You can configure an allowed list to determine which devices can access a BlackBerry Enterprise Server. A device that
meets the criteria that you specify in the allowed list can associate with the BlackBerry Enterprise Server when the device
activates over the wireless network.
You can define the following types of criteria:
specific device PINs
range of device PINs
specific manufacturers
specific device models
The BlackBerry Administration Service includes lists of permitted manufacturers and models of devices that you
associated with the BlackBerry Enterprise Server previously.
You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise
Server even if you configure the allowed list with criteria that exclude that device.
For more information, see the BlackBerry Enterprise Server Administration Guide.
Using an IT policy to manage BlackBerry Enterprise Solution security
You can use an IT policy to control and manage BlackBerry devices, the BlackBerry Desktop Software, and the BlackBerry
Web Desktop Manager in your organization's environment. An IT policy consists of multiple IT policy rules that manage the
security and behavior of the BlackBerry Enterprise Solution. For example, you can use IT policy rules to manage the
following security features and behaviors of the device:
encryption (for example, encryption of user data and messages that the BlackBerry Enterprise Server forwards to
message recipients) and encryption strength
use of a password or pass phrase
connections that use Bluetooth wireless technology
protection of user data and device transport keys on the device
control of device resources, such as the camera or GPS, that are available to third-party applications
The BlackBerry Enterprise Server includes preconfigured IT policies that you can use to manage the security of the
BlackBerry Enterprise Solution. The Default IT policy includes IT policy rules that are configured to indicate the default
behavior of the device or BlackBerry Desktop Software.
After a device user activates a device, the BlackBerry Enterprise Server automatically sends to the device the IT policy that
you assigned to the user account or group. By default, if you do not assign an IT policy to the user account or group, the
BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or
group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the
Default IT policy to the device.
Feature and Technical Overview BlackBerry Enterprise Solution security
53