RIM launches first BES IT Policies for PlayBook

PlayBook with Padlock
By IsaacKendall on 12 Apr 2011 02:12 pm EDT

The CrackBerry team has been doing a great job with unveiling PlayBook features and getting started tips and tricks but the big question for the targeted business customers, specifically the militant IT departments, is what controls will be in place for the BES Admin?

The first IT policies have now been released by RIM for the BlackBerry Enterprise Server versions 4.0 & 5.0 and apply to Microsoft Exchange, Lotus Notes & Novell GroupWise.  Currently there are no release notes regarding the BlackBerry Enterprise Server Express (BESX).  I'm sure that in time it will come, but the BESx is designed to be a scaled back version of the BES specifically in the area of IT policies.

This is very good news and not a moment too soon.  In my travels speaking with corporate customers over the last couple of weeks they seem to be holding a 'wait-and-see' attitude to the PlayBook because RIM has not been very forthcoming with their IT control plans.  Remember the PlayBook at launch will not have its own PIN therefore you can't put it on the BES out of the box.

Enable BlackBerry Bridge

This policy can be found under the BlackBerry Bridge category when configuring an IT Policy after the file below has been applied to the BlackBerry Enterprise Server.

Description: Specify whether a BlackBerry device can run BlackBerry Bridge. If you set this rule to Yes, a user can run BlackBerry Bridge and use it to connect a companion device (for example, the BlackBerry PlayBook) to the BlackBerry device. If you set this rule to No, a user cannot run BlackBerry Bridge and cannot use it to connect a companion device to the BlackBerry device. If you do not set this rule, a default value of Yes will be used.

BlackBerry PlayBook Log Submission

This policy can be found under the Companion Devices category when configuring an IT Policy after the file below has been applied to the BlackBerry Enterprise Server.

Description: Specify whether a BlackBerry PlayBook tablet can generate and send log files to the BlackBerry Technical Solution Center. The default value for this rule is Enable Logging. If you set this rule to Enable Logging, the tablet can generate and send log files to the BlackBerry Technical Solution Center. If you set this rule to Disable Logging, the tablet cannot generate and send log files to the BlackBerry Technical Solution Center.

Until there is a maintenance release or a service pack to the BES these IT policies will have to be applied to the BES manually.

Update the IT policy rule definition using BlackBerry Administration Service:

This procedure is appropriate for the BlackBerry Enterprise Server 5.0.  Complete the following steps:

  1. Download the ITPolicyPackPlayBook.zip file attachment and unzip it to a temporary folder on the local computer hosting the BlackBerry Manager.
  2. Open BlackBerry Administration Service.
  3. From the BlackBerry Solution Management panel, expand Policy.
  4. Click Manage IT Policy Rules.
  5. Click Import IT Policy Definitions.
  6. Browse to the temporary folder where the ITPolicyPackPlayBook.zip file was unzipped.
  7. Select the ITPolicyPackPlayBook.xml file.
  8. Click Save.
  9. When the import process is complete, the following message appears:
    The IT policy definitions have been updated.

The PlayBook launch on April 19th is going to be a very exciting day in the BlackBerry world and now that RIM is officially releasing BES specific information I'm hoping it spreads the anticipation throughout the CrackBerry Nation!

Full RIM KB article and download for manual IT policy

Source: BESAdmin

Reader comments

RIM launches first BES IT Policies for PlayBook


If I'm honest, I was pretty shocked not to see these come in with sp3!! Especially as it only came out a week ago!!!

But good that at least us BES admin have the policy befor launch day!!!

I tried a demo PlayBook and there is a PIN listed under the options. It is a combo of letters and numbers similar to BlackBerries.

Hi Isaac,

Anyone know how the PlayBook will interact with BES Express? I run BES Express now and with the SP2 update they removed the ability to import IT policy definitions. I hear rumours it was going to come back with the SP3 update but just wondering how I would get these PlayBook IT policies loaded if they don’t add that functionality back?

You'll be able to use the PlayBook as soon as it's released on BES eress.

Even under sp2 you're still able to import these policies which allow you to disable this feature via it policy, simply read the kt link included.

Hey Isaac/skyman,

Actually I'm quite positive the ability to manage/import new IT policy definitions has been removed with SP2 for BES Express. I use it pretty much all the time and I've followed that KB article in the past (on SP1) but it is no longer valid for SP2. It's simply no longer an option. I can go to "manage" but there is no more "import" option. It was re moved and I"m hoping it gets added back because it also prevents me from loading the RIM Value Add IT polick pack. This causes issues for me with FB and LinkedIn contact and cal integration. I don't doubt my PB will work out of the box with BES Express but I won't be able to control it as well without the ability to import the policies once releases from RIM

So basically, without BES and these policies pushed down (more specifically the second one), a PB will "phone home" on everything or almost everything you do. I hope they have this in the EULA. Personally, I'd like to have the option to turn this off natively on the PB so that non-BES users could control this aspect of the PB. PB Phone Home.... :p

These IT policies will simply determine if a BES controlled BlackBerry will be able to make a Bridge with a PlayBook or not.

