System Requirements
INFO
Swisscom beem supports all major web browsers and end-user devices. However, not all features and use cases are available or fully supported across every platform, browser, or device. Detailed compatibility information for specific use cases is listed in the relevant sections below.
My Swisscom Business
My Swisscom Business is the online self-service portal designed for business customers to manage their Swisscom Business Account. It provides:
- 24/7 access to service and account information
- Tools for user and permission management
- Options to view and modify products, subscriptions, and invoices
- Real-time notifications about service updates or maintenance
- Access to support resources, including FAQs and documentation
This portal acts as the central interface for administrators and authorized users to configure and monitor their Swisscom services, including beem services.
Swisscom Business Accounts
A Swisscom Business Account represents your company’s official contractual relationship with Swisscom. It includes:
- The company’s customer profile
- All active subscriptions and services (e.g., internet, mobile, IT solutions)
- Billing and invoicing information
- Eligibility to access Swisscom’s business platforms and tools
This account forms the foundation for managing your organization’s services with Swisscom.
INFO
Swisscom Business Accounts are primarily intended for registered businesses, including start-ups, SMEs, and large enterprises. However, private individuals (e.g., freelancers or self-employed persons) can register for business services if they meet the criteria or use the services in a business-like context.
beem App – Supported Client Operating Systems
The beem app is a native VPN client built for seamless compatibility with Android, iOS, macOS, and Windows operating systems.
To ensure reliable performance across devices, the app supports the following operating system versions:
| Client Operating System | Version |
|---|---|
| Windows 11 | All versions ¹ |
| macOS | macOS 15 and later |
| iOS/iPadOS | iOS/iPad OS 15.5 and later |
| Android | Android 13 and later² |
WARNING
¹ Windows 10 is not supported, as Microsoft will discontinue official support for it in October 2025.
² Please note that the beem app has currently been tested exclusively on Samsung smartphones and tablets with One UI. Compatibility with devices from other manufacturers or Android variants is not yet confirmed, but support may be extended in the future.
Server Operating System
The platform is fully operating system-independent and compatible with all major operating systems. beem functions reliably across environments without relying on any specific OS architecture.
Supported Browsers per Operating System
The following table provides an overview of the operating systems and browsers supported by beem:
| Client Operating System | Browser | Version | Supported |
|---|---|---|---|
| Windows 11 | Chrome | 136.0.7103.92 | ✓ |
| Windows 11 | Edge | 135.0.3179.98 | ✓ |
| macOS 15+ | Chrome | 136.0.7103.93 | ✓ |
| macOS 15+ | Edge | 135.0.3179.54 | ✓ |
| macOS 15+ | Safari | 18.4 | ✓ |
| iOS/iPadOS 15.5+ | Chrome | 131.0.6778.73 | ✓ |
| iOS/iPadOS 15.5+ | Edge | 135.3179.98 | ✓ |
| iOS/iPadOS 15.5+ | Safari | 18.4 | ✓ |
| Android 13+ | Chrome | 136.0.7103.87 | ✓ |
| Android 13+ | Edge | 135.0.3179.85 | ✓ |
WARNING
Although older versions may still function, they are not officially supported. We strongly recommend keeping your browser up to date to ensure optimal performance and security.
Compatibility: Operating Systems and Browsers for Passkeys
The table below outlines the operating systems and browsers that are compatible with modern authentication methods such as passkeys.
| Operating System | Browser | Compatibility Notes |
|---|---|---|
| Windows 11 | Google Chrome | Fully supported for passkeys starting from version 106. |
| Microsoft Edge | Fully supported starting from version 106. | |
| macOS 15+ | Safari | Native support for passkeys. |
| Google Chrome | Supported via WebAuthn API. | |
| iOS/iPadOS 15.5+ | Safari | Native support for passkeys in apps and web. |
| Google Chrome | Supported in web browsers. | |
| Android 13+ | Google Chrome | Requires WebAuthn API support. |
INFO
To use passkeys for authentication on a Linux device, you need either Google Chrome or Mozilla Firefox as your web browser, along with one of the following:
- A smartphone (Android or iPhone) for phone-based cross-device authentication (QR code flow)
- A USB security key (e.g., YubiKey, Google Titan)
- A password manager that supports passkeys. For example, KeePassXC can manage passkeys across operating systems, including Linux. However, it requires the KeePassXC-Browser extension for Firefox.
