Knox Manage 24.06 release notes
Last updated June 26th, 2024
New
New console for Knox Manage
To provide a more streamlined Knox Manage experience, a new console is now available. For the 24.06 release, this new console offers core Knox Manage functionality to administer Android devices and better integration with the Knox Admin Portal.
By default, you’ll see the original console on the Knox Admin Portal’s left navigation pane. If you’re the super admin for your enterprise, you can change your preferred Knox Manage console in the Knox Admin Portal settings.
For an introduction to the new console, see About the new console.
Android Management API device command addition
Knox Manage 24.06 now supports a new device command — Enable Lost Mode — for Android Management API devices. When a device, thought to be lost or stolen, is sent this command:
-
The device is automatically locked and sounds an alarm for five minutes to help the user locate it in case it’s just misplaced. If found, the device user must manually unlock the device.
-
If the device can’t be located, it remains locked until you disable the lost mode for the device. Additionally, you can view the device’s location in the Knox Manage console.
To ensure that unauthorized personnel can’t disable the lost mode on a device, you must first configure the screen lock and location tracking settings.
The Enable Lost Mode device command can’t be used to locate a device if:
-
the device user manually exited the lost mode in the last 12 hours
-
you reset the screen lock using a device command in the last 12 hours
-
the device user paused the work profile
Improvement to Android app management
Knox Manage 24.06 brings you the following updates to help you better manage Android apps in the console:
-
Prior to Knox Manage 24.06, you needed to manually update app versions on the Application page in the Knox Manage console. With this release, after you sign in to the console, Knox Manage automatically checks and updates the apps from Managed Google Play and iOS App Store every 24 hours.
-
The Add Application and Modify Application pages have the following changes:
-
Unassign Option is now renamed to Uninstall Option
-
Uninstall if the app is unassigned is now renamed to Uninstall the app from all unassigned devices.
Previously, if the Uninstall if the app is unassigned setting was configured, all Android apps not assigned to a group or organization were uninstalled from devices. With this release, only apps installed using the Knox Manage console are uninstalled on devices.
-
Enhancements for kiosks on Android devices
Knox Manage 24.06 supports the following enhancements for kiosks:
-
Previously, you could set only a single wallpaper for a kiosk screen. With Knox Manage 24.06, you can now specify two different wallpapers — one for the landscape and another for the portrait orientation — when Orientation & Grid is set to Auto Rotate.
-
You can now configure additional device settings — Do not disturb and Auto Rotation — for kiosks. Kiosk users can turn these settings on or off in the Settings menu on the kiosk.
For kiosks running Android 11 or lower, kiosk users can find the Auto Rotate setting at Settings > Knox Manage.
Enhancement to Activation lock bypass on iOS devices
Knox Manage 24.06 now provides the Enable Activation Lock device command to support the Activation Lock feature in iOS and iPadOS.
Activation Lock is disabled for Apple devices enrolled using Automated Device Enrollment (ADE). When a device user signs in with an Apple ID, both the Find My and Activation Lock features are enabled. You can use this new command to enable, disable, and bypass Activation Lock on Apple devices enrolled in Knox Manage. For more information, see iOS device commands.
Consider the following:
-
To disable Activation Lock, select Device command > Device > Enable Activation Lock > Disable Activation Lock.
-
To manually disable the Activation Lock on devices that are factory reset or unenrolled from Knox Manage, you can enter the Activation Lock Bypass Code in the Password field, leaving the ID field blank, in the Setup Assistant.
iOS 17 policy additions
The following new iOS 17 policies are supported in the Knox Manage 24.06 release.
Policy group | New policy | Description | Supported system |
---|---|---|---|
System | Rapid security response installation | Allows an admin to prohibit installation of rapid security responses. |
iOS 16 and higher Supervised |
Rapid security response removal | Allows an admin to prohibit removal of rapid security responses. |
iOS 16 and higher Supervised |
|
iPhone widgets on Mac devices | Allows an admin to disable iPhone widgets on Macs signed in using the Apple ID for iCloud. |
iOS 17 and higher Supervised |
|
App Restrictions | Marketplace app installation | Allows an admin to disable the installation of alternative marketplace apps from the web.
This feature is available in the EU only. |
iOS 17 and higher Supervised |
Phone | Live voicemail | Allows an admin to disable live voicemail. This feature is available in US and Canada only. |
iOS 17.2 and higher Supervised |
Preservation of eSIM on Erase | Allows an admin to preserve eSIM when a device is erased, provided that the device wasn't erased using the Find My feature. |
iOS 17.2 and higher Supervised |
Enhancement to device commands for shared iPads
Previously, the Update Knox Manage Agent device command was supported for single-user iPadOS devices only. With Knox Manage 24.06, this device command is also supported for shared iPads.
Improved integration with identity providers
Previously, Knox Manage provided support for specific identity providers (IdP) — Microsoft Entra, Okta, and Ping Identity — for user sync and authentication of users.
With Knox Manage 24.06, you can now integrate Knox Manage with any IdP that uses the LDAP, OIDC, or SCIM protocols. You can also specify a custom connection for sync and authentication of users in an IdP.
Additionally, if you’re syncing user information, such as userPrincipalName(UPN)
, userID
, and email
, from an on-premises Active Directory, only the username of the email address is synced and used as the Knox Manage user ID. For example, if the email in the Active Directory is sampleUser01@example.com, it’s synced and used in Knox Manage as sampleUser01@KMtenantID.
Secure installation of SCC Client
Starting with Knox Manage 24.06, you can specify a Secret Token when installing the SCC client. The added security helps authorize SCC and prevent data leaks through the KM-SCC-LDAP channel. You can also revoke and generate the Secret Token for the Cloud Connector.
To use the Secret Token:
- Go to Setting > Configuration > Basic Configuration > Cloud Connector.
- Select Copy.
- Paste the Secret Token during the SCC installation process.
API enhancements
With Knox Manage 24.06, the selectDeviceAppList
operation now returns three additional parameters — IP Address
, AP Name
, and AP Mac Address
.
For more information on API updates in this release, see the Knox Manage 24.06 release notes in the developer guide.
Update to Knox Manage direct URL sign-in
Starting with Knox Manage 24.06, if you’re signing in to Knox Manage using the direct link, you’re prompted to sign in using the Knox Admin Portal instead.
Access to Knox Remote Support and Knox Mobile Enrollment services require you to be signed in using a Samsung account or SSO using the Knox Admin Portal. If you signed in to the Knox Manage console using a direct link, the Knox Remote Support and Knox Mobile Enrollment buttons show the icon to indicate that it’s a direct sign in.
Updates
Changes to supported platform versions
With Knox Manage 24.06, the supported platform versions are now updated as follows:
Platform | Previous supported version | New supported version |
---|---|---|
Minimum Android version for Kiosk Browser and Knