Back to top

Knox Manage 23.09 release notes

Last updated March 28th, 2024

Hotfixes

Samsung Cloud Connector Client v2.6.2

Samsung Cloud Connector Client v2.6.2 is released alongside Knox Manage 23.09. The new version patches security vulnerabilities with some of its open source dependencies.

The Knox Manage team strongly recommends that you download and install the latest version of the connector.

Download of the updated Samsung Cloud Connector client v23.09.

For more information, see Install the SCC client.

New

Wi-Fi policy additions for Android Enterprise

With Knox Manage 23.09, new Wi-Fi policies — Domain and Alternate Subject — are now available for the 802.1xEAP protocol for devices running Android 13 and higher. The policies are supported for the Android Enterprise and Android Management API platforms and for all staging devices. At least one of these two policies and the CA Certificate policy must now be specified when using 802.1xEAP.

Ability to send notifications for removal of work profile for AMAPI devices

With Knox Manage 23.09, you can now define a notification message to display on personal Android Management API (AMAPI) devices when a work profile is removed from them.

Set a message for profile wipe on AMAPI device

Support for Wear OS smartwatches

As of the 23.09 release, Knox Manage also supports Wear OS, so you can manage Samsung Galaxy Watch4 and higher models of smartwatches enrolled in your enterprise.

Similar to other supported platforms, you can enroll Wear OS smartwatches and configure enterprise management features for them, as required. You can send device commands, manage contacts, allow or disallow Wi-Fi or APN connectivity, install, disable or hide apps, block screen captures, set a Kiosk mode on the smartwatches, and so on.

For more information, see Wear OS overview.

Wear OS policy additions

Policy Group New policy Description Supported system
System System Update Customize how to keep your Wear OS devices up-to-date. The available options are: Automatic, Postpone, and Windowed. Wear OS 3.5 and higher
System Factory Reset via Firmware Recovery Mode Enable to allow users to factory reset of Wear OS devices in the firmware recovery mode. If enabled, users can reset the device by pressing physical buttons on the device. Wear OS 4.0 and higher
System Language Selection Allow the device user to choose the display. You can specify the languages that the users can choose from. Wear OS 4.0 and higher
System Brightness Settings Specify if users can set the brightness on the devices. Wear OS 4.0 and higher
System Brightness Level Set the maximum allowed brightness on the devices. Wear OS 4.0 and higher
System Adaptive Brightness Enable automatic adjustment of screen brightness based on surrounding light conditions. Wear OS 4.0 and higher
Connectivity Mobile Plans, Mobile Data Turn on or turn off mobile plans and mobile data on all enrolled devices. Wear OS 3.5 and higher
Kiosk Power, Widget Tile Allow the device user to control the power button and the widget tiles on smartwatches that are set up as a kiosk. Wear OS 3.5 and higher
Application App to Hidden Hide apps on the display screen. Wear OS 3.5 and higher
Phone Auto Call Answer Specify the phone numbers from which calls are automatically received. Wear OS 4.0 and higher
APN APN New policy group to configure Access Point Name (APN) settings for cellular data connectivity on Wear OS devices. Wear OS 3.5 and higher
Wi-Fi Randomized MAC Address New policy for Wi-Fi configuration on Wear OS devices. Wear OS 4.0 and higher

Wear OS device command addition

For smartwatches running Wear OS 3.5, you can now use the Exit Kiosk device command to quit kiosk mode.

New Exit Kiosk device command for Wear OS devices

Windows OS device command additions

With Knox Manage 23.09, Windows devices now support a new device command — Enterprise Wipe. You can use this command to return a device to the state it was in prior to the installation of Knox Manage.

The device command unenrolls the device from Knox Manage and removes all enterprise data, including profiles, policies, and internal apps, from it. Any personal data and content is preserved on the device and remains available to the user.

New Windows device command --- Enterprise Wipe

Support for external QR scanners on the Knox Browser

With Knox Manage 23.03, you can now use external QR code scanners to enter data on Knox Browser running on a kiosk. An example use case would be inputting barcodes to an inventory management service or a website that supports QR codes to view product details.

  • Datalogic QuickScan QW2500
  • Zebra DS9308 Hands-free Imaging Scanner

Support for new content types

With Knox Manage 23.09, you can now upload QGS, QPKG, MMPK, TPK, and TPKX files from the Add Content page and share them with device users. For more information, see Content overview.

New content types on the Add Content page

Updates

Enhanced OS compatibility of Samsung Cloud Connector

With 23.09, the Samsung Cloud Connector client is now also compatible with the Windows Server 2022 (64-bit) operating system. For more information, see Prerequisites for installing SCC.