Cross-Device Authentication
INFO
To ensure optimal compatibility, update your browser and operating system to the latest version. Note that certain features may vary based on the device manufacturer or system configuration.
Passkeys
Passkeys represent a modern, secure alternative to passwords and play a vital role within the beem network and security solution. By leveraging the power of asymmetric encryption and strong cryptographic techniques, passkeys provide exceptional security while delivering an intuitive and streamlined user experience.
Enhanced Security and User Experience
Passkeys eliminate the risks associated with passwords by replacing shared secrets with asymmetric encryption. The private key remains securely stored on the client device, while only the public key is registered with the service. This architecture prevents credential theft through phishing, replay attacks, or database breaches.
Once enrolled, users can authenticate across devices without re-entering credentials, thanks to persistent linking and cross-device sign-in. Passkeys can be either device-bound or synchronised via a trusted password manager or cloud service, depending on organisational policy.
By integrating platform authenticators such as Face ID, Touch ID, Windows Hello, or Android Biometrics, passkeys provide a fast and intuitive sign-in process without sacrificing security. They also reduce the need for additional authentication steps, such as SMS codes or authenticator apps, lowering friction for end users while maintaining strong protection.
Please refer to the table below to ensure optimal compatibility with your specific client operating system and web browser. The beem ecosystem is designed to encompass a wide range of devices and platforms, ensuring a seamless Passkey experience for users.
| Browser | iOS/iPadOS 16+ (2022) | macOS 15+ (2024) | Android 13+ | Windows 11¹ | Linux² |
|---|---|---|---|---|---|
| Chrome | ✓ | ✓ | ✓ | ✓ | (✔) |
| Safari | ✓ | ✓ | ✗ | ✗ | ✗ |
| Edge | ✓ | ✓ | ✓ | ✓ | (✔) |
¹ Cross-device authentication and passkey management features were added in Windows 11 23H2.
² Cross-device authentication, physical security keys, or password managers (e.g., KeePassXC) are supported.
Figure: The image illustrates four common methods for storing and using passkeys across devices and platforms.
PC sign-in using phone passkey
- On the PC, select Sign in with passkey → Use a phone.
- Scan the QR code displayed on the PC screen.
- Approve the login on the phone using biometric or PIN.
- Session is linked across devices for seamless future sign-ins.
Note: Bluetooth must be enabled on both devices.
Passkey lifecycle and recovery
Users should register at least two authenticators (e.g., mobile + workstation) to prevent lockout. If a device is lost, the passkey can be revoked via the admin portal, the user signs in with a backup, and a new passkey is enrolled.
If no backup is available, account recovery requires administrator approval.
INFO
The first passkey must be created on a mobile device (the specific model or manufacturer is not relevant) to ensure cross-device sign-in works out of the box. This process uses Bluetooth pairing between the mobile and the enrolment device. After the initial setup, additional passkeys can be created on other devices (e.g., Windows Hello, FIDO2 key) if permitted by organisational policy.
Security model
Passkeys in beem are based on the WebAuthn/FIDO2 standard. Private keys remain in the device’s secure enclave (e.g., TPM, Secure Enclave) and never leave the device. The server stores only public keys and counters to verify authentication. No biometric data is stored or transmitted.
Swisscom Business Account Passkeys
Swisscom Business Account passkeys integrate seamlessly with the beem ecosystem to enable secure, passwordless authentication and fine-grained access control. By combining passkeys with device-based authentication, beem establishes a multi-layered security model that helps ensure only authorised users can access sensitive company data and applications. This integration strengthens identity and access management across the organisation, enhancing both convenience and protection for users and IT teams alike.
beemNet Access
beemNet supports all major operating systems and enables secure access to the Swisscom network from both internal and external environments.
Access Requirements:
To use beemNet, customers must have:
- A valid beem user licence, and
- The appropriate Swisscom network access service, depending on their connectivity setup.
Supported Swisscom Access Types:
- Enterprise Connect
- IP-Plus
- Smart Business Connect
- Wireline Access
When connecting from outside the Swisscom network (e.g., home office, public Wi-Fi), users must use the beem app to establish a secure connection to the beemNet environment.
| User Licence Type | Max. Number of Devices | Mobile Voice & Data | No Restriction | Concurrent vs. Named |
|---|---|---|---|---|
| Protect & Connect | 6 | ✓ | ✓ | 👤 |
| Protect | 3 | ✗ | ✓ | 👤 |
| Collaborate | 1 (5) | ✗ | ✗ | 👥👥 |
Wireline
To convert a standard internet connection into a beemNet connection, one of the following Swisscom access products is required:
- inOne KMU office or beem Office
- Smart Business Connect
- Enterprise Connect
- IP-Plus®
If none of these access types are available, users can still connect to beemNet via the beem app, which enables secure access over third-party internet connections.
