Knox Manage 22.05 release notes
Last updated July 26th, 2023
Minimum supported Android version
As of 22.05, the minimum supported Android version in Knox Manage is Android 6 (Knox 2.6). In order to meet the minimum requirements of Knox Manage, you should upgrade any devices in your fleet running older Android versions to Android 6 or higher.
As a reminder, the support plan for Android will undergo further change to comply with the overall support strategy of Knox cloud services. Starting in 2024, Knox Manage will support a range of Android versions that starts from the latest major version and covers the five major versions before it.
Starting with 22.08, in compliance with Payment Card Industry Data Security Standards, Knox Manage will no longer support TLS 1.0 and 1.1. To keep your devices enrolled and managed in Knox Manage, please make sure that they’re running Android 6 or higher by the time of the 22.08 release.
Enhancement of Account Blocklist policy for Android
Previously, you could only restrict modifying accounts on an Android device by configuring a blocklist with the Account Blocklist policy.
This release expands the policy to restrict account modification either by an allowlist or blocklist, depending on your deployment needs and strategy. The policy is now called Account Block/Allowlist. You can add and remove accounts to this list as before.
Managed Google Play accounts can’t be modified, so adding them to the allowlist has no effect.
For more details, see Account Block/Allowlist on the Android Enterprise policies reference.
Automatic Wi-Fi connection for Android
This release adds an Automatic Connection setting to Wi-Fi configurations in an Android profile. When enabled, this setting forces the device to set the configured network as default and connect to it when Wi-Fi is turned on. When disabled, the network configuration is pushed to the device, but the user chooses which networks to connect to.
Managed Google Play account creation improvements
Previously, Android devices created the Managed Google Play (MGP) account after the Knox Manage agent finished setting up. During out-of-the-box enrollment of Fully Managed devices and company-owned devices with a Work Profile, it was possible that the MGP account could fail to create.
Starting with Knox Manage 22.05, during enrollment of these types of devices, the MGP account is created when the device is registered in Knox Manage. Since this change to the flow guarantees that the account is created, it could save you considerable time when deploying out-of-the-box devices with MGP apps.
Knox Service Plugin Wi-Fi configuration improvements for Android
For situations where Wi-Fi configurations defined by the Knox Service Plugin policy are removed from a device, Knox Manage 22.05 adds two new options to restore them:
- Reapply KSP Wi-Fi configurations command to the device.
- On the Knox Manage agent, the device user can restore the configuration by tapping Reapply KSP Wi-Fi Configurations.
Day & time event type for AMAPI profiles
With Knox Manage 22.05, the Android Management API (AMAPI) profiles now support the Day & Time event, which schedules when to apply and update the profile on target devices.
iOS policy additions
The following new iOS policies are available in Knox Manage 22.05:
- Force on device only dictation (Siri)
- Force on device only translation (Siri)
- Wrist detection on Apple watch
- Apple personalized advertising
- Wallpaper modification
- Notification modification
- New device proximity setup
- Unpaired external boot to recovery
- Interface > NFC
- Share > Managed pasteboard
- Security > Auto unlock with Apple watch
- Phone > Cellular plan modification
Skip setting additions for iOS DEP setup
For devices enrolled through the Apple Device Enrollment Program (DEP), Knox Manage 22.05 adds the option to skip the following screens in the setup flow:
- App Store
- Device to Device Migration
- Messaging Activation Using Phone Numbe
- Restore Completed
- Terms and Conditions
- Update Completed
Improvements to DEP device enrollment
Previously, the Knox Manage agent installed automatically to DEP devices during enrollment. However, there were some cases where automatic installation failed, and if the device user manually installed and authenticated the Knox Manage agent afterward, Knox Manage didn’t recognize the device as belonging to the DEP.
To prevent this issue going forward, with Knox Manage 22.05 you can now install the Knox Manage agent to devices by adding and assigning it as a Volume Purchase Program app.
For more details, see Manage VPP applications.
Temporary session history for Shared iPads
Previously, the session history for an iPad, viewable on the Device Detail > Shared Device > Shared Device User tab, didn’t keep records of temporary sessions.
With 22.05, Knox Manage now records a history of temporary sessions in each Shared iPad’s session history.
Improvements to app installation policies for iOS
With 22.05, you can now apply both policies at the same time to supervised devices running iOS 13 and higher.
App improvements for Chrome OS kiosks
Starting with Knox Manage 22.05, you can view all kiosk apps available for your Chrome OS devices on the new Kiosk Application tab on the Organization Detail page. The tab lists all the Chrome OS kiosks in your organization, and has two actions:
- Auto-Launch App — Sets the selected app to be the default app for all kiosks in the organization.
