Update: Blackberry technical support confirmed this will be fixed in UEM console version 12.10. Stay tuned. 

Once upon a time, an elite member from the service desk team rushed to my desk with an urgent issue. An executive could no longer sync Blackberry contacts through Blackberry Work to his iOS device after it was upgraded to iOS 11.3 and beyond including iOS 12.

When the user attempts to enable Sync to Device within settings, the user may get the prompt below briefly before getting the error further below.

This issue was first reported under iOS 11.3 back in April 2018 per the links below.

• Link 1: After upgrading to iOS version 11.3, BlackBerry Work and Good for Enterprise (GFE) users cannot enable native contact sync
• Link 2: After upgrading to iOS version 11.3, BlackBerry Work and Good for Enterprise (GFE) users cannot enable native contact sync

Since our BYOD devices are enrolled with Blackberry UEM client, it does fit into one of the criteria shown below.

From the second link above, this issue can also be caused by allowing 3rd party app  (i.e. iCloud, Gmail, Yahoo, etc) to sync with the native contact app. I confirmed this by first removing only contact sync from any of the 3rd party apps, and I was able to enable Blackberry contacts to sync to the device after. Since this is a BYOD device, it’s expected that users will have a personal mailbox configured. Thus, this is not the solution we need.

Initially, no MDM provider could manage this feature with the two new keys listed below since the release of iOS 11.3 through iOS 12.

• allowManagedToWriteUnmanagedContacts
• allowUnmanagedToReadManagedContacts

With version 9.7 of VMware Workspace ONE, it’s now possible to manage these two keys (see screenshot below from VMware Workspace ONE console). Blackberry UEM, on the other hand, has yet made the same options available even under version 12.9 as of this writing to manage this feature within the web console. Fear not, there’s a workaround for the time being which I will share the detail further below.

At one point, Blackberry support suggested enabling Allow documents from managed sources in unmanaged destinations within the IT policy as an alternative for Blackberry UEM version 12.7 (or upgrade to version 12.9). However, doing so can expose more than just corporate contacts on user’s personal device.

For the workaround, we will create a custom payload profile per the link below. This practice is actually very common among different MDM vendors to manage features released with the latest mobile OS when the console has yet to release support for the same features.

Managing iOS Features Using Custom Payload Profiles

Once you gather the XML code using the Apple Configurator from Apple, proceed to create a custom payload profile within the UEM console by navigating to Policies and profiles -> Custom payload. Then, assign the custom payload profile to user/group accordingly.

Here’s the sample XML code to allow syncing Blackberry contacts to the device.

Here, I’m assigning this custom payload profile to my user group.

Once the profile takes effect on user’s device, you should now able to enable Sync to Device within UEM settings.

When you launch the native contact app again, you should see your Blackberry contacts. If you press on Groups on the upper left-hand corner, you will then see a new group named Blackberry Work.

And the executive continues to stay mobile happily ever after.

The End.