Knox Manage 23.09 release notes
Last updated March 28th, 2024
Hotfixes
Samsung Cloud Connector Client v2.6.2
Samsung Cloud Connector Client v2.6.2 is released alongside Knox Manage 23.09. The new version patches security vulnerabilities with some of its open source dependencies.
The Knox Manage team strongly recommends that you download and install the latest version of the connector.
For more information, see Install the SCC client.
New
Wi-Fi policy additions for Android Enterprise
With Knox Manage 23.09, new Wi-Fi policies — Domain and Alternate Subject — are now available for the 802.1xEAP protocol for devices running Android 13 and higher. The policies are supported for the Android Enterprise and Android Management API platforms and for all staging devices. At least one of these two policies and the CA Certificate policy must now be specified when using 802.1xEAP.
Ability to send notifications for removal of work profile for AMAPI devices
With Knox Manage 23.09, you can now define a notification message to display on personal Android Management API (AMAPI) devices when a work profile is removed from them.
Support for Wear OS smartwatches
As of the 23.09 release, Knox Manage also supports Wear OS, so you can manage Samsung Galaxy Watch4 and higher models of smartwatches enrolled in your enterprise.
Similar to other supported platforms, you can enroll Wear OS smartwatches and configure enterprise management features for them, as required. You can send device commands, manage contacts, allow or disallow Wi-Fi or APN connectivity, install, disable or hide apps, block screen captures, set a Kiosk mode on the smartwatches, and so on.
For more information, see Wear OS overview.
Wear OS policy additions
| Policy Group | New policy | Description | Supported system |
|---|---|---|---|
| System | System Update | Customize how to keep your Wear OS devices up-to-date. The available options are: Automatic, Postpone, and Windowed. | Wear OS 3.5 and higher |
| System | Factory Reset via Firmware Recovery Mode | Enable to allow users to factory reset of Wear OS devices in the firmware recovery mode. If enabled, users can reset the device by pressing physical buttons on the device. | Wear OS 4.0 and higher |
| System | Language Selection | Allow the device user to choose the display. You can specify the languages that the users can choose from. | Wear OS 4.0 and higher |
| System | Brightness Settings | Specify if users can set the brightness on the devices. | Wear OS 4.0 and higher |
| System | Brightness Level | Set the maximum allowed brightness on the devices. | Wear OS 4.0 and higher |
| System | Adaptive Brightness | Enable automatic adjustment of screen brightness based on surrounding light conditions. | Wear OS 4.0 and higher |
| Connectivity | Mobile Plans, Mobile Data | Turn on or turn off mobile plans and mobile data on all enrolled devices. | Wear OS 3.5 and higher |
| Kiosk | Power, Widget Tile | Allow the device user to control the power button and the widget tiles on smartwatches that are set up as a kiosk. | Wear OS 3.5 and higher |
| Application | App to Hidden | Hide apps on the display screen. | Wear OS 3.5 and higher |
| Phone | Auto Call Answer | Specify the phone numbers from which calls are automatically received. | Wear OS 4.0 and higher |
| APN | APN | New policy group to configure Access Point Name (APN) settings for cellular data connectivity on Wear OS devices. | Wear OS 3.5 and higher |
| Wi-Fi | Randomized MAC Address | New policy for Wi-Fi configuration on Wear OS devices. | Wear OS 4.0 and higher |
Wear OS device command addition
For smartwatches running Wear OS 3.5, you can now use the Exit Kiosk device command to quit kiosk mode.
Windows OS device command additions
With Knox Manage 23.09, Windows devices now support a new device command — Enterprise Wipe. You can use this command to return a device to the state it was in prior to the installation of Knox Manage.
The device command unenrolls the device from Knox Manage and removes all enterprise data, including profiles, policies, and internal apps, from it. Any personal data and content is preserved on the device and remains available to the user.
Support for external QR scanners on the Knox Browser
With Knox Manage 23.03, you can now use external QR code scanners to enter data on Knox Browser running on a kiosk. An example use case would be inputting barcodes to an inventory management service or a website that supports QR codes to view product details.
- Datalogic QuickScan QW2500
- Zebra DS9308 Hands-free Imaging Scanner
Support for new content types
With Knox Manage 23.09, you can now upload QGS, QPKG, MMPK, TPK, and TPKX files from the Add Content page and share them with device users. For more information, see Content overview.
Updates
Enhanced OS compatibility of Samsung Cloud Connector
With 23.09, the Samsung Cloud Connector client is now also compatible with the Windows Server 2022 (64-bit) operating system. For more information, see Prerequisites for installing SCC.
