- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Environment
- Knox Manage
- Android Enterprise, Android Legacy
- Samsung devices
Overview
Google recently deprecated two Android device management modes:
- Fully managed device with a work profile (FMDWP): was deprecated in Android 11 and replaced with a new work profile on company-owned device
- Device admin (DA): was already deprecated in Android 10, and now app updates must target Android 10
Read on to learn how these deprecated modes are now supported by Knox Manage and the actions you must take to avoid service disruptions.
Fully managed device with a work profile
As previously mentioned through the Knox Manage release notes — August 27, 2020, Android 11 continues to protect user privacy, by limiting an enterprise's ability to view or manage personal activities on a company device. More specifically, Google has replaced fully managed device with a work profile with a new work profile on company-owned device.
With Android 11:
- New device enrollments: Knox Manage no longer allows a fully managed device with a work profile, by Google policy.
- Existing device enrollments: Knox Manage provides these migration options:
- Work profile on company-owned device: Upon firmware update to Android 11, Knox Manage automatically migrates a fully managed device with a work profile to this new mode by default. A work profile on a corporate device differs from that on a personal device in that additional management policies are allowed at the device level. For details, see work profile on company-owned devices.
- Fully managed device: Knox Manage provides a Device Command called Switch to Fully Managed (Remove Work Profile) so the IT Admin doesn’t have to conduct a device factory reset. This migration using the Device Command must be done before the upgrade to Android 11.
- Separated Apps: Once you migrate to a fully managed device, you can then use the Knox Service Plugin to add a Separated Apps folder to contain authorized third-party business apps. For details, see Separated Apps.
Android Legacy
With the shift in deployment mode from Android Legacy to Android Enterprise, most of the major EMM vendors stopped supporting the legacy device admin mode in Android 10. However, Knox Manage kept supporting legacy enrollments for devices with Android 10.
With Android 11:
- New device enrollments: Knox Manage no longer allows deployments to Android Legacy mode.
- Existing device enrollments: Upon firmware update to Android 11, Knox Manage continues to support devices already enrolled as Android Legacy in Android 10 and lower.
Since new Knox Manage features and product designs will be focused on Android Enterprise implementations, the support scope for Android Legacy will be limited to bug fixes, and migration to Android Enterprise is highly recommended.
Device admin (DA) deprecation
In Android 10 (Q OS), to encourage migration to Android Enterprise, Google deprecated four key device admin (DA) policies that controlled the device camera, password, keyguard, and Wi-fi. Furthermore, by November 2, 2020, Google requires app updates to target API level 29 or Android 10. So, from this date onwards, app updates will start throwing exceptions if they call the four deprecated DA policies.
The Knox Manage v20.11 release no longer supports the four deprecated DA policies in Android Legacy mode.
- Android Legacy > System > Camera
- For a Samsung device, the Android policies will be supported constantly by using equivalent Knox policies.
- For a non-Samsung device, the policies are no longer available and must be released from the policy set before the v20.11 release.
- Android Legacy > Security > Device Password
- For a Samsung device, the Android policies will be supported constantly by using equivalent Knox policies.
- For a non-Samsung device, these policies are no longer available and must be released from policy set before the v20.11 release.
- Android Legacy > Security > Device Password > KeyGuard (Block Functions on the Lock Screen)
- For both Samsung and non-Samsung devices, the policies are no longer available and must be released from the policy set before the v20.11 release.
- Android Legacy > Interface > Wi-Fi
- For both Samsung and non-Samsung devices, the policies are no longer available and must be released from the policy set before the v20.11 release.
