Prerequisites: Verifying that iOS devices are managed by UEM

The iOS devices must be activated using one of these activation types*:

  • MDM Controls
  • User Privacy
  • User Privacy - User enrollment

If your users are activated with the User privacy activation type, complete one of these tasks:

Task

Steps

Use Aurora Endpoint Security to manage the per-app VPN
  1. In the user privacy activation type, clear the Allow VPN Management checkbox and select the Allow app management checkbox.
  2. In the Aurora Endpoint Security console, configure the Gateway Service options.

Use UEM to manage the per-app VPN
  1. In the user privacy activation profile, select the Allow VPN Management and Allow app management checkboxes.
  2. Create a custom VPN profile. In the VPN bundle ID field, enter the Aurora Protect Mobile bundle id, com.blackberry.protect.
  3. In the Aurora Endpoint Security console, configure the Gateway Service options.

* If you want to deactivate a device from the UEM instance, use the "Delete only work data" command to delete work data (for example, the IT policy, profiles, apps, and certificates) that is on the device. If you select the "Remove device" command, the device is removed from your UEM instance, but data and profiles are not removed and the device may continue to receive email and other work data. BlackBerry recommends that you use the "Remove device" command only if a device is irretrievably lost or damaged and is not expected to contact the server again. For more information on commands that you can send to devices, see Commands for iOS devices in the BlackBerry UEM content.