Enhancements for shared Samsung devices

Previously, for shared Android Enterprise device from all manufacturers, when a secondary user first signed in, they were prompted to manually run the Knox Manage agent to complete activation.

Starting with 23.09, shared Samsung devices no longer require this extra activation step, while non-Samsung devices still do.

Additionally for all shared devices, apps common to staging users and secondary users are downloaded and installed on the device when it’s enrolled with the staging user account. These apps are ready-to-use when a secondary user signs in to the shared device. Like in previous versions, apps only assigned to a secondary user’s profile, are automatically downloaded and installed when the user signs in.

This reduces the time taken to prepare the device for secondary user when they sign in.

Ability to set timeout limits for Android Enterprise devices

Previously, you could set a single maximum time limit for a device’s screen timeout with the Maximum Screen Timeout policy.

With Knox Manage 23.09, you can now set two time limits — one for the whole device, and the other for the work profile. The value you define is the maximum time that devices users can specify as their screen timeout limits.

Timeout settings in the Knox Manage console

Timeout settings on the device

The manner in which the timeout settings apply depends on the Use one lock device setting.

Device mode Use one lock Value applied from
All Enabled Smaller value between Device Controls and Work Profile Controls
Work profiles on personal devices Enabled Device Controls
Disabled Work Profile Controls
Work profiles on company-owned devices Enabled Work Profile Controls
Disabled Work Profile Controls

Automatic disabling of Knox Manage agent in personal profiles

Previously, when devices with a work profile were activated, devices users were prompted to delete the Knox Manage agent from the personal profile.

With 23.09, for devices running Android 13 and higher, the Knox Manage agent is automatically disabled and hidden on the personal profile when a device is activated. The device user can choose to uninstall the agent, as before.

Updates to Automatic Date and Time policy for Android Enterprise

Previously, for devices running Android 12 and higher and One UI 4.1 and higher, when the Automatic Date and Time policy was set to Enforce time zone, the Automatic Date and Time setting on the device was disabled if Automatic time zone was turned on.

With Knox Manage 23.09, the Automatic Date and Time setting is no longer disabled when both policies are set.

Terminology updates for the Location policy for Android Enterprise

The terms used for the Location policy and its sub-policies are updated as follows:

Type Previous name New name Notes
Policy High Accuracy Mode Location Accuracy
Value Do not use (none) The old Do not use value is automatically mapped to the new Ask user to turn on value.
Value Use Ask user to turn on
Policy GPS Location Settings
Value User Choice Allow
Value Enforced Force on
Value Disabled Force off

Ability to assign groups to sub-admins

As of 23.09, when adding sub-admins to your enterprise, you can also assign them the groups they can manage and the device commands that they can use.

For optimal performance, you can assign user permissions to sub-admins at either an organization or group level.

Add Administrator page to assign groups to a sub-admin

Alert mailing improvements

Previously, you could schedule daily, weekly, or monthly email notification alerts for audit events.

With Knox Manage 23.09, you can now also schedule hourly email notification alerts to IT admins.

Hourly alerts can be set at a frequency of 1, 2, 3, 4, 6, 8, or 12 hours. The email notifications are sent starting midnight at 00:00. For example, if an alert is set for every 8 hours, email notifications are sent at 00:00, 08:00, and 16:00.

Alert Mailing Settings dialog with hourly frequency and values

In addition, new device commands and event profiles are now supported for creating alerts for IT admins. For more information, see Configure alerts.

Updates for devices with expired licenses

Devices with expired licenses continue to maintain the settings and policies already applied to them, but are restricted from using most Knox Manage features, such as applying settings or assigning apps, profiles, or content to such devices.

Previously, you could only unenroll such devices or update their license.

Starting with 23.09, additional features are restricted on devices with expired licenses, such as location tracking, device inventory sync, event profiles, keepalive, and Play Integrity API. For more information, see Replace an expired license.

Changes to Android kiosks

With Knox Manage 23.09, the following changes apply to kiosks:

  • You can now update and install single-app and multi-app kiosk app packages using the sendDeviceControlForInstallApp operation. For more information, see Install Android Application.
  • The User agent settings key value policy for kiosks is no longer supported.
  • The minimum supported version of the Knox Manage SDK required to install Knox Browser on a device is updated from Android 5 to Android 6.

Deprecations

Restriction of new fully-managed AMAPI devices

With 23.09, support for management and monitoring of new fully-managed AMAPI devices is restricted. Existing fully-managed AMAPI devices and fully-managed Android devices are unaffected.

If you want to enroll a device as fully-managed, use the Android Enterprise platform instead. As before, you can continue using work-profiles on AMAPI devices.

Is this page helpful?