Once connected, the local area network (LAN) behind the internet connection is automatically integrated into the beemNet environment, allowing all devices within the LAN to securely communicate over the Swisscom network.
WARNING
beemNet currently does not support IPv6. Enabling IPv6 may cause connectivity issues and impact service stability.
Recommended actions to ensure optimal performance:
- If you want to protect your Wireline Location with beem, do not enable IPv6.
- If IPv6 is already enabled and required in your setup, please disable the "Protect" option to minimize the risk of disruptions.
We are actively working to resolve this limitation. Until official IPv6 support is available, please follow this guidance to ensure stable service.
User licence and client devices
| Service | Description |
|---|---|
| Protect | Basic protection layer for secure access. |
| Collaborate | (Coming soon) |
| NATEL® go with beemNet option | Mobile subscription with optional beemNet integration for secure mobile access. |
Access via Internet browser
Access to beem-protected resources via a standard internet browser does not necessarily require a user licence. If beem is used to secure services such as web servers or E-Connect servers, it is possible to allow access for unauthenticated or anonymous internet users. In such cases, users can interact with the protected service through the beem network without needing to be explicitly licensed.
Access for IoT devices
Customers with a contract for IoT devices with Swisscom can integrate them into the beem network.
Fail-Close
“Always On” with “Fail-close” is supported on Windows, macOS, and Android. iOS and iPadOS do not support “fail-close” unless device management is implemented by adopting supervised mode.
Single Sign-On
This section provides an overview of public and private Single Sign-On (SSO) support within the beem ecosystem. Currently, four SSO integration variants are available or planned:
| SSO Variant | Description |
|---|---|
| Swisscom Services | Includes My Swisscom Business, beem, and other internal Swisscom services |
| Swisscom Workspace Services | Internal Workspace, Enterprise Workspace and IT KMU Solution (Coming soon) |
| Customer’s Private Applications | SSO integration for customer-hosted apps (Coming soon) |
| Customer’s SaaS Applications | Supports third-party platforms such as salesforce and workday |
Figure: The image illustrates the SSO integration landscape across these variants.
Federation
beem supports identity federation for seamless integration with enterprise identity providers. Currently, the following federation standards are supported:
- Microsoft Entra ID (formerly Azure Active Directory)
- Active Directory Federation Services (ADFS)
This allows organizations to leverage their existing identity infrastructure for secure and centralized authentication across beem-enabled services.
INFO
For detailed configuration guidance or support for additional identity providers, please contact us directly.
Device Management System Requirements
This section outlines the prerequisites and supported configurations for managing devices with beem.
WARNING
Not all versions of client operating systems are supported.
Supported Operating Systems for Device Management
| Platform | Supported Versions | Requirements |
|---|---|---|
| iOS / iPadOS | iOS 16.x – iOS 18.3.1 | Apple Business Manager account required for enrollment and management |
| macOS | macOS 15 and above | Apple Business Manager account required for enrollment and management |
| Android | Android 15 and above | Requires enrollment via Google Enterprise account for policy enforcement |
| Windows | Windows 11 Pro Windows 11 Enterprise (21H2, 22H2, 23H2, 24H2) | No account required for device management |
WARNING
To ensure security and compatibility, only selected Android hardware is supported. Generic or uncertified devices are not considered secure.
Non-Compatible Configurations
The following configurations are not supported with beem:
- Consumer and corporate VPN solutions
- Cascading firewalls
- Third-party solutions that interfere with secure device posture or network routing (category-based exclusions)
- IPv6 connectivity
- iCloud Private Relay
iCloud Private Relay
iCloud Private Relay (also known as Apple Private Relay) is a privacy feature included in iCloud+. Private Relay works mainly with the Safari browser and selected apps on iPhone, iPad, and Mac. Unlike a VPN or a security solution that is directly integrated into the network (such as beem), Private Relay does not cover all device traffic.
How it works: When Private Relay is enabled, your requests are routed through two secure internet relays.
- The first relay (operated by Apple) sees your IP address but not the destination website. DNS queries are encrypted
- The second relay (operated by a third party) assigns a temporary IP address, decrypts the domain name, and connects you to the site.
