- *BASICS*
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- How-to videos
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- On-Premise
- Knox Configure
- Mobile
- Wearables
- Shared Device
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- View applications
- Add applications
- Introduction
- Add internal Android and iOS applications
- Add internal Windows applications
- Add public applications using Google Play Store
- Add public applications using iOS App Store
- Add public applications using Managed Google Play
- Add public applications using Managed Google Play Private
- Add public applications using Managed Google Play Store Private Web
- Add public applications using Microsoft Store
- Add Chrome OS applications
- Assign applications
- Introduction
- Assign internal Android and iOS apps
- Assign iOS App Store applications
- Assign Google Play applications
- Assign Managed Google Play applications
- Assign Managed Google Play Private applications
- Assign Managed Google Play public web apps
- Assign Windows applications
- Assign Chrome OS applications
- Manage applications
- Volume Purchase Program for iOS
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Introduction
- Accept or reject devices
- Upload devices
- Delete devices
- Complete payment
- Send payment overdue notification
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQs
- KBAs
- Support
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
Knox Manage release notes—January 07, 2021
This Knox Manage v21.1 release scheduled to go live in January 2021, includes several improvements and enhancements to existing features and functionality.
KME console integration
Starting KM v21.1, the Knox Mobile Enrollment (KME) API is now integrated with the KM console. The following UI changes are now part of KM:
- Samsung Account Single-sign on—KME Users need to log in with their Samsung account SSO credentials to use KME features from within the KM console.
- KME features—The two key features of KME, namely Device and Profile management are now available in the KM admin console.
- Device Enrollment menu—Existing KME and DEP menu items are now consolidated to form the Device Enrollment menu item.
- KME profiles—KM users can now view, create, and delete KME profiles from the KM console. The KME profile creation process and UI in KM is simpler and more user-friendly.
Android Enterprise enhancements
Android device management now uses Android Enterprise instead of Android Legacy. Going forward, Knox Manage only supports new enrollments of Android 11 devices to the Android Enterprise mode. Android 10 devices previously enrolled in Android Legacy mode are still supported even when they're upgraded to Android 11.
For devices running an OS earlier than Android 11, Knox Manage continues to support Android Legacy, with the scope limited to bug fixes.
Android 11 provisioning improvements
For devices running Android 11, KM now supports a new device provisioning method that lets the device user choose the device's mode, depending upon whether the device is for Work use only or work and personal use.
Knox Support on Work Profile on company-owned device
Until KM v20.11, KM only supported Android Enterprise policies for device management. Going forward, for devices running a Work Profile on a company-owned device, KM now supports Knox policies.
Managed Google Play Web Application
Starting this release, KM now supports web version of the Managed Google Play (MGP) app, using the Google Chrome browser. Note that before you allow the use of MGP's web version, you must approve the use of Google's Chrome browser. If Chrome isn't on the list of allowed applications, you cannot add MGP web app.
To add a new MGP web app, do as follows:
- Go to the Application page > click Add > click Select Application type > click Public App (Managed Google Play Private - Web). The Managed Google Play Web Apps page opens.
- On this page, enter the following information:
- Title—Ideally, this title must match the app's title on the MGP store.
- URL—This value is the web app's Google Play Store URL.
- Display—Depending upon the app, you may choose to deploy it to run in either full screen, standalone, or minimal UI display.
- Return to the Application page > select the newly added app > click Assign.
- On the Assign Application page, provide all the relevant information and assign device targets to this application. When you assign a MGP web app, you must also assign the Google Chrome app at the same time.
Managed Configuration user interface and usability improvements
The UI for Managed Configuration is now changed to use a custom method from Google’s iframe method for better flexibility and improved usability, for example using diverse Wildcards.
System Update Freeze Period
When applying system updates to devices running Android 9.0 (API 29) and higher, IT admins can now use the Freeze Period option to delay deployment of system update to target devices. The following are important points to consider:
- Support for all update policies—The Freeze Period option supports all kinds of update policy such as automatic, postpone, and windowed.
- Freeze periods apply one at a time—Currently, IT admins cannot set up freeze periods that overlap each other. IT admins can set up multiple freeze periods but only one freeze period applies to devices at one time.
- Freeze period duration—IT admins can add a total freeze period of 90 days.
- Multiple freeze periods—Two freeze periods cannot overlap each other and must remain separated by a minimum of 60 days.
Restrict applications from Unknown Sources
For devices running Android 10 and higher, IT admins can now restrict the device user from installing applications from unknown sources. They can apply this restriction either on the entire device or just within the Work Profile. For devices running Android 9.0 or lower, this restriction applies to only the Work profile even if it is applied to the selected Device Wide option.
Advanced Passcode Security Improvements
Going forward, IT admins can specify the use of strong authentication for the password policies on the device. Once the IT admin sets up the strong password policy, the policy is immediately deployed to target devices. The following are important points to consider:
- In addition to the regular authentication methods—such as passcode, PIN, or biometric recognition—IT admins can set up a strong password policy on the device. Strong authentication is restricted to PIN and Password.
- IT admins can require device users to log in again on a set time interval of up to 72 hours.
- For example, the device user can unlock their device using fingerprint recognition on a regular basis, but they must log in using strong authentication such as a PIN or a password every 72 hours.
Message Customization
For devices running Android 7.0 (API 24) and higher, KM now supports message customization. Device users see error and support messages when they perform an action on their device that is blocked by the KM security policy. IT admins can now customize both short error codes as well as long support messages.
For devices running Android 9.0 (API 29) and higher, IT admins can also show customized support messages when the Work profile is wiped by either the IT admin or by the device user.
Web-based remote support (beta release)
KM 21.1 includes a beta release of a web version of Remote Support. During the beta period, the existing standalone version of the Remote Support app is also available. The web version of Remote Support provides the same features as the standalone version, such as unattended mode and screen sharing.