- Cancel Auto-Launch App — Unsets the selected app to be the default app for all kiosks in the organization.
Managed Samsung devices don’t require consent when the device user first launches Knox Remote Support, because consent was already obtained when the device was enrolled with a Knox license.
Kiosk bookmark improvements
Previously, home screen bookmarks on kiosks would open in the Android Webview app instead of a web browser, even if a browser was installed. Android Webview can view basic web pages, but has limited capabilities in viewing video and other rich content.
Starting with this release, the first time a device user taps a home screen bookmark, the kiosk prompts them to open it with any installed browser app. They can choose to always open bookmarks using that app. In order for this behavior to function correctly:
- At least one web browser, such as Samsung Internet, must be installed on the kiosk.
- The web browser should be allowlisted as locktask apps.
Knox Suite license updates for Wi-Fi only Android tablets
Previously, Wi-Fi only Android tablets released before 2019 would enroll in Knox Manage with 16-digit serial numbers, when their serial numbers are actually only 11 digits long. This discrepancy caused an issue where if an affected tablet had a Knox Suite license in both Knox Manage and another Knox cloud service, then the license was consumed multiple times because the 11-digit and 16-digit serial numbers both contributed toward the consumption count.
Knox Manage 22.05 corrects this discrepancy, and any newly enrolled Wi-Fi only Android tablet registers its correct 11-digit serial number. You can update the serial numbers of affected tablets that were enrolled prior to 22.05 by sending them the Update License device command.
The Knox Manage API 22.05 has the following changes:
New operation — Get Device Detail By Google Device Id
- Queries the detailed information of a device by sending its Google Device ID.
Updates to operations:
- Get Device List and Get User List — Added the updatedAfter argument, which is an ISO8601 date string that specifies the earliest point to look for changes to the device/user status.
- Unenroll Device — Improved to work for devices with Work Profiles.
For more details about these changes, see the Knox Manage API reference.
Email alert enhancements
Knox Manage 22.05 makes the following changes to profile-based email alerts:
- Frequency and Time settings — Specify how often and what time of day to send alerts.
- Re-enrolled Devices after factory reset alert — An alert that indicates the device was re-enrolled after it was factory reset.
Token Expiration and Certificate Expiration alerts — Click > Notification Mailing Settings to enable email alerts for when tokens (for APNs, VPP, DEP, and so on) and certificates expire in your tenant. The alerts trigger 30 days prior to the expiration.
Applied profile version
In Knox Manage 22.05, you can now view the version of the profile applied to a device:
- On the Device tab of the Profile Detail page, you can click See Policy to view every policy applied to the device, and which version of the profile applied each policy. From that dialog, you can also click Export to Excel to save the profile policies and versions as tabular data to an XLSX file.
- On the Profile tab of the Device Detail page, you can view every policy applied to the device, and which version of the profile applied each policy.
The following miscellaneous changes come with Knox Manage 22.05:
- The Knox Remote Support agent now requires additional permissions to run on Android devices. After the agent updates, the next time it runs, the device user is presented with a one-time prompt for these permissions. In order to provide support to your device users, you should instruct them to grant these permissions when they’re prompted.
- If your tenant has only one super admin, you can no longer change their permissions to those of a sub-admin.
- When you delete a DEP device from Knox Manage, Apple Business Manager no longer automatically adds the device back to Knox Manage.
Resolved issues and improvements
- [EMMTECH-1019, 00238404] Error sincronización programada con Directorio Activo
- [EMMTECH-977, 00237452] LDAP Syncing groups error
- [EMMTECH-976, 00237494] Cloud connector issue
- [EMMTECH-946, 00236347] Cloud Connector sync issue
- [EMMTECH-914, 00237076] Custom Animation issue using Android R or above
- [EMMTECH-838, 00235661] Unable to save Bookmarks on KM profile
- [EMMTECH-821, 00235652] Device Command > Reset Work Profile Password is not working
- [EMMTECH-802, 00233495] Displaying mobile numbers in KM
- [EMMTECH-989, 00237526] The result of the org / selectDevices KM API call does not coincide with what is stated in the public documentation
- [EMMTECH-938, 00236887] User is not able to change Date and Time - Knox Manage (GVK EMRI)
- [EMMTECH-913, 00236672] [ETS] Users report
- [EMMTECH-755, 00233973] Failed to enroll devices in Knox Manage with EE license generated second time (KMA_F5003)
- [EMMTECH-656, 00233159] Cannot set fields which can be displayed on lock screen
- [EMMTECH-457, 00228956] Enrollment issues
-  Le champs dérnière connexion sur les appareils iOS
-  Feature Request / Question - iOS Policy
Is this page helpful?
Thank you for your feedback!