Knox Manage 24.04 release notes
Last updated April 11th, 2024
New
Support for copying a group
Starting with Knox Manage 24.04, you can now create a new group by copying an existing group. You can rename the new group and set its attributes, as required.
If you copy a user group or directory, the new group is saved as a user group. Copied device groups are saved as a device group. For details, see Copy a group.
Authentication support for devices with a work profile
Previously, federated authentication was supported only for fully managed devices. Starting with Knox Manage 24.04, federated authentication is also extended to devices with a work profile. You can now use Microsoft Entra ID, Okta, and Ping Identity for user authentication and authorization for all your enterprise devices.
For more information, see Connection overview.
Support for Managed Google Play Enterprise sign up
Previously, it was possible to use only consumer or personal Google accounts to register Managed Google Play with your Knox Manage tenant. With 24.04, you can now also register Knox Manage in Managed Google Play using work emails of company domains managed or unmanaged by Google. The sign-up process also prompts you to register unmanaged company domains with Google.
The new Knox Manage registration workflow applies to new tenants and does not affect any existing tenants. However, if you unbind an existing tenant and try to register it again, you will be taken through the new workflow.
For more information, see Configure the Android Enterprise environment.
Android Management API policy additions
With Knox Manage 24.04, the following new Android Management API policies are available for devices with a work profile:
| Policy group | Policy | Description |
|---|---|---|
| System | VPN Setting | Allows the user to configure the VPN settings on the device. |
| Date and Time | Allows the device user to change the date and time settings. | |
| Lock Screen | Maximum screen timeout | Set the maximum time of user inactivity after which screen timeout occurs. |
| Application | App execution blocklist setting | Specify the apps that must be prevented from running. |
| System app reactivation setting | Specify the hidden system apps to activate on Android devices. | |
| Phone | Airplane mode | Allows the use of airplane mode. |
| Container | Phone Book Access Profile (PBAP) via Bluetooth | Allows sharing of contacts from the primary profile to the connected device using Bluetooth. |
| Wi-Fi | Wi-Fi MAC randomization mode | Allow generation of random MAC address for devices on Wi-Fi. |
Wear OS policy additions
Knox Manage 24.04 adds the following Wear OS policies:
-
Set fall detection on Samsung smartwatches with the Automatic Fall Detection policy. Using the Sensitivity options, you can choose to activate fall detection only during physical activity, workouts, or at all times.
-
With the Automatic Date and Time policy, you can easily manage updates to date and time information on smartwatches.
-
Control sleep mode on smartwatches using the Sleep mode policy, and show or hide charging information with using the Show Charging Info policy.
-
Use the Show Emergency Call Button policy to show or hide the emergency call option on the power off screen.
Windows policy additions
With Knox Manage 24.04, the following new System policies are added for Windows devices:
| New policy | Description |
|---|---|
| VPN Over Cellular | Allow device users to add a VPN connection when using cellular data. |
| VPN Roaming Over Cellular | Allow device users to add a VPN connection when using cellular data while roaming. |
Device users can go to Settings > Network & Internet > VPN to change the VPN settings.
iOS device command additions
Knox Manage 24.04 now supports additional device commands on iOS devices when their licenses expire:
- Update Knox Manage agent
- Factory Reset
- Collect Device Log
- Collect Audit Log
- Collect Diagnosis Information
For detailed information on these commands, see iOS device commands.
General availability of support for macOS
Previously, Knox Manage 23.12 extended its platform support to macOS, which was available in a public preview.
With Knox Manage 24.04, the macOS platform is now officially supported and available to all customers.
Support for macOS app packages
With Knox Manage 24.04, you can now add internal macOS apps as PKG files. You can add internal apps for macOS on the Application page, and must manually enter details such as name, version, bundle ID, and bundle name.
