Menu

Knox Manage 22.05 release notes — May 25, 2022

Minimum supported Android version

As of 22.05, the minimum supported Android version in Knox Manage is Android 6 (Knox 2.6). In order to meet the minimum requirements of Knox Manage, you should upgrade any devices in your fleet running older Android versions to Android 6 or higher.

As a reminder, the support plan for Android will undergo further change to comply with the overall support strategy of Knox cloud services. Starting in 2024, Knox Manage will support a range of Android versions that starts from the latest major version and covers the five major versions before it.

TLS deprecation

Starting with 22.08, in compliance with Payment Card Industry Data Security Standards, Knox Manage will no longer support TLS 1.0 and 1.1. To keep your devices enrolled and managed in Knox Manage, please make sure that they're running Android 6 or higher by the time of the 22.08 release.

Enhancement of Account Blocklist policy for Android

Previously, you could only restrict modifying accounts on an Android device by configuring a blocklist with the Account Blocklist policy.

This release expands the policy to restrict account modification either by an allowlist or blocklist, depending on your deployment needs and strategy. The policy is now called Account Block/Allowlist. You can add and remove accounts to this list as before.

Note — Managed Google Play accounts can't be modified, so adding them to the allowlist has no effect.

For more details, see Account Block/Allowlist on the Android Enterprise policies reference.

Automatic Wi-Fi connection for Android

This release adds an Automatic Connection setting to Wi-Fi configurations in an Android profile. When enabled, this setting forces the device to set the configured network as default and connect to it when Wi-Fi is turned on. When disabled, the network configuration is pushed to the device, but the user chooses which networks to connect to.

Managed Google Play account creation improvements

Previously, Android devices created the Managed Google Play (MGP) account after the Knox Manage agent finished setting up. During out-of-the-box enrollment of Fully Managed devices and company-owned devices with a Work Profile, it was possible that the MGP account could fail to create.

Starting with Knox Manage 22.05, during enrollment of these types of devices, the MGP account is created when the device is registered in Knox Manage. Since this change to the flow guarantees that the account is created, it could save you considerable time when deploying out-of-the-box devices with MGP apps.

Knox Service Plugin Wi-Fi configuration improvements for Android

For situations where Wi-Fi configurations defined by the Knox Service Plugin policy are removed from a device, Knox Manage 22.05 adds two new options to restore them:

  • Reapply KSP Wi-Fi configurations command to the device.
  • On the Knox Manage agent, the device user can restore the configuration by tapping Reapply KSP Wi-Fi Configurations.

Day & time event type for AMAPI profiles

With Knox Manage 22.05, the Android Management API (AMAPI) profiles now support the Day & Time event, which schedules when to apply and update the profile on target devices.

iOS policy additions

The following new iOS policies are available in Knox Manage 22.05:

  • System:
  • Force on device only dictation (Siri)
  • Force on device only translation (Siri)
  • Wrist detection on Apple watch
  • Apple personalized advertising
  • Wallpaper modification
  • Notification modification
  • New device proximity setup
  • Unpaired external boot to recovery
  • Interface > NFC
  • Share > Managed pasteboard
  • Security > Auto unlock with Apple watch
  • Phone > Cellular plan modification

Skip setting additions for iOS DEP setup

For devices enrolled through the Apple Device Enrollment Program (DEP), Knox Manage 22.05 adds the option to skip the following screens in the setup flow:

  • Appearance
  • App Store
  • Device to Device Migration
  • Messaging Activation Using Phone Number
  • Restore Completed
  • Terms and Conditions
  • Update Completed
  • Welcome

Improvements to DEP device enrollment

Previously, the Knox Manage agent installed automatically to DEP devices during enrollment. However, there were some cases where automatic installation failed, and if the device user manually installed and authenticated the Knox Manage agent afterward, Knox Manage didn't recognize the device as belonging to the DEP.

To prevent this issue going forward, with Knox Manage 22.05 you can now install the Knox Manage agent to devices by adding and assigning it as a Volume Purchase Program app.

For more details, see Manage VPP applications.

Temporary session history for Shared iPads

Previously, the session history for an iPad, viewable on the Device Detail > Shared Device > Shared Device User tab, didn't keep records of temporary sessions.

With 22.05, Knox Manage now records a history of temporary sessions in each Shared iPad's session history.

Improvements to app installation policies for iOS

Previously, setting the App Block/Allowlist Settings policy would block the App Installation policy for all devices, preventing its use.

With 22.05, you can now apply both policies at the same time to supervised devices running iOS 13 and higher.

App improvements for Chrome OS kiosks

Starting with Knox Manage 22.05, you can view all kiosk apps available for your Chrome OS devices on the new Kiosk Application tab on the Organization Detail page. The tab lists all the Chrome OS kiosks in your organization, and has two actions:

  • Auto-Launch App — Sets the selected app to be the default app for all kiosks in the organization.
  • Cancel Auto-Launch App — Unsets the selected app to be the default app for all kiosks in the organization.