For this beta release, recording and file browser features are unavailable. Only the screen capture feature is currently available in the web-based remote support app.

Alert mail notification enhancement
KM now includes the ability to send emails to the IT admin when managed devices are unenrolled or disconnected from KM. This feature enables IT admins to manage their devices without needing to actively monitor them. To set up notification emails, go to History > Alert > Email Alert Setting.
iOS feature enhancements
This release of KM includes the following iOS improvements to iOS support:
- DEP enrollment by User—IT admins can now select from the following options:
- User Assignment Method—IT admins can use this option to assign device users to DEP device before KM enrollment.
- User Authentication Method (New)—For this option, device users directly enter their user ID and password upon enrollment.
- New Policy Support – App Clips—App clips are instant ways for device users to quickly access and experience apps without installing them on their devices. From KM v21.1, IT admins can choose whether to allow this policy on their managed devices.
- App Block or Allowlist Policy—For devices running iOS 9.3+ and in Supervise mode, IT admins can now apply application block and allowlist policies to applications that were installed before enrolling the device in KM.
- Device commands—For devices running iOS 9.3+, iOS device commands are a new feature and currently only work in Supervised mode for Power Off and Reboot functions.
Windows 10 app control by AppLocker
AppLocker is an in-built Windows 10 app that you can use to control a variety of executable file formats, such as exe, Windows Installers, Scripts, Packaged apps, and DLL. For more information, see The Microsoft AppLocker Guide.
Before device users can use AppLocker on their managed device, they need to do as follows:
- Create XML rules using AppLocker wizard.
- On your Windows 10 device, start Group Policy Editor.
- Go to
Computer Configuration\Windows Settings\Security Settings\Application Control Policies\AppLocker
, right-click and select Properties, then enable Rules which you need to control in your enterprise and select Enforce rules. Doing so turns on AppLocker rules. - Click OK.
- On the screen that opens, right-click and click Create Default Rules, and then follow onscreen instructions on the AppLocker wizard to configure your rules. For example, the following image shows how to create an XML rule to restrict the use of a screen capture tool.
- Export the newly created XML rules to your local drive.
- Go to the KM console > copy and paste the XML rules to your Knox Manage Profile, under the AppLocker menu.
- Deploy the newly created profile to your managed Windows 10 devices.
Kiosk feature enhancements
This release includes the following enhancements for the Kiosk feature:
- Locktask allowlist feature for single/multi Kiosk—IT admins can now configure app packages for locktask allowlists in single as well as multi-kiosk devices. You can set a list of apps that can be run even if they are not included in the single/multi-app kiosk.
- Secure Browser Component—The multi-kiosk wizard includes a new component, namely Secure Browser. This component is only available for accounts with a Knox Suite license. To use the Secure Browser component, you must set up the Secure Browser policy as follows: Profile > Secure Browser > set the option to Use.
- Access to Airplane mode and Google Account settings—IT admins can now access airplane mode and Google account settings on kiosk devices.
KM Agent update method improvements
This release rolls out support for a new Knox Manage update method with the following options:
- Manual
- User Consent (Notification and Update)
- Force Update (once a day)
IT admins can choose to use this new method of KM update instead of the existing version. Note that the old version of KM update is scheduled to be deprecated.
License registration usability enhancements
IT admins can now easily register the license that was provided to them by their Knox reseller. IT admins can choose to register their licenses manually or through automatic registration.
Items to note—
- Keys are available only for Knox Manage and Knox Suite.
- Only keys with with a valid end date are listed.
- Keys with a valid license status are available.
- New trial keys are also available.
Other enhancements
This KM release also includes the following additional enhancements:
- When uploading or importing Apple APNs certificate, IT admins can now enter their Apple ID which is then shown in the APNs Setting.
- If the default country code is set to South Korea, IT admins now need to provide a reason for downloading data.
- The Device by Group report queries now include additional field options, such as Platform, Model Name, and Network Service Provider Name.
- The header menu now includes the Admin portal access error codes.
Applicable menu items are— Audit Log, Device Log, Device Detail > Audit Log, Device Detail > Device Log, and Device Detail > Device Diagnosis.
Resolved issues and improvements
- [KMVOC-10067 / 00207315]Wrong output for Organization Code and Name report
- [KMVOC-10066 / 00207144] Enrolling new device causes old device to be overwritten (HOTFIX)
- [KMVOC-10060 / 00207075][ETS] Reporting Error when running a device report (HOTFIX)
- [KMVOC-9994 / 00205922][SAMSUNG KNOX MANAGE MOBILE - CONTENT MISSING]
- [KMVOC-9989 / 00205630] Unable to upload single app launcher kiosk app
- [KMVOC-9988 / Internal] KM Portal Typo
- [KMVOC-9971 / 00205519]KM MFA login typo
- [KMVOC-9969 / 00205389] Fully Managed with Work Profile value since 20.11 (HOTFIX)
- [KMVOC-9964 / 00205423] When user try to modify the profile, the error is occurred. (HOTFIX)
- [KMVOC-9963 / 00205108]Change in Workprofile setting Knox Manage (HOTFIX)
- [KMVOC-9955 / 00205160] cannot access license info (HOTFIX)
- [KMVOC-9950 / 00203867] Sync errors (HOTFIX)
- [KMVOC-9949 / 00204981][ETS] Errors after Manage update (HOTFIX)
- [KMVOC-9931 / 00204499] Report discrepancy (HOTFIX)
- [KMVOC-9930 / 00204222] Cannot configure VPN (HOTFIX)
- [KMVOC-9883 / 00202636] APN is not being set as default (HOTFIX)
- [KMVOC-9873 / 00203301] Upload 'Google Play Services' APK fails