Knox Manage 22.03 release notes
Last updated July 26th, 2023
Knox Manage 22.03 is scheduled for release on March 26, 2022. This update includes new features and environment support, as well as many improvements and enhancements to existing features and functionality.
In these release notes, Android refers to the Android Enterprise environment unless specified otherwise.
Samsung Cloud Connector client update notice
In response to the Log4J security vulnerability, the Samsung Cloud Connector (SCC) client has been preventatively updated, as it makes use of the Log4J2 module.
To protect your systems and infrastructure, we advise you to update the following software on applicable systems in your enterprise:
Forced passwords during enrollment for company-owned Android devices with a Work Profile
Previously, the lock screen password policy wasn’t enforced during enrollment for company-owned devices with a Work Profile running Android 11 and higher. Even if the profile specified strict password requirements, the device user could skip setting up the lock screen during the enrollment flow.
Starting with KM 22.03, when enrolling a company-owned Android 11 and higher device, the user can no longer bypass the lock screen policy. The KM agent requires them to set up a compliant lock screen before they can complete the enrollment flow.
If the user restarts the device before completing the enrollment, they could brick it or inhibit Managed Google Play functionality. For more information about the scenarios, risks, and solutions related to premature device restarts during this type of enrollment, see the link below.
For full details about how to enforce the password policy during enrollment on company-owned Android 11 and higher devices, see Enforce passwords during enrollment of company-owned devices with a Work Profile.
Access point name policies for Android devices
In earlier versions of KM, the access point name (APN) policy was only supported on Samsung devices with Samsung Knox profiles.
The APN policy is now supported for some Android versions on Android Enterprise profiles across Samsung and non-Samsung devices. The following table lays out the compatibility of the APN policy:
|Profile type||Samsung device||Other manufacturer device|
|Android Enterprise||Android 9 and higher||Android 9 and higher|
|Samsung Knox||Android 6 to 11||-|
Custom wallpaper policy for Android devices
KM now supports the custom wallpaper policy on Android Enterprise profiles. With this policy, you can upload and sync a wallpaper to your users’ devices. A wallpaper can be a BMP, GIF, ICO, JPG, JPG, or PNG file up to 10 MB in size.
For more information, see Android Enterprise policies.
Android Management API for devices with Work Profiles
KM 22.03 introduces support for the Android Management API for select enrollment types. This API is the successor to the Google Play EMM API, and supports the entire endpoint management lifecycle. Most notably, it allows you to enroll devices with the Android Device Policy app instead of the KM agent. Starting with this release, devices with a Work Profile are supported, with support for Fully Managed devices anticipated in the second half of 2022.
For more information about the Android Management API and KM, including new enrollment methods, see Manage Android devices with the Android Management API.
Managed Google Play app auto-update modes
Previously, Managed Google Play apps would update based on a global setting in KM, under Setting > Android > Android Enterprise > Auto Update Apps.
As of KM 22.03, the global setting is deprecated, and you should instead select update preferences on a per-app basis. When you assign a Managed Google Play app, the Auto-update Mode setting lets you select the app’s update preference. The available preferences are:
- Default update — The app updates based on the Google Play’s default scheduling.
- High Priority — The app updates before other apps.
- Postponed (90 Days) — The app updates 90 days after an update becomes available.
See Assign Manage Google Play applications for further instructions on how to configure app updates.
App management delegation for Android devices
KM 22.03 introduces support for app management delegation, which is a feature that allows one app to manage another. Management in this case is defined by relationships called delegation scopes, which control app settings such as policies, certificates, permissions, enabled state, and so on. You can configure app management and delegation scopes through the new Android Enterprise > Application > App Delegation Scope Management policy group.
Updated interface for Managed Google Play configurations
In KM 22.03, for managed Android apps, the interface for defining managed configurations has been updated. Each setting in the menu now has a dedicated Configure button, which enables editing and indicates whether it’s set or unset. The new UI helps differentiate between each setting’s various states — unset, set with default, and set with a custom value.
For a preview and instructions on how to use the new interface, see Assign Managed Google Play applications.
Feedback sync and alerts for Managed Google Play apps
Android app developers have the option of implementing app feedback, which are logs concerning the app’s status that can be delivered to a UEM. These logs differ from device and audit logs in that they concern deployment information about the app, such as sync errors and the actual state of settings modified by a managed configuration.
In the Android Enterprise environment, automatic syncing of app feedback is limited. To facilitate app feedback with KM, starting with 22.03 you can view app feedback and schedule alerts for feedback syncing events on the KM console. Furthermore, the app list on the Device Detail page now has two buttons that send and receive app feedback:
- Sync Feedback — Pulls the app’s feedback from Google’s servers to KM, so you can view it on the KM console. Applicable to Android Enterprise and Android Management API apps.
- Force Upload Feedback — Pushes the app’s feedback from the device to Google’s servers. Applicable to Android Enterprise apps. Android Management API apps automatically submit app feedback to Google, so this button isn’t available for them.
Installation request priority for Android apps
With KM 22.03, when you configure an Android app to install automatically, you must also choose an Installation Request Priority. This new setting dictates the preferred order in which apps install to a device. Apps with High priority install before apps with Normal priority. When multiple apps have High priority, they are installed in order of largest to smallest package size.
For more details about this setting, see Assign internal Android, iOS, and Windows apps.
Configurable content download locations for Android devices
For managed content on KM, previously you could only store content within a device’s Download folder.
Starting with 22.03, the available locations have been expanded. You can now assign the content’s Download Path inside the following directories on the device’s internal storage:
Font scale and zoom policies for Knox Browser on Android devices
KM 22.03 introduces two new policies for Knox Browser on Android devices:
- Knox Browser > Text Scaling — Enforce the text size of website content.