Enhancements for shared Samsung devices
Previously, for shared Android Enterprise device from all manufacturers, when a secondary user first signed in, they were prompted to manually run the Knox Manage agent to complete activation.
Starting with 23.09, shared Samsung devices no longer require this extra activation step, while non-Samsung devices still do.
Additionally for all shared devices, apps common to staging users and secondary users are downloaded and installed on the device when it’s enrolled with the staging user account. These apps are ready-to-use when a secondary user signs in to the shared device. Like in previous versions, apps only assigned to a secondary user’s profile, are automatically downloaded and installed when the user signs in.
This reduces the time taken to prepare the device for secondary user when they sign in.
Ability to set timeout limits for Android Enterprise devices
Previously, you could set a single maximum time limit for a device’s screen timeout with the Maximum Screen Timeout policy.
With Knox Manage 23.09, you can now set two time limits — one for the whole device, and the other for the work profile. The value you define is the maximum time that devices users can specify as their screen timeout limits.
The manner in which the timeout settings apply depends on the Use one lock device setting.
| Device mode | Use one lock | Value applied from |
|---|---|---|
| All | Enabled | Smaller value between Device Controls and Work Profile Controls |
| Work profiles on personal devices | Enabled | Device Controls |
| Disabled | Work Profile Controls | |
| Work profiles on company-owned devices | Enabled | Work Profile Controls |
| Disabled | Work Profile Controls |
Automatic disabling of Knox Manage agent in personal profiles
Previously, when devices with a work profile were activated, devices users were prompted to delete the Knox Manage agent from the personal profile.
With 23.09, for devices running Android 13 and higher, the Knox Manage agent is automatically disabled and hidden on the personal profile when a device is activated. The device user can choose to uninstall the agent, as before.
Updates to Automatic Date and Time policy for Android Enterprise
Previously, for devices running Android 12 and higher and One UI 4.1 and higher, when the Automatic Date and Time policy was set to Enforce time zone, the Automatic Date and Time setting on the device was disabled if Automatic time zone was turned on.
With Knox Manage 23.09, the Automatic Date and Time setting is no longer disabled when both policies are set.
Terminology updates for the Location policy for Android Enterprise
The terms used for the Location policy and its sub-policies are updated as follows:
| Type | Previous name | New name | Notes |
|---|---|---|---|
| Policy | High Accuracy Mode | Location Accuracy | |
| Value | Do not use | (none) | The old Do not use value is automatically mapped to the new Ask user to turn on value. |
| Value | Use | Ask user to turn on | |
| Policy | GPS | Location Settings | |
| Value | User Choice | Allow | |
| Value | Enforced | Force on | |
| Value | Disabled | Force off |
Ability to assign groups to sub-admins
As of 23.09, when adding sub-admins to your enterprise, you can also assign them the groups they can manage and the device commands that they can use.
For optimal performance, you can assign user permissions to sub-admins at either an organization or group level.
Alert mailing improvements
Previously, you could schedule daily, weekly, or monthly email notification alerts for audit events.
With Knox Manage 23.09, you can now also schedule hourly email notification alerts to IT admins.
Hourly alerts can be set at a frequency of 1, 2, 3, 4, 6, 8, or 12 hours. The email notifications are sent starting midnight at 00:00. For example, if an alert is set for every 8 hours, email notifications are sent at 00:00, 08:00, and 16:00.
In addition, new device commands and event profiles are now supported for creating alerts for IT admins. For more information, see Configure alerts.
Updates for devices with expired licenses
Devices with expired licenses continue to maintain the settings and policies already applied to them, but are restricted from using most Knox Manage features, such as applying settings or assigning apps, profiles, or content to such devices.
Previously, you could only unenroll such devices or update their license.
Starting with 23.09, additional features are restricted on devices with expired licenses, such as location tracking, device inventory sync, event profiles, keepalive, and Play Integrity API. For more information, see Replace an expired license.
Changes to Android kiosks
With Knox Manage 23.09, the following changes apply to kiosks:
- You can now update and install single-app and multi-app kiosk app packages using the
sendDeviceControlForInstallAppoperation. For more information, see Install Android Application. - The User agent settings key value policy for kiosks is no longer supported.
- The minimum supported version of the Knox Manage SDK required to install Knox Browser on a device is updated from Android 5 to Android 6.
Deprecations
Restriction of new fully-managed AMAPI devices
With 23.09, support for management and monitoring of new fully-managed AMAPI devices is restricted. Existing fully-managed AMAPI devices and fully-managed Android devices are unaffected.
If you want to enroll a device as fully-managed, use the Android Enterprise platform instead. As before, you can continue using work-profiles on AMAPI devices.
On this page
Is this page helpful?