This process protects user identity without significantly impacting browsing speed.
Drawbacks of Private Relay with beem
beem is a security solution for corporate networks. It provides advanced features such as Application Control, Intrusion Prevention, Deep Packet Inspection, and Geo-IP blocking to detect threats and control traffic.
Private Relay interferes with these functions in several ways:
- Bypassing firewall rules: Since traffic is routed through Apple relays, beem cannot fully inspect it. The firewall often classifies the traffic as Proxy Avoidance and blocks it, leading to issues with websites or apps (e.g., Apple News).
- DNS and traffic classification issues: Private Relay traffic is frequently flagged as a potential proxy or threat, which can result in dropped DNS queries or blocked connections.
- Performance impact: The extra relays and encryption add latency. Combined with beem, this can cause noticeably slower browsing.
- Security blind spots: In corporate environments, visibility is critical. Private Relay obscures traffic, complicating logging and auditing. This creates blind spots where malware or unauthorized access may go undetected.
Why beem & iCloud Private Relay are not compatible
In corporate environments, however, this conflicts with the visibility and control required by beem. To ensure full functionality and compliance with enterprise policies, beem actively blocks requests to Apple’s domains used by iCloud Private Relay. As a result, your Apple device may display a message indicating that iCloud Private Relay is unavailable. This behavior is intentional and technically necessary for beem to deliver its full range of capabilities. You can safely ignore this notification.
Best Practices for Apple Devices in beem-Protected Networks
To ensure smooth operation and full compatibility with beem, please follow these best practices when using Apple devices:
- Private Relay is not available within beemNet: Connections to iCloud Private Relay cannot be established inside beem-protected networks.
- Disable Private Relay in device settings: Users with active Private Relay must manually disable it to avoid connectivity issues.
- Disable per connection: Private Relay can be turned off either globally or per connection (e.g., per SIM or Wi-Fi SSID). We recommend disabling it per connection to maintain flexibility.
- Avoid connection problems: If Private Relay remains active, it may cause temporary deactivation or blocked access to certain apps and services.
- Guest Wi-Fi limitations: Private Relay is also unavailable in guest Wi-Fi networks protected by beem. Apple devices may display a message indicating that Private Relay is not available for the current connection and must be disabled.
How to Disable iCloud Private Relay for a Specific SIM Connection
To ensure compatibility with beem, you can disable Private Relay for individual mobile connections (e.g., SIM cards) by following these steps:
- Open Settings on your device.
- Tap on Mobile Service.
- Select the SIM card or mobile plan you want to configure.
- Deactivate the option Limit IP Address Tracking.
This disables iCloud Private Relay for that specific connection, helping avoid compatibility issues with beem while maintaining flexibility for other networks.
Supported IaaS Solutions
Applicable only for API Data Protection CASB
The following Infrastructure as a Service (IaaS) platforms are supported:
- Microsoft Azure
- Google Cloud Platform (GCP)
- Amazon Web Services (AWS)
- Oracle Cloud Infrastructure (OCI)
Supported SaaS Solutions
beem supports a wide range of SaaS (Software as a Service) applications through multiple integration methods to ensure visibility, control, and data protection. The platform can detect and manage over 8'000 SaaS applications via Shadow IT discovery.
Single Sign-On (SSO) support is also planned and will be available soon.
The table below lists currently supported SaaS applications and indicates their compatibility with the following enforcement methods: inline CASB via forward proxy, inline CASB via reverse proxy, and API-based data protection CASB.
