterprise Server administrator updates the IT policy.
The BlackBerry Enterprise Server administrator can also resend an IT policy to the user account of a specific
BlackBerry device manually, and the BlackBerry Enterprise Server administrator can set the BlackBerry
Enterprise Server to resend IT policies to BlackBerry devices on that specific BlackBerry Enterprise Server at a
scheduled interval whether or not the BlackBerry Enterprise Server administrator has changed the IT policies.
Enforcing BlackBerry device and BlackBerry Desktop Software security
The BlackBerry Enterprise Solution offers a user many different security settings for the BlackBerry device and
BlackBerry Desktop Software. For example, the BlackBerry Enterprise Server administrator can specify one or
more IT policy rules to enforce the following behavior to meet your organization’s security requirements:
• Enforce encryption (for example, encryption of user data and messages that the BlackBerry Enterprise
Server forwards to the message recipient) and encryption strength
• Enforce password or passphrase use
• Enforce a strong password or passphrase
• Secure Bluetooth connections
• Protect user data on the BlackBerry device
• Protect master encryption keys on the BlackBerry device
• Restrict application use on the BlackBerry device
• Restrict BlackBerry device resources available to third-party applications
For more information, see the Policy Reference Guide.
Controlling BlackBerry device access to the BlackBerry Enterprise Server
Turn on the Enterprise Service Policy to control which BlackBerry devices can connect to the BlackBerry
Enterprise Server. After the BlackBerry Enterprise Server administrator turns on the Enterprise Service Policy, the
BlackBerry Enterprise Server still permits connections from BlackBerry devices and BlackBerry enabled devices
that the BlackBerry Enterprise Server administrator previously added to the BlackBerry Enterprise Server, but it
prevents connections from newly-added BlackBerry devices by default.
Define BlackBerry device criteria in an approval list to turn on and turn off BlackBerry Enterprise Server access
for BlackBerry devices. BlackBerry devices that meet the approval list criteria can complete wireless enterprise
activation on that BlackBerry Enterprise Server.
www.blackberry.com