Additionally, you can now automatically assign macOS apps to a group or organization, and also send the Install or Update App and Uninstall App device commands.
macOS policy additions
With Knox Manage 24.04, the following new macOS policies are added:
| New policy | Description |
|---|---|
| Global HTTP Proxy | Use the policy to direct internet traffic through a proxy server. You can add only one proxy configuration for a profile. |
| Software Update | Regulate software updates on macOS devices. |
| System > Delay Software Update | Allow device users to delay the software updates. |
| System > Software Update Notification | Control notifications on devices. |
| System > App Adoption by Users | Specify if device users can update default apps. |
Updates
Improvements to Android policies
With Knox Manage 24.04, the Location policies are renamed and reorganized as follows:
| Previous policy | Previous value | New policy | New value |
|---|---|---|---|
| Location settings | Allow | Location settings | Allow user to configure |
| Force on | Force on | ||
| Force off | Force off | ||
| Location accuracy | Ask user to turn on | Allow user to configure and prompt for location accuracy | |
| Report device location | Allow | Device location collection | Automatic |
| User consent | Upon user consent | ||
| Disallow | (Deprecated) | ||
| Report device location interval | 30 mins, 1 hour, 2 hours, 4 hours, 12 hours, 24 hours | Time between location collection | 30 mins, 1 hour, 2 hours, 4 hours, 12 hours, 24 hours |
Additionally, the Location Settings and Device Location Collection policy values are now mapped as follows:
| Location Settings value | Device Location Collection value | Changes in Device controls | Changes in Work Profile controls |
|---|---|---|---|
| N/A | N/A | No change. | No change. |
| Automatic | Location settings value is mapped to Allow user to configure or Allow user to configure and prompt for location accuracy |
|
|
| Upon user consent | Location settings value is mapped to Allow user to configure or Allow user to configure and prompt for location accuracy | Location settings value is mapped to Allow user to configure or Allow user to configure and prompt for location accuracy | |
| Disallow (Deprecated) | Device location collection value is mapped to N/A | Device location collection value is mapped to N/A | |
| Allow user to configure | N/A | No change. | No change. |
| Automatic | No change. | Device location collection value is mapped to Upon user consent | |
| Upon user consent | No change. | No change. | |
| Disallow (Deprecated) | Device location collection value is mapped to N/A | Device location collection value is mapped to N/A | |
| Force on | N/A | No change. | No change. |
| Automatic | No change. | No change. | |
| Upon user consent | No change. | No change. | |
| Disallow (Deprecated) | Device location collection value is mapped to N/A | No change. | |
| Force off | N/A | No change. | No change. |
| Automatic | Device location collection value is mapped to N/A | Device location collection value is mapped to N/A | |
| Upon user consent | |||
| Disallow (Deprecated) |
Updates to Knox Service Plugin policies
Previously, the default values for the Knox Service Plugin policies were automatically applied and shown on the Knox Service Plugin section on the Set Policy page. Knox Manage 24.04 no longer applies the default values, and leaves the policies unset. Policy values only apply if you configure them.
Enhancement to Keepalive Expiration policy for Android Enterprise
You can now customize the notification sent to devices when keepalive times out. To do so, specify your custom message on the Keepalive page.
For more information, see Configure the keepalive settings.
Enhancement to Key Remapping Wear OS policy
Previously, you could set a custom action on long press of a smartwatch’s home button. This was done using the Home key – long press only option in the Key Remapping policy.
With Knox Manage 24.04, you can now also set an additional custom action on the double-press of the home button using the Home key - double press only option. With this enhancement, you can separately map two custom actions on the home button.
Improvement to the Unenroll Device command
Previously, when unenrolling a work profile from an Android device, you had the option to factory reset it with the Force Unenroll action.
For better user experience, the Force Unenroll button is now disabled in the Unenroll dialog when you select Remove Work Profile only (The device will not be factory reset.) to unenroll a device.
Enhancements for kiosks on Android devices
Knox Manage 24.04 supports the following enhancements for kiosks:
-
Additional lookup items — Device Alias and Device Name — are supported in the Text widget to customize kiosks.
-
You can now enable Accessibility in the Select Device Setting dialog to allow kiosk users to use accessibility settings.
-
Kiosk users can now install, update, and run Knox Remote Support sessions from the new Service Desk menu on the kiosk. They can also contact admin for help and send activity logs.
-
Previously, the
targetSdkVersionfor kiosk apps was Android 7.0 (API level 24), and kiosks running Android 14 warned users to update the kiosk app for better security and proper functioning.
