Back to top

Knox Manage 24.04 release notes

Last updated April 11th, 2024

New

Support for copying a group

Starting with Knox Manage 24.04, you can now create a new group by copying an existing group. You can rename the new group and set its attributes, as required.

Copy Group dialog to update name and attribute of a copied group

If you copy a user group or directory, the new group is saved as a user group. Copied device groups are saved as a device group. For details, see Copy a group.

Authentication support for devices with a work profile

Previously, federated authentication was supported only for fully managed devices. Starting with Knox Manage 24.04, federated authentication is also extended to devices with a work profile. You can now use Microsoft Entra ID, Okta, and Ping Identity for user authentication and authorization for all your enterprise devices.

For more information, see Connection overview.

Support for Managed Google Play Enterprise sign up

Previously, it was possible to use only consumer or personal Google accounts to register Managed Google Play with your Knox Manage tenant. With 24.04, you can now also register Knox Manage in Managed Google Play using work emails of company domains managed or unmanaged by Google. The sign-up process also prompts you to register unmanaged company domains with Google.

The new Knox Manage registration workflow applies to new tenants and does not affect any existing tenants. However, if you unbind an existing tenant and try to register it again, you will be taken through the new workflow.

For more information, see Configure the Android Enterprise environment.

Android Management API policy additions

With Knox Manage 24.04, the following new Android Management API policies are available for devices with a work profile:

Policy group Policy Description
System VPN Setting Allows the user to configure the VPN settings on the device.
Date and Time Allows the device user to change the date and time settings.
Lock Screen Maximum screen timeout Set the maximum time of user inactivity after which screen timeout occurs.
Application App execution blocklist setting Specify the apps that must be prevented from running.
System app reactivation setting Specify the hidden system apps to activate on Android devices.
Phone Airplane mode Allows the use of airplane mode.
Container Phone Book Access Profile (PBAP) via Bluetooth Allows sharing of contacts from the primary profile to the connected device using Bluetooth.
Wi-Fi Wi-Fi MAC randomization mode Allow generation of random MAC address for devices on Wi-Fi.

Wear OS policy additions

Knox Manage 24.04 adds the following Wear OS policies:

  • Set fall detection on Samsung smartwatches with the Automatic Fall Detection policy. Using the Sensitivity options, you can choose to activate fall detection only during physical activity, workouts, or at all times.

    Automatic Fall Detection policy

  • With the Automatic Date and Time policy, you can easily manage updates to date and time information on smartwatches.

  • Control sleep mode on smartwatches using the Sleep mode policy, and show or hide charging information with using the Show Charging Info policy.

  • Use the Show Emergency Call Button policy to show or hide the emergency call option on the power off screen.

Windows policy additions

With Knox Manage 24.04, the following new System policies are added for Windows devices:

New policy Description
VPN Over Cellular Allow device users to add a VPN connection when using cellular data.
VPN Roaming Over Cellular Allow device users to add a VPN connection when using cellular data while roaming.

Device users can go to Settings > Network & Internet > VPN to change the VPN settings.

iOS device command additions

Knox Manage 24.04 now supports additional device commands on iOS devices when their licenses expire:

  • Update Knox Manage agent
  • Factory Reset
  • Collect Device Log
  • Collect Audit Log
  • Collect Diagnosis Information

For detailed information on these commands, see iOS device commands.

General availability of support for macOS

Previously, Knox Manage 23.12 extended its platform support to macOS, which was available in a public preview.

With Knox Manage 24.04, the macOS platform is now officially supported and available to all customers.

Support for macOS app packages

With Knox Manage 24.04, you can now add internal macOS apps as PKG files. You can add internal apps for macOS on the Application page, and must manually enter details such as name, version, bundle ID, and bundle name.

Information to be entered manually while adding macOS app package

Additionally, you can now automatically assign macOS apps to a group or organization, and also send the Install or Update App and Uninstall App device commands.

macOS policy additions

With Knox Manage 24.04, the following new macOS policies are added:

New policy Description
Global HTTP Proxy Use the policy to direct internet traffic through a proxy server. You can add only one proxy configuration for a profile.
Software Update Regulate software updates on macOS devices.
System > Delay Software Update Allow device users to delay the software updates.
System > Software Update Notification Control notifications on devices.
System > App Adoption by Users Specify if device users can update default apps.