Privacy Policy in Knox Remote Support agent

In accordance with several data protection and privacy laws, including GDPR and LGPD, this release adds a Privacy Policy consent dialog to the Knox Remote Support agent. In order for the device user to run the Knox Remote Support agent on a device and receive assistance from a support provider, they must first consent to the Privacy Policy.

NOTE — Managed Samsung devices don't require consent when the device user first launches Knox Remote Support, because consent was already obtained when the device was enrolled with a Knox license.

Kiosk bookmark improvements

Previously, home screen bookmarks on kiosks would open in the Android Webview app instead of a web browser, even if a browser was installed. Android Webview can view basic web pages, but has limited capabilities in viewing video and other rich content.

Starting with this release, the first time a device user taps a home screen bookmark, the kiosk prompts them to open it with any installed browser app. They can choose to always open bookmarks using that app. In order for this behavior to function correctly:

  • At least one web browser, such as Samsung Internet, must be installed on the kiosk.
  • The web browser should be allowlisted as locktask apps.

Knox Suite license updates for Wi-Fi only Android tablets

Previously, Wi-Fi only Android tablets released before 2019 would enroll in Knox Manage with 16-digit serial numbers, when their serial numbers are actually only 11 digits long. This discrepancy caused an issue where if an affected tablet had a Knox Suite license in both Knox Manage and another Knox cloud service, then the license was consumed multiple times because the 11-digit and 16-digit serial numbers both contributed toward the consumption count.

Knox Manage 22.05 corrects this discrepancy, and any newly enrolled Wi-Fi only Android tablet registers its correct 11-digit serial number. You can update the serial numbers of affected tablets that were enrolled prior to 22.05 by sending them the Update License device command.

API updates

The Knox Manage API 22.05 has the following changes:

  • New operation — Get Device Detail By Google Device Id

    • Queries the detailed information of a device by sending its Google Device ID.
  • Updates to operations:

    • Get Device List and Get User List — Added the updatedAfter argument, which is an ISO8601 date string that specifies the earliest point to look for changes to the device/user status.
    • Unenroll Device — Improved to work for devices with Work Profiles.

For more details about these changes, see the Knox Manage API reference.

Email alert enhancements

Knox Manage 22.05 makes the following changes to profile-based email alerts:

  • Frequency and Time settings — Specify how often and what time of day to send alerts.
  • Re-enrolled Devices after factory reset alert — An alert that indicates the device was re-enrolled after it was factory reset.

Token Expiration and Certificate Expiration alerts — Click bell > Notification Mailing Settings to enable email alerts for when tokens (for APNs, VPP, DEP, and so on) and certificates expire in your tenant. The alerts trigger 30 days prior to the expiration.

Applied profile version

In Knox Manage 22.05, you can now view the version of the profile applied to a device:

  • On the Device tab of the Profile Detail page, you can click See Policy to view every policy applied to the device, and which version of the profile applied each policy. From that dialog, you can also click Export to Excel to save the profile policies and versions as tabular data to an XLSX file.
  • On the Profile tab of the Device Detail page, you can view every policy applied to the device, and which version of the profile applied each policy.

Miscellaneous changes

The following miscellaneous changes come with Knox Manage 22.05:

  • The Knox Remote Support agent now requires additional permissions to run on Android devices. After the agent updates, the next time it runs, the device user is presented with a one-time prompt for these permissions. In order to provide support to your device users, you should instruct them to grant these permissions when they're prompted.
  • If your tenant has only one super admin, you can no longer change their permissions to those of a sub-admin.
  • When you delete a DEP device from Knox Manage, Apple Business Manager no longer automatically adds the device back to Knox Manage.

Resolved issues

Hotfixes
  • [EMMTECH-1019, 00238404] Error sincronización programada con Directorio Activo
  • [EMMTECH-977, 00237452] LDAP Syncing groups error
  • [EMMTECH-976, 00237494] Cloud connector issue
  • [EMMTECH-946, 00236347] Cloud Connector sync issue
  • [EMMTECH-914, 00237076] Custom Animation issue using Android R or above
  • [EMMTECH-838, 00235661] Unable to save Bookmarks on KM profile
  • [EMMTECH-821, 00235652] Device Command > Reset Work Profile Password is not working
  • [EMMTECH-802, 00233495] Displaying mobile numbers in KM
Android
  • [EMMTECH-989, 00237526] The result of the org / selectDevices KM API call does not coincide with what is stated in the public documentation
  • [EMMTECH-938, 00236887] User is not able to change Date and Time - Knox Manage (GVK EMRI)
  • [EMMTECH-913, 00236672] [ETS] Users report
  • [EMMTECH-755, 00233973] Failed to enroll devices in Knox Manage with EE license generated second time (KMA_F5003)
  • [EMMTECH-656, 00233159] Cannot set fields which can be displayed on lock screen
  • [EMMTECH-457, 00228956] Enrollment issues
iOS
  • [00238108] Le champs dérnière connexion sur les appareils iOS
  • [00231697] Feature Request / Question - iOS Policy