With Knox Manage 24.04, the
targetSdkVersionfor kiosk apps is now updated to Android 9.0 (API level 28), which ensures compatibility with kiosks running Android 14 and higher. You may need to rebuild and redeploy kiosk apps on kiosk devices running Android 14 to avoid getting the warning notification. For information on how to update target API level, see the Google topic Meet Google Play’s target API level requirement. -
On the Device Details page, the kiosk mode statuses are now renamed and mapped as follows:
Kiosk mode status Previous value New value Not configured Normal (No change.) Applied Normal Enabled Exited Exit Disabled Additionally, you can now view a summary of the Kiosk Mode Status on the dashboard. To do so, create a report based on Kiosk Mode Status and add it to the dashboard in the console.
Support for geofencing in Brazil
Previously, the location tracking feature available in Brazil enabled you to only track ChromeOS devices.
With Knox Manage 24.04, you can now also receive automated notifications when a device moves out of a geographical area. See Check the locations of ChromeOS devices in Brazil for updated instructions.
API enhancements
Knox Manage 24.04 supports the following API enhancements:
- A new
requestEnrollmentoperation that emails the enrollment guide to users. - New parameters -
startLogTimeandendLogTime- for theRead Audit Logoperation to specify a time range. Both strings accept the hh:mm time format.
For more information on API updates in this release, see the Knox Manage 24.04 release notes in the developer guide.
Log event for SIM card changes
With Knox Manage 24.04, the following updates are made to audit logs related to SIM card changes on a device:
- The SIM card has changed event is renamed to SIM card information.
- A new Send When Current Physical SIM Changed event is available.
Console enhancements
Knox Manage 24.04 brings several enhancements to the console:
-
On the Application page, the version code of the app, if available, is displayed as a tooltip.
-
The Managed Google Play (Store, Private, Web) dialog is renamed to Managed Google Play. This dialog opens when you add a public Android app.
-
If you enter an unsupported character when naming an app, the character is replaced with an empty space. App names can’t contain ampersands (&), semicolons (;), and angle brackets (< and >).
Changes to supported platform versions
With Knox Manage 24.04, the minimum supported platform versions are updated as follows:
| Platform | Previous requirement | New requirement |
|---|---|---|
| Android Enterprise | Android 8 | Android 10 |
| iOS | iOS 14 | iOS 15 |
| iPadOS | iPadOS 14 | iPadOS 15 |
Miscellaneous changes
Knox Manage 24.04 contains the following miscellaneous changes:
-
On the Assign Application page, the Target Device is now set to Android Enterprise by default. Previously, the default value was Android Enterprise + Legacy.
-
Previously, when you downloaded device location data as an XLSX file, the location collection time was shown in the UTC+0 format. Starting with Knox Manage 24.04, the location data will be converted to the same time zone as your web browser.
-
Previously, it was possible to unassign the Samsung One UI Home app, causing Android devices to malfunction. With 24.04, Unassign Option on the Add Application page is disabled for the Samsung One UI Home app to prevent admins from accidentally unassigning the app on devices.
-
You can now view Enterprise Wear OS Framework information in the Device Information tab on the Device Details page. You can also view it using the About menu on Samsung smartwatches.
Deprecations
Notice regarding App Wrapper deprecation
App Wrapper functionality, available on internal Android apps, will begin sunsetting starting with Knox Manage 24.04, and will be deprecated with the Knox Manage 24.06 release.
-
Existing apps using App Wrapper can continue to use it without any impact. If required, support will be provided for these apps.
-
You can’t deploy app wrapper for new apps.
Notice regarding integration with Microsoft Entra ID
If you integrated Microsoft Entra ID (previously called Azure AD) using a non-gallery MDM app (on-premises MDM app), you must now integrate using a gallery MDM app (cloud-based MDM app) because the token of the on-premises MDM app expires in Oct 2024.
Ensure that you complete migration of Microsoft Entra ID to a gallery app (cloud-based app) before token expiry. See Migrate Microsoft Entra ID sync through an on-premises app to a cloud-based app for details.
On this page
Is this page helpful?