Back to top

Knox Manage 21.04 release notes

Last updated July 26th, 2023

This Knox Manage 21.04 release scheduled to go live on April 29, 2021 includes several improvements and enhancements to existing features and functionality.


The following features constitute the highlights of this release:

  • Web-based Remote Support tool support
  • Allow duplicate package as internal and MGP private app
  • Geofencing event support for non-Samsung Android devices
  • iOS user management enhancements
  • Blue light filter & 2 GB content uploads

Android Enterprise enhancements

Factory reset protection in WP-C

Until KM 21.02, the Factory Reset Protection policy was supported only on fully managed devices. Starting this release, this policy is also supported on Work Profile on Company-owned (WP-C) devices running Android 11 and higher.

This policy is not supported for Work Profile on Personally-owned devices.

On the KM console > left navigation menu > Profile > Add Profile (or Profile > Modify Profile ) > Android Enterprise > Factory Reset Protection page

On the device > Account verification page

Geofencing event profile in non-Samsung Android devices

Starting with KM 21.04, you can now add Geofencing events to device configuration profiles for non-Samsung devices.

Geofencing is not available in the USA.

On the KM console > left navigation menu > Profile > Add Profile > Android Enterprise > click button to turn on Event Profile > in the Event Type list, select Geofencing > follow on-screen instructions to create this event type.

KSP improvements

KSP policies that have their default value defined using KSP, the Knox Service Plugin page can now pre-populate fields with recommended default values. On the Knox Service Plugin page, click . The default value is deleted.

Android Legacy enhancements

The Android Legacy feature includes the following enhancements and improvements.

Wi-Fi proxy policy improvement

From this release, IT admins are now able to block a device’s Wi-Fi proxy information from showing on the device. When this policy is set, device users cannot see the proxy menu under device settings > Wi-Fi. Currently, this feature is only available for specific devices, such as SM-T585, running the latest firmware version.

On the KM console > left navigation menu > Profile > Android Legacy > Interface page > Wi-Fi Proxy Setting

On the device > Settings > select the specific Wi-Fi network name > this dialog opens.

IMEI/Serial Number on Android 10 devices

Until KM 21.02, KM did not support IMEI and Serial Number (SN) information for devices running Android Legacy 10. Starting with this release, IT admins are now able to see device information even for Android Legacy 10 devices.

Remote Support enhancements

The KM 21.01 release was a beta release for a web version of the Remote Support Viewer. This release is the complete release to production for the web version of the Remote Support Viewer. Currently, the web version of the Remote Support Viewer is only available on Google Chrome and Mozilla Firefox browsers.

The Windows app-based Remote Support Viewer is currently still available, but will be deprecated soon.

This version of the web-based Remote Support Viewer offers all the same functionality as the Windows application based viewer, including unattended mode, screen sharing, and so on.

Kiosk enhancements

Blue light filter in device settings

Starting now, the blue light filter setting is available for Kiosk device profiles.

To access this setting, on the KM console > left navigation menu > Kiosk > Kiosk page (Add or Modify) > next to Advanced settings click to expand the panel > next to Device setting, click Select > in the Select Device Setting dialog, click to select Blue Light > click OK.

Notification settings

For Samsung devices running Android 6 to 11, you can also restrict access to the notification settings from the device settings appThis restriction means that when device users access the setting menu from the Kiosk setting, device users cannot access other setting menus through the Notification Settings button.

Kiosk UX improvements

The following UX improvements were made to the Kiosk functionality:

  • Floating icon user experience — For devices running Android GO and Q OS, applications could not use floating icons on the Kiosk UI due to restrictions in Android permissions. This release improves the usability of the floating icons for single Kiosk devices, so that the users can use these icons on the Kiosk launcher.

  • Close UX on open source license screen — The Open Source license screen now includes a button to close the screen and return to the previous screen.

iOS enhancements

This release adds the following iOS enhancements.

Locate devices in background

Currently, KM can collect a device’s location data only after the device user opens the KM Agent and allows the collection of device data from the Collect Device Location page. From this release, the device user only needs to provide this permission once, after which the process runs in the background.

Before you can collect location data for iOS devices, you must allow the collection of location data from the KM console > left navigation menu > Setting > Configuration > Knox Manage Agent Policy > Allow Collecting Location Data > set to Use. When the device user is prompted on the device to allow collection of location data by the KM agent, the device user must select Always Allow.

The device’s location data is now collected whenever the device moves 500 m or more. IT admins can view this information from the KM console > left navigation menu > Device > iOS Device Command page > click Check Location > Check Location page opens.

VPP token deletion

In case of VPP admin account changes or the VPP token being reset, IT admins can now delete existing VPP tokens, resulting in revoking licenses and deleting VPP apps from devices and the KM console. If the IT admin renews the VPP token, then the assigned licenses as well as the apps on the target devices remain intact while the token is renewed.

You can access the VPP Server Settings page, on the KM console > left hand menu > Setting > iOS > VPP Server setting. The buttons in the previous image are available after the VPP token is registered.

Consolidate VPP user into KM User Management

Starting with this release, the VPP user management menu is merged with the KM users menu, so that all users are managed from a single screen. VPP functions such as sending out VPP invitations and deleting users from VPP continue to be supported from the user menu.

Bulk assignment of DEP users

KM now supports bulk assignment of DEP users to improve the usability and convenience of individual user assignment when activating a large number of iOS devices. If you create and upload a bulk assignment template, including a user ID and device serial number in advance, the devices synced from Apple Business Manager are automatically assigned to the user ID. Once the devices are assigned to the user ID, KM activation is complete.

