- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Knox Guard 1.8 release notes
KG + KC/KME on the same device
This feature enables KG and KC/KME services to be used together on the same device so customers can protect their devices with KG, use KC for automatic device configuration or re-branding updates, and also use KME for device enrollment, management and app installations.
Typically, customers want to use KG with KC/KME to provide better device branding and management for deployments within their specific marker segments. In turn, this will drive up their sales, generate additional revenue for KCS, and expand the overall customer base for Knox services.
To accommodate the combined use of these services, a reseller can now upload a device to KG as well as KC/KME using one customer ID and account.
Role-based access control (RBAC)
This release introduces a new Role-based access control (RBAC) capability that allows customer (tenant) admins who are responsible for account creation (Super Admin) to assign more refined role permissions to individual admins as their specific enterprise requirements dictate. Though each supported Knox Cloud Service utilizes admin roles unique to that service, a Super Admin cuts across all supported services.
With the new RBAC service, existing customers will have their administrators migrated automatically. Administrators with their own unique set of permissions (manage administrators, delete devices etc.) will be assigned new roles that map to their current permissions. If needed, new roles beyond what the migrated admins are currently assigned can be created based on a list of permissions unique for each service.
The only role that cannot be assigned is the Super Admin role, which applies across all supported services. Only one person can assume a Super Admin role per company. Upon migration, the Super Admin role is assigned to the person who originally created the customer account. The Super Admin role receives every permission option available. For information on creating a new admin account and assigning them unique roles and permissions, go to: Manage administrators.
Upload devices directly to the KG server
Currently, to use devices in KG they must be purchased through a reseller. The customer must request registration (upload device IMEIs) in their reseller portal or using reseller API. Additionally, the customer can only use devices registered through their reseller within the KG console once approved and accepted with a valid KG license.
However, the process described above does not enable non-carriers, such as financial institutions, to use KG since they are not in a physical device channel, or function as resellers. For such customers, the KG team has provided tenant permission control within the Samsung Admin portal and provided user permission control within the KG console to grant permissions to limited users. Additionally, an IMEI verification step has been added to ensure a wrong device IMEI is not auto-accepted and registered.
Device deletion improvement for KG + KC/KME
This feature introduces a new device deletion concept when KC/KME is deployed with Knox Guard. Once devices are uploaded to a customer ID with KG/KC/KME accesses, devices are added to all three consoles by default. If the customer would like to use only KG on their devices, they can remove those devices from just the KC and KME consoles only.