- Knox Browser > Force Enable Zoom — Enforce the zoom level of the browser.
General availability of Chromebook management
Chromebook management, including Chrome OS profiles and managed web apps, is made available to all KM tenants in 22.03.
The admin guide provides details for how to manage your Chromebook fleet and information about KM’s implementation of Chrome OS management features.
Support for Shared iPad
KM 22.03 introduces support for Shared iPad, which is a device mode that allows different users to log in to one iPad and receive a personalized experience with iPad features and their apps and files. Device users can either sign in with their Managed Apple ID and enjoy persistent apps and files, or start a temporary session, which is a guest mode that deletes all user data after the session ends. Shared iPads and Managed Apple IDs are enrolled and provisioned through Apple Device Enrollment Program (DEP) profiles. Device policies for Shared iPads are split between shared sessions and temporary sessions.
For more information on Shared iPad, including compatible iPad models, see Manage Shared iPads. For information on how to set up a DEP profile for Shared iPads, see Use the Apple Device Enrollment Program.
Support for Windows 11
With 22.03, KM extends its Windows support to devices that run Windows 11 version 21H2 and higher.
Sign-in options policy for Windows devices
KM 22.03 adds the System > Sign In Options policy to Windows profiles, which allows the user to modify the Sign-in options in the device’s account settings. These options include the the available authentication methods, dynamic lock, displaying account details on the sign-in screen, and so on.
For more details, see Windows policies.
Knox cloud service integration improvements
22.03 brings the following improvements to KM’s integrations with other Knox cloud services:
Knox Admin Portal — In order to provide greater device detail, the getDeviceInfo operation in the KM API has the following new response values:
- Assigned license key
- License end date
- Assigned profile
- Device list URL
- Profile list URL
Knox MSP Portal — When the portal creates a new KM tenant, the trial license key is now assigned the correct country code.
Knox Suite license — The license now covers Windows devices and Chromebooks.
- The Knox services menu in the top right has been renamed to Other Knox Services.
- Knox Asset Intelligence and all other Knox services are properly linked in the menu.
Integration with Check Point Software Harmony Mobile
With the 22.03 release, KM can integrate with Check Point Software’s Harmony Mobile app, a mobile device threat monitoring solution for devices, apps, and networks. Check Point Software has released corresponding documentation for Integration with Samsung Knox Manage.
Invalid license protection for Knox Remote Support access
With the goal of preventing unauthorized access to devices and data, starting with KM 22.03, the Knox Remote Support button is disabled on the KM console when a tenant has no valid license.
Flashlight device setting for Kiosk mode
KM 22.03 adds a flashlight toggle to the settings menu of Android kiosk devices.
For the complete list of device settings, see Kiosk Wizard menu items.
Granular organization permission for admins
KM 22.03 enhances the Organization admin permission by providing 3 access levels:
- Manage (Add, Modify, and Delete)
- Do not Manage (Add, Modify, and Delete)
- Read Only Including Other Menus — The admin has read-only access to the Organization, Device, User, Sync Service, and Dashboard pages.
For more details, see Administrator account overview.
KM API updates
The KM 22.03 API has been released, and its Open API reference has been updated. Noteworthy changes include the following additions:
- appIsRooting operation — Detects whether an app is rooted.
- isContainMalware operation (requires Harmony Mobile integration) — Determines whether an app contains malware.
Support for device aliases
KM 22.03 brings you the ability to create aliases for devices. Aliases are visible on the KM console, the KM agent, the Kiosk app, and iOS and Windows settings. They can vastly improve your enterprise’s ability to organize and track devices across various activities and dashboards. You can create aliases on a device-by-device or bulk basis.
For full details about this new feature, see Manage device aliases.
Resolved issues and improvements
- [EMMTECH-628, 00231694] Knox Service Plugin policy sometimes disappear
- [EMMTECH-609, 00232069] Issue with registering iOS devices in KM
- [EMMTECH-599, 00032988] Issue with iOS Devices enrolling
- [EMMTECH-598, 00231750] Cannot sync DEP
- [EMMTECH-540, 00229920] Convert License command doesn’t work
- [EMMTECH-538, 00230701] Issue not to save the DEP profile
- [EMMTECH-513, 00230490] Error archive.ipa
- [EMMTECH-354, 00227956] Time & Date issues
- [EMMTECH-355, 00226849] Cannot see apps in MGP
- [EMMTECH-393, 00228444] Apps not automatically installed in kiosk
- [EMMTECH-331, 00227892] Knox Remote Support doesn’t allow tenant with hyphen
- [EMMTECH-305, 00227270] Able to access complete device settings
- [EMMTECH-485, 00229520] Almost Expired
- [EMMTECH-453, 00229692] Event SIM is not working
- [EMMTECH-440, 00229375] App removing Knox Manage Data and log out
- [EMMTECH-439, 00229549] question about CVE-2021-44228
- [EMMTECH-706, 00233915] Issue on KM Portal – Export to CSV
- [EMMTECH-686, 00233583] Unassigned MultiKiosk app installed
- [EMMTECH-587, 00231690] User automate sync is not working – Azure LDAP
- [EMMTECH-457, 00228956] Enrollment Issues
- [EMMTECH-516, 00230489] ABM KM iOS profile Assignment Failed
- [EMMTECH-476, 00230110] Apple Business Manager(ABM) KM Integration
-  Bulk user assignments on iOS devices
- [EMMTECH-482, 00230192] Knox Manage Windows OS Testing
Is this page helpful?
Thank you for your feedback!