You can access bulk assignment on the KM console > left hand menu > Device enrollment > Apple DEP > DEP Device Management > Bulk Assign Users.

Support Exchange OAuth 2.0

Exchange settings now support the OAuth 2.0 authentication type for devices running iOS 12 or higher.

You can access this option on the KM console > left hand menu > Policy > Add or Modify iOS policy > Exchange > Use OAuth section.

Mobile content management enhancements

Reuse content files multiple times

IT admins can now reuse a single content file, as long as they change the Content Name, that is, the file’s name on the console.

If a file with the same content name is added to the console and assigned to the devices, the new content file overwrites the old file. To avoid accidentally overwriting existing files, change the Content Name for duplicate files.

To add new content files for target devices, on the KM console > left hand menu > Content > Add.

Delete contents during unenrollment and unassignment of devices

Target devices often contain sensitive or confidential data that is compromised if the device is unenrolled or unassigned from KM. In such cases, IT admins can set up rules to automatically delete content from devices when they are unassigned or unenrolled from KM. When devices are unassigned or unenrolled, the content deleted from such devices remains in the KM console and can be reassigned to other groups.

You can access these options on the KM console > left hand menu > Setting > Basic configuration > Device Tab.

Support 2 GB contents

IT admins can now add contents up to 2 GB in size to individual devices. This increased capacity means IT admins can send crucial information and data to devices when necessary.

Mobile app management enhancements

App installation status improvements

Starting with this release, IT admins can check when an app’s status is not installed. For example, if an optional app is not installed on the target device, the IT admin see a notification that can allow them to determine why this app was not installed on the target device and can take corrective action, such as asking the device users to install the app.

To set up and configure the tooltip to show on the device, on the KM console > left hand menu > Application > Application Detail > Device Tab > Install Status Field.

Add a duplicate package as Internal and MGP Private App

For apps with the same package name, KM now allows IT admins to register these apps as duplicate entries for each internal and MGP app type. What this change means is that in the Application menu, Internal and MGP apps can now have the same app package name at the same time.

Application details improvements

The Application Details page now includes two new columns providing information about the last seen time and the serial number of a specific application on target devices.

You can find these two columns and more information about the application on the target device on KM console > left hand menu > Application > Application Detail > Device Tab.

Other enhancements

This release also includes the following enhancements:

  • Agent error message improvements — Error messages shown on the device include improvements that provide more details about the issue that caused the error as well as a method to troubleshoot the error. Each error message now includes an error code, title, and descriptive message.

  • Limited permissions of the organization’s subadmin — IT admins can now give additional permissions — full permissions; the new default access level — to subadmins within their organization, allowing them to add, modify, and delete organization level data. IT admins can provide this information on the KM console > left hand menu > Setting > Administrator.

  • Support privacy policies based on country and language — Starting with KM 21.04, seven additional Privacy Policies including GDPR, LGPD, KVKK, and CCPA are supported and shown on the target device in the language based on the device’s locale and country code as specified in the KM console. The device user can see it when they enroll the device and after the device is enrolled, the device user can also view this information from the KM Agent > About.

  • New additional API — KM now supports the new Read Audit Log API.

  • Delete multiple AD/LDAP sync exceptions — Starting with this release, you can now delete all sync exceptions in AD/LDAP at the same time.

  • Dashboard auto refresh intervals — You can now set the Dashboard auto refresh interval for values between 1 minute and the maximum console session timeout interval.

  • Last seen hour option — Dashboard management now includes a new option, under Advanced > Dashboard Management > Add Dashboard (Widget) > Select Widget (Last Seen).

  • Add information about excluded policies — You can now provide a list of policies that are excluded when importing a profile into a new profile.

  • New information in Device list — The Device list report now includes a new column called Organization name, and allows you to sort the report by columns, such as Device name, IMEI, Serial Number, and Device model name.

  • Sync status with Samsung account — The KM Samsung admin SSO login session is now synchronized with the Samsung Account status, that is whether the account is activated or deactivated.

Resolved issues and improvements

  • [KMVOC-10415, 00212909] Managed configuration opening crashes the console when HTML signature is defined
  • [KMVOC-10406, 00212741] FGA - TylerTech app fails to install
  • [KMVOC-10383, 00210784] Location not updated properly
  • [KMVOC-10365, 00211873] Can’t use web page: in Knox Kiosk Settings
  • [KMVOC-10310, 00210762] Knox Manage location reporting error
  • [KMVOC-10295, 00209622] FirstGroup - Kiosk application is not removed when moving from one group to another
  • [KMVOC-10349, 00211555] Kiosk application corrupted after Cisco Webex Conference distribution via MGP (HOTFIX)
  • [KMVOC-10344, 00211436] Export all data for certain tenants (HOTFIX)
  • [KMVOC-10343, 00211405, 00211360, 00211315, 00211341] 21.2 Major issue stopping ALL businesses using tables in AE DO and legacy kiosk mode (HOTFIX)
  • [KMVOC-10331, 00210463] Issue with Limited Enrollment (HOTFIX)
  • [KMVOC-2327, 00211860] [KM][KME] Disabling system apps
  • [KMVOC-2321, 00214398] [ETS]API call to get device tag values
  • [KMVOC-2312, 00213031] Custom Booting Animation fails if sound file is not provided
  • [KMVOC-2301, 00213089] KM application policy wildcard

Is this page helpful?