Knox Manage 20.06 release notes
Last updated January 22nd, 2024
Console
Getting Started tour
The Getting Started tour is now available in seven languages:
- English
- Spanish
- Portuguese
- French
- Italian
- German
- Korean
You can access the Getting Started tour by clicking the Support icon on the upper-right corner of the screen.
Two-factor authentication enhancement
When logging in to the Knox Manage console, you can click Skip additional verification on this browser next time if you want to skip two-factor authentication on your browser. If the following conditions are met, you are not prompted for a verification code until you clear your browser cache:
- The new session is created in the same network.
- The same user ID and password are used to log in.
- The same browser is used to log in.
Knox Manage agent version in device details
The version number of a device’s Knox Manage agent is now shown in the Device Detail.
Add control application button
Previously, control apps could be added only in the Profile tab through the Manage Control App button. To make this functionality more easily accessible, control apps can now be added through the Add Control Application button which has been added in several places.
Menu | ||
---|---|---|
Android Enterprise | > Certificate | |
Samsung Knox | > System | > Allowlisted Device Admin |
> Phone | > Set up apps that use enterprise billing | |
> Firewall | ||
> DeX | > Application execution blocklist (Android) | |
> DeX | > Customize DeX Experience | |
Android Legacy | > Phone | > Set app voice recording allowlist |
> Firewall | ||
> DeX | > Application execution blocklist (Android) | |
> Knox VPN | > VPN route type by application | |
Knox Workspace | > Firewall | |
> Knox VPN | > VPN route type by application | |
Kiosk Wizard |
Samsung Knox Support
A link to Samsung Knox Support has been added in the Knox Manage console. You can access the Knox Support link by clicking the Support icon on the upper-right corner of the screen.
History of device commands in requests
The history of device commands in requests i deleted after three months. This option is available in History > Device Command in Request.
Service admin access
For privacy reasons, the service admin role no longer has access to the following actions. These buttons are now removed:
- Check Location
- Export to CSV
Application
Managed configuration wildcard support
Checkpoint Sandblast is a mobile security application that Knox Manage supports. When setting Managed Configuration for Checkpoint Sandblast, you can now use the following wildcard variables:
- $deviceid$
- $imei$
Profile
Use of Knox Platform for Enterprise license in the Android Enterprise mode
Previously, Premium features were only supported through a Knox Suite license. The Knox Platform for Enterprise (KPE) license was only used for the Knox Workspace (legacy) mode. Starting this release, you can use a KPE license in the Android Enterprise (AE) mode to take advantage of Premium features.
Knox E-FOTA is not included in a KPE license. It is included in Knox Suite.
Mode | Knox Manage license | Knox Manage & KPE license | Knox Suite license |
---|---|---|---|
Android Legacy | Standard features | Standard + Premium features | Not supported |
Android Enterprise | Standard features | Standard + Premium features | Standard + Premium features |
You can upgrade the following licenses to a Knox Suite license in the License tab of the Knox Manage console:
- Knox Platform for Enterprise
- Knox Manage
Once you’ve upgraded a license, you can’t downgrade back.
Requirements to use Premium features with a KPE license
- The Knox Manage agent must be upgraded to 20.06.
- The devices must be Samsung devices.
One UI Core devices (that is, non-Knox Samsung devices, formerly known as JDM devices) do not support Premium features with a KPE license. Applying KPE policies on such a device will cause unexpected errors that require a factory reset.
Allow USB devices for default access by app
You can now set control policies for USB access for each application.
-
Set this policy to Allow to add an app to the allowlist. When using that app, the user will not be prompted through a popup message to grant permission to allow USB usage. It will always be allowed. You’ll need to provide the following to identify the app to be allowed:
- Package name of the target application
- Vendor ID
- USB product ID
-
Set this policy to Disallow, or do not apply this policy, if you want users to specify (though the popup message) whether they want to allow or deny USB access for the app.
A KPE or Knox Suite license is required to configure this setting in the Work profile area.
When adding or modifying an Android Enterprise profile, you can find this setting in Samsung Knox > Interface > Allow USB devices for default access by app.
Enforce firmware auto-update on Wi-Fi
You can now enforce automatic firmware updates when the device is connected to a Wi-Fi network.
- Set this policy to Use to allow firmware auto-updates over a Wi-Fi network. Device users will not be able to turn this setting off.
- Set this policy to Do not use to allow the device user to choose whether or not to allow auto-updates over Wi-Fi.
When adding or modifying an Android Enterprise profile, you can find this setting in Samsung Knox > System > Enforce Firmware Auto Update on Wi-Fi.
APN configuration with wildcard variable
The Access Point Username and Access Point Password settings now allow the following wildcard variables:
- Device IMEI
- Device serial number
When adding or modifying an Android Enterprise profile, you can find these settings in Samsung Knox > APN.
Manage file uploads through the Kiosk Browser
You can now allow or disallow file uploads through the Kiosk Browser. The default value is Disallowed.
When adding or modifying an Android Enterprise or Android Legacy profile, you can find this setting in the following paths:
- Android Enterprise > Kiosk > Kiosk app settings > File Upload.
- Android Legacy > Kiosk > Kiosk app settings > File Upload.
Secure Startup policy
The Secure Startup policy has been added for devices running an OS earlier than Android P in Android Legacy mode. This policy allows you to allow or disallow users from setting the Secure Startup feature on devices.