The other policy governs as to whether the BES will log PlayBook activities.

Hey guys. Those policies are obviously for the BlackBerry smartphone and not the Playbook. You can control if the smartphone can be used for BlackBerry bridge and if logs can be submitted via the the BlackBerry smartphone. What do you think ?

Yeah you're correct. Clearly these policies are for the smartphone. What I'm confused about is will the PlayBook be able to take policy directly, or only via smartphone? (question above re pin I suppose).

Until the PlayBook has a PIN - an active/supported PIN the PlayBook can't take a policy directly.

It stands to reason that RIM will eventually support a native PIN on the PlayBook - think the '4G' or LTE standalone device. It makes logical sense that the PlayBook will support full BlackBerry functionality (PIM, BBM, IT policy).

So as a user, if I go out and buy a playbook will I need to ask the IT team to approve bridging? Will they need to make a bridging policy and install a new version of their BB admin tools?

I was hoping I could just buy a Playbook and use it with my corporate phone without bothering to coordinate with the IT team.

That is simply a quick chat with your BES Admin.

You: "Will you be restricting the use of the BlackBerry PlayBook on our network"

BES Admin "No"

OK done, go buy your PlayBook on the 19th and rock on!

Default policy is 'allow bridging' if IT doesn't apply the upgrade and set the policy to 'no'. So IT has to deliberately change the default setting to disable bridging. Bet most IT departments won't....

So what are peoples admins doing - particularly those in fairly locked down / secure environments (eg. government, financials etc).

Whether this policy is set to No or Yes could massively change whether people buy the PlayBook - some of these companies have many thousands of BB Handsets - all potential purchasers of the PlayBook

In my mind without Bridge, the PlayBook is a dumb WiFi device that is smaller and with less apps than the competitor. If Bridge is blocked I will probably go darkside.

Agreed. The PlayBook without Bridge will be as useful as an iPhone user buying a PlayBook. Not the ideal target customer.

I'm not sure how many organizations will actually prevent the Bridge mode. I see more companies implementing the logging of PlayBook usage than blocking PlayBook use.

Just to clarify on the logging rule as I chatted with T-Support today about this.

Enabling the logging rule will allow logging on the Playbook to be sent to RIM.

I would think most companies would rather keep this disabled as logs may contain corporate data. I asked if we could manually access the logs if needed and they were not sure.


So The PlayBook is not useful - without a BB & Bridge for:
Video Conferencing/Chat
Connecting to Intranet site with built-in VPN connection over WLAN (BB Hotspot in BB6.1 or other smartphone; possible BB5 with USB to MicroUSB).
Install 3rd party email app or use OWA via Browser for access.
Connect to BES5.01 Admin URL for administration - again over WLAN?
- that is just a quickie off the top of my head.

Still is useful … then bring-in more Android Apps … I STILL think this is a last minute cop-out way to go for RIM.

You are talking about two totally different things here.

1. If your Blackberry is provided by your corporation it would be foolish to just purchase a Playbook without guidance from your IT / BES admin if they will allow the secure data on the Blackberry to be extend to Blackberry via Bridge.

2. Related to 1 - Any corporate IT department will want / need to validate the Playbook and determine if it meets their needs. Many companies have regulations to adhere to so basic forensic discovery will be performed to ensure corporate data remains secure.

3. Personal owned Playbooks shouldn't have any expectation a corporation will allow connectivity via Bridge to a corporate owned Blackberry. The data on the Blackberry is corporate and they could decide they do not want Bridge used (for whatever reason).

4. RIM has already alluded to they are moving away from PIN based system and use the Blackberry ID as it will likely get around the one Blackberry per BES account limitation. I'd love to see some native Playbook controls but those are likely a ways off, I'm thinking late summer / fall at the earliest with BES 5.0 SP 4.

Frank you've hit it directly on the head. Well said.

I do see a PIN being attached to the PlayBook before the BBid program is fully implemented.

The BBid program is interesting and I'm looking forward to see how it's used. I'm not sure how efficient it will be compared to the efficiency of PIN messaging.

Per number 1 and 2, I'm not convinced that is how it works. The playbook is just a bridge when hooked to your BB. It should not retain any details once disconnected from the BB. It is essentially just a "bigger window" to use your email, contacts, etc. As such, once disconnected no data from your BB should remain on the playbook. At least that is my understanding. Since these "apps" don't exist on the playbook yet, there is no way to import them to be used as a standalone device (yet???). So it is essentially nothing more than a "terminal" when bridged is my understanding. Am I wrong or do we even know yet?