| Inline CASB via Forward Proxy | Inline CASB via Reversed Proxy | API-based Data Protection CASB | |
|---|---|---|---|
| 4shared | ✓ | ✗ | ✗ |
| Amazon AWS | ✓ | ✗ | ✗ |
| AOL | ✓ | ✗ | ✗ |
| Bitbucket | ✓ | ✗ | ✗ |
| Blogger | ✓ | ✗ | ✗ |
| Box | ✓ | ✓ | ✓ |
| Cisco Webex Teams | ✗ | ✗ | ✓ |
| Citrix ShareFile | ✗ | ✗ | ✓ |
| Confluence | ✗ | ✗ | ✓ |
| Craigslist | ✓ | ✗ | ✗ |
| Dailymotion | ✓ | ✗ | ✗ |
| Daum Mail | ✓ | ✗ | ✗ |
| DocuSign | ✓ | ✗ | ✗ |
| Dropbox | ✓ | ✓ | ✓ |
| eBay | ✓ | ✗ | ✗ |
| Egnyte | ✗ | ✗ | ✓ |
| Evernote | ✓ | ✗ | ✗ |
| Excel Online | ✓ | ✗ | ✗ |
| ✓ | ✗ | ✗ | |
| Facebook Messenger | ✓ | ✗ | ✗ |
| Facebook Workplace | ✓ | ✗ | ✗ |
| Flickr | ✓ | ✗ | ✗ |
| GitHub | ✓ | ✗ | ✓ |
| GitLab | ✗ | ✗ | ✓ |
| ✗ | ✓ | ✗ | |
| Google Accounts | ✓ | ✗ | ✗ |
| Google Docs | ✓ | ✗ | ✗ |
| Google Drive | ✗ | ✗ | ✓ |
| Google Gmail | ✓ | ✗ | ✓ |
| Google Photos | ✓ | ✗ | ✗ |
| Google Talk | ✓ | ✗ | ✗ |
| imo | ✓ | ✗ | ✗ |
| ✓ | ✗ | ✗ | |
| Jira | ✓ | ✗ | ✓ |
| Join.Me | ✓ | ✗ | ✗ |
| LastPass | ✓ | ✗ | ✗ |
| Line | ✓ | ✗ | ✗ |
| ✓ | ✗ | ✗ | |
| Mail.ru | ✓ | ✗ | ✗ |
| Microsoft OneDrive | ✗ | ✗ | ✓ |
| Microsoft OneNote | ✓ | ✗ | ✗ |
| Microsoft Outlook | ✓ | ✗ | ✓ |
| Microsoft SharePoint | ✗ | ✗ | ✓ |
| Microsoft Teams | ✓ | ✗ | ✓ |
| Microsoft Yammer | ✗ | ✗ | ✓ |
| Naver Mail | ✓ | ✗ | ✗ |
| Netflix | ✓ | ✗ | ✗ |
| Notion | ✗ | ✗ | ✓ |
| Office 365 | ✓ | ✓ | ✗ |
| Okta | ✓ | ✗ | ✗ |
| OneDrive | ✓ | ✗ | ✗ |
| OneLogin | ✓ | ✗ | ✗ |
| PayPal | ✓ | ✗ | ✗ |
| ✓ | ✗ | ✗ | |
| PowerPoint Online | ✓ | ✗ | ✗ |
| ProtonMail | ✓ | ✗ | ✗ |
| ✓ | ✗ | ✗ | |
| Salesforce | ✓ | ✓ | ✓ |
| ServiceNow | ✗ | ✗ | ✓ |
| ShareFile.com | ✓ | ✗ | ✗ |
| SharePoint Online | ✓ | ✗ | ✗ |
| Shopify | ✓ | ✗ | ✗ |
| Skype | ✓ | ✗ | ✗ |
| Slack | ✓ | ✗ | ✓ |
| SlideShare | ✓ | ✗ | ✗ |
| SoundCloud | ✓ | ✗ | ✗ |
| SourceForge | ✓ | ✗ | ✗ |
| Spotify | ✓ | ✗ | ✗ |
| Stack Overflow | ✓ | ✗ | ✗ |
| Tango | ✓ | ✗ | ✗ |
| Telegram | ✓ | ✗ | ✗ |
| Trello | ✓ | ✗ | ✓ |
| Twitch | ✓ | ✗ | ✗ |
| ✓ | ✗ | ✗ | |
| Viber | ✓ | ✗ | ✗ |
| Vimeo | ✓ | ✗ | ✗ |
| VMware | ✓ | ✗ | ✗ |
| Webex | ✓ | ✗ | ✗ |
| ✓ | ✗ | ✗ | |
| WeTransfer | ✓ | ✗ | ✗ |
| ✓ | ✗ | ✗ | |
| Word Online | ✓ | ✗ | ✗ |
| WordPress | ✓ | ✗ | ✗ |
| Workplace from Meta | ✗ | ✗ | ✓ |
| Xero | ✓ | ✗ | ✗ |
| Yammer | ✓ | ✗ | ✗ |
| Yandex | ✓ | ✗ | ✗ |
| Yandex Mail | ✓ | ✗ | ✗ |
| YouTube | ✓ | ✗ | ✗ |
| Zalo | ✓ | ✗ | ✗ |
| Zendesk | ✗ | ✗ | ✓ |
| Zoom | ✓ | ✗ | ✓ |