When Secure Startup is set and the user enters the wrong password 30 times, the device will undergo a factory reset even if you have restricted factory resets through a policy. To avoid this situation, set the Secure Startup policy to Disallow.
When adding or modifying an Android Legacy profile, you can find this setting in Android Legacy > Security > Secure Startup.
Kiosk
Mobile hotspot setting for Kiosk devices
You can now allow users to configure the Mobile Hotspot setting in kiosk devices. When adding or modifying a kiosk using the Kiosk Wizard, you can select Hotspot in the Device Setting menu.
For more information on configuring kiosk device settings, see Configure device settings.
License
License usage visualization
The License menu and License Detail screen have been enhanced to show license usage visualization for easy viewing.
In addition, Knox Suite license usage is updated whenever you access the following.
-
Dashboard > License
-
Setting > License > (Click a license key of type Knox Suite.)
License Detail
License upgrades
Enhancements to license upgrades have been made.
Upgrade a Knox Manage license to a Knox Manage with Knox Platform for Enterprise license
You can now upgrade a Knox Manage license to a Knox Manage with Knox Platform for Enterprise license. There are two ways to do this.
By modifying a user:
- Go to User and find the user to be upgraded.
- Click Modify.
- Next to Knox Platform for Enterprise (Android Enterprise), select Yes.
- Click Save.
- Click OK to confirm your request.
By assigning a Knox Manage (& KPE) license to a user:
- Go to Setting > License.
- Click Assign.
- Select the organizations or users to be upgraded, and click Assign.
- Click OK to confirm your request.
Upgrade a Knox Manage with Knox Platform for Enterprise license to a Knox Suite license
You can also upgrade a Knox Manage with Knox Platform for Enterprise license to a Knox Suite license:
- Go to Setting > License.
- Click Upgrade.
- Select the organizations or users to be upgraded, and click Upgrade.
- Click OK to confirm your request.
Report
Report enhancement for Device Detail
The following details were added to the Device Detail report:
- Wi-Fi AP name
- AP MAC address
- Hidden SSID
- External SD card (Y/N)
iOS
Apple VPP enhancement
Previously, Knox Manage only supported user-based app assignment for the Apple Volume Purchase Program (VPP). This requires adding VPP users before assigning VPP apps to their devices.
Moreover, end users also had to log in with their Apple ID to install the VPP application.
Starting this release, Knox Manage supports device-based VPP app assignment, which doesn’t require Apple ID based mapping. You no longer need to go through the VPP user management process. You can just assign the app to groups or organizations.
When assigning a VPP application, you can do the following:
-
Check the license usage synced from Apple Business Manager ( https://business.apple.com ).
-
Select the assignment type — Device or User.
The Device assignment type is based on the device’s serial number and works without Apple ID configuration on the device. If you choose this, you don’t need to set up any Apple IDs.
The User assignment type works as it did before 20.06.
-
Select the install type — Manual or Automatic.
- If you select Manual, the assigned application becomes available in the Knox Manage agent’s Application Store for the user to download.
- If you select Automatic, the app is installed on target devices without user intervention.
Regardless of install type, the installation status can be seen on the Knox Manage agent’s Application Store.
-
Select a target type — Group or Organization.
Resolved issues and improvements
Items marked with (HOTFIX) were released before version 20.06.
- [KMVOC-9456 / 00194312] Report Error
- [KMVOC-9449 / 00194328] getting Error in uploading internal app
- [KMVOC-9418 / 00193497] Device leave kiosk and shows application to choose.
- [KMVOC-9380, 9475 / 00192777] KM/KS SSO login from Knox Portal shows black(greyish) screen (HOTFIX)
- [KMVOC-9372 / 00191944] [KM/KME] Auto enrollment
- [KMVOC-9350 / 00192096] cannot open any applications just after start the device
- [KMVOC-9347 / 00191930] Select via Filter not work properly in version 20.4 (HOTFIX)
- [KMVOC-9334 / 00192286] LDAP user sync doesn’t change the ’type’ attribute (HOTFIX)
- [KMVOC-9328 / 00188140] AD sync service scheduler is not syncing group (HOTFIX)
- [KMVOC-9324 / 00191953] [ETS] S9 | OS 9 | KNOX Manage Client v 20.4 causing battery Drain (HOTFIX)
- [KMVOC-9318 / 00191955] Managed Configuration with Managed Google Play Private Apps (HOTFIX)
- [KMVOC-9311 / 00191842] After KM update 20.4, SM-T365 devices get statusbar and apps locked. (HOTFIX)
- [KMVOC-9304 / 00191692] Managed Configuration of CISCO AnyConnect (HOTFIX)
- [KMVOC-9299 / 00191118] KM agent Not responding after latest update (HOTFIX)
- [KMVOC-9183 / 00188933] KM sync issue
- [KMVOC-9167 / 00188056] AD null pointer exception while AD LDAP sync on some users for SRA (HOTFIX)
- [KMVOC-9090 / 00182768, 00186386][KCSME-2221] KC/KM workflow
- [KMVOC-9488 / 00195000] Internal Application File name Error
- [KMVOC-8589,8824 / 00186713, 00178677, 00178628, 00182410] wrong variables in Samsung Email app / Samsung E-Mail, wildcard issue in Knox Manage and AE managed config
On this page
Is this page helpful?