Updates

Improvements to Android policies

With Knox Manage 24.04, the Location policies are renamed and reorganized as follows:

Previous policy Previous value New policy New value
Location settings Allow Location settings Allow user to configure
Force on Force on
Force off Force off
Location accuracy Ask user to turn on Allow user to configure and prompt for location accuracy
Report device location Allow Device location collection Automatic
User consent Upon user consent
Disallow (Deprecated)
Report device location interval 30 mins, 1 hour, 2 hours, 4 hours, 12 hours, 24 hours Time between location collection 30 mins, 1 hour, 2 hours, 4 hours, 12 hours, 24 hours

Additionally, the Location Settings and Device Location Collection policy values are now mapped as follows:

Location Settings value Device Location Collection value Changes in Device controls Changes in Work Profile controls
N/A N/A No change. No change.
Automatic Location settings value is mapped to Allow user to configure or Allow user to configure and prompt for location accuracy
  • Location settings value is mapped to Allow user to configure or Allow user to configure and prompt for location accuracy
  • Device location collection value is mapped to Upon user consent
Upon user consent Location settings value is mapped to Allow user to configure or Allow user to configure and prompt for location accuracy Location settings value is mapped to Allow user to configure or Allow user to configure and prompt for location accuracy
Disallow (Deprecated) Device location collection value is mapped to N/A Device location collection value is mapped to N/A
Allow user to configure N/A No change. No change.
Automatic No change. Device location collection value is mapped to Upon user consent
Upon user consent No change. No change.
Disallow (Deprecated) Device location collection value is mapped to N/A Device location collection value is mapped to N/A
Force on N/A No change. No change.
Automatic No change. No change.
Upon user consent No change. No change.
Disallow (Deprecated) Device location collection value is mapped to N/A No change.
Force off N/A No change. No change.
Automatic Device location collection value is mapped to N/A Device location collection value is mapped to N/A
Upon user consent
Disallow (Deprecated)

Updates to Knox Service Plugin policies

Previously, the default values for the Knox Service Plugin policies were automatically applied and shown on the Knox Service Plugin section on the Set Policy page. Knox Manage 24.04 no longer applies the default values, and leaves the policies unset. Policy values only apply if you configure them.

Enhancement to Keepalive Expiration policy for Android Enterprise

You can now customize the notification sent to devices when keepalive times out. To do so, specify your custom message on the Keepalive page.

For more information, see Configure the keepalive settings.

Enhancement to Key Remapping Wear OS policy

Previously, you could set a custom action on long press of a smartwatch’s home button. This was done using the Home key – long press only option in the Key Remapping policy.

With Knox Manage 24.04, you can now also set an additional custom action on the double-press of the home button using the Home key - double press only option. With this enhancement, you can separately map two custom actions on the home button.

Improvement to the Unenroll Device command

Previously, when unenrolling a work profile from an Android device, you had the option to factory reset it with the Force Unenroll action.

For better user experience, the Force Unenroll button is now disabled in the Unenroll dialog when you select Remove Work Profile only (The device will not be factory reset.) to unenroll a device.

Enhancements for kiosks on Android devices

Knox Manage 24.04 supports the following enhancements for kiosks:

  • Additional lookup items — Device Alias and Device Name — are supported in the Text widget to customize kiosks.

  • You can now enable Accessibility in the Select Device Setting dialog to allow kiosk users to use accessibility settings.

  • Kiosk users can now install, update, and run Knox Remote Support sessions from the new Service Desk menu on the kiosk. They can also contact admin for help and send activity logs.

  • Previously, the targetSdkVersion for kiosk apps was Android 7.0 (API level 24), and kiosks running Android 14 warned users to update the kiosk app for better security and proper functioning.

