Two Factor Content Protection Usage IT policy rule
Description |
This rule specifies whether a BlackBerry device user can turn on two-factor content protection on a BlackBerry device. Two-factor content protection on the device is designed to protect the decryption keys for content protection with both a private key that is stored on a smart card and the device password. When a user turns on two-factor content protection, the device requires more time to unlock than if two-factor content protection is not turned on. To unlock the device, the user must have the appropriate smart card driver and a supported driver for the smart card reader installed on the device. You cannot reset the device password after you or a user turns on two-factor content protection. To restore the decryption keys for content protection and unlock the device, the user must have the smart card and must know the device password and the PIN for the smart card. |
Related rules |
The Content Protection Strength IT policy rule affects this rule. If you change this rule to Required, the device can use this rule only if you also configure the Content Protection Strength IT policy rule to Yes. The Force Smart Card Two Factor Authentication IT policy rule affects this rule. If you change this rule to Required, the device can use this rule only if you also change the value of the Force Smart Card Two Factor Authentication IT policy rule to Yes. The Force Smart Card Two Factor Authentication IT policy rule affects this rule. Alternatively, instead of changing the value of the Force Smart Card Two Factor Authentication IT policy rule to Yes, you can change the value of the Force Multi Factor Authentication IT policy rule to Yes and change the Allowed Authentication Mechanisms IT policy rule to use only a smart card user authenticator. |
Possible values |
|
Default value |
|
Minimum requirements |
|
Rule introduction |
|