Knox Guard 1.27 release notes

New lock screen settings

A lock command is typically delivered to a device when Wi-Fi is enabled and available at home, work etc. However, a device may be unable to receive an unlock command if the device user not at home or work and unable to secure the required network connection. Even when a locked device user was to secure data connectivity at their carrier’s store, their device lock screen still does not provide the means to change network connectivity setting to receive the unlock command.

To address this shortcoming, mobile data and Wi-Fi on/off settings are required on the Lock screen when the device is in a locked state.

Updated license depletion notification email

Currently, the email informing and admin of a low license count is not received in time to re-order before depletion.

To better support our customer deployments and better ensure license seats can be re-applied before depletion, we have changed the time and frequency license depletion emails are sent. With this release, admin emails are now sent when the license count is down to 10% (out of total) remaining seats, then another email when at 5%, and a final email at 3%.

Location tracking enhancements

The Knox Guard team recently decided to remove the located device map from the console, since the utilization of the map requires a contract requiring individual user consent.

Going forward, the Knox Guard console will just display latitude and longitude data and provide a means for an admin to integrate this data to the map service of their choosing.

Once the device’s location is detected, its coordinates display as well as the time remaining before the next location refresh is available.

The location can be refreshed up to 10 times a day. Once viewed, the location display cannot be refreshed for 10 minutes. The Locate device menu item only displays if the tenant has been granted permission, otherwise the menu item is hidden. Only a single device can be selected at a time.

Approval ID search with special characters

Customers often upload devices and approval IDs into Knox Guard, but are unable to search for a particular device using an approval ID, since an approval ID is not a filterable column option. Additionally, there is a limitation on the special characters that can be used in a search, even though approval IDs frequently use special characters like (/).

To remedy this shortcoming, an approval ID is now included as a device search option within the Devices tab. Additionally, these special characters will be supported as search parameters (@, :, $, /, *, %, ^, &, \ (, ), +, ?, {}, [],).

First time device upload enhancements

Customers have reported frustration locating the portion of the Knox Guard console used for first time device uploads into Knox Guard.

To reduce console navigation uncertainty, an UPLOAD DEVICES button has been added to the Devices page. Once selected, the Upload devices screen displays. A tool tip is also included describing the subsequent device upload actions available to an admin by invoking this action.

Device user overdue messaging enhancements

Currently, payment overdue notifications can be easily ignored from the device’s notification center, somewhat defeating the purpose of the overdue notification.

To make overdue notifications difficult to ignore, an Initially show notifications as a full-screen message on user’s device checkbox option has been added to the Default overdue notifications screen. When selected, the device user sees the fullscreen message before the message displays on the notification panel. If unsure how the notification will display on the target user’s device, select Preview fullscreen message.

Device event log collection

Upon request, a device log has been implemented to capture events that are either sent automatically when a specific condition is met or dynamically when a push commend is received from the Knox Guard server. The device log is for internal debugging purposes and does not require a device user interface with log generation. The receipt of diagnostic information is optional.

Admins now capable of invitation to multiple services

To date, an admin is unable to invite another admin belonging to a different Knox Cloud Service. With this release, a super admin or an admin with admin invitation permissions can now invite an admin belonging to a different service to a role in their service. For example, admin 1 belongs to just KG with a non-super admin role. Admin 2 belongs to KME with a non-super admin role, but has admin invitation permissions. Therefore, admin 2 can invite admin 1 to join KME for any role for which admin 2 currently has permission.