    Notification message for kiosks running on Android 14 or lower

    With Knox Manage 24.04, the targetSdkVersion for kiosk apps is now updated to Android 9.0 (API level 28), which ensures compatibility with kiosks running Android 14 and higher. You may need to rebuild and redeploy kiosk apps on kiosk devices running Android 14 to avoid getting the warning notification. For information on how to update target API level, see the Google topic Meet Google Play’s target API level requirement.

  • On the Device Details page, the kiosk mode statuses are now renamed and mapped as follows:

    Kiosk mode status Previous value New value
    Not configured Normal (No change.)
    Applied Normal Enabled
    Exited Exit Disabled

    Additionally, you can now view a summary of the Kiosk Mode Status on the dashboard. To do so, create a report based on Kiosk Mode Status and add it to the dashboard in the console.

Support for geofencing in Brazil

Previously, the location tracking feature available in Brazil enabled you to only track ChromeOS devices.

With Knox Manage 24.04, you can now also receive automated notifications when a device moves out of a geographical area. See Check the locations of ChromeOS devices in Brazil for updated instructions.

API enhancements

Knox Manage 24.04 supports the following API enhancements:

  • A new requestEnrollment operation that emails the enrollment guide to users.
  • New parameters - startLogTime and endLogTime - for the Read Audit Log operation to specify a time range. Both strings accept the hh:mm time format.

For more information on API updates in this release, see the Knox Manage 24.04 release notes in the developer guide.

Log event for SIM card changes

With Knox Manage 24.04, the following updates are made to audit logs related to SIM card changes on a device:

  • The SIM card has changed event is renamed to SIM card information.
  • A new Send When Current Physical SIM Changed event is available.

Console enhancements

Knox Manage 24.04 brings several enhancements to the console:

  • On the Application page, the version code of the app, if available, is displayed as a tooltip.

    Code version displayed on the Application page

  • The Managed Google Play (Store, Private, Web) dialog is renamed to Managed Google Play. This dialog opens when you add a public Android app.

    The Managed Google Play dialog

  • If you enter an unsupported character when naming an app, the character is replaced with an empty space. App names can’t contain ampersands (&), semicolons (;), and angle brackets (< and >).

    Special characters not allowed in app name are automatically replaced by an empty space

Changes to supported platform versions

With Knox Manage 24.04, the minimum supported platform versions are updated as follows:

Platform Previous requirement New requirement
Android Enterprise Android 8 Android 10
iOS iOS 14 iOS 15
iPadOS iPadOS 14 iPadOS 15

Miscellaneous changes

Knox Manage 24.04 contains the following miscellaneous changes:

  • On the Assign Application page, the Target Device is now set to Android Enterprise by default. Previously, the default value was Android Enterprise + Legacy.

    Assign Application page with Target Device set to Android Enterprise

  • Previously, when you downloaded device location data as an XLSX file, the location collection time was shown in the UTC+0 format. Starting with Knox Manage 24.04, the location data will be converted to the same time zone as your web browser.

  • Previously, it was possible to unassign the Samsung One UI Home app, causing Android devices to malfunction. With 24.04, Uninstall option on the Add Application page is disabled for the Samsung One UI Home app to prevent admins from accidentally unassigning the app on devices.

  • You can now view Enterprise Wear OS Framework information in the Device Information tab on the Device Details page. You can also view it using the About menu on Samsung smartwatches.

Deprecations

Notice regarding App Wrapper deprecation

App Wrapper functionality, available on internal Android apps, will begin sunsetting starting with Knox Manage 24.04, and will be deprecated with the Knox Manage 24.06 release.

  • Existing apps using App Wrapper can continue to use it without any impact. If required, support will be provided for these apps.

  • You can’t deploy app wrapper for new apps.

Notice regarding integration with Microsoft Entra ID

If you integrated Microsoft Entra ID (previously called Azure AD) using a non-gallery MDM app (on-premises MDM app), you must now integrate using a gallery MDM app (cloud-based MDM app) because the token of the on-premises MDM app expires in Oct 2024.

Ensure that you complete migration of Microsoft Entra ID to a gallery app (cloud-based app) before token expiry. See Migrate Microsoft Entra ID sync through an on-premises app to a cloud-based app for details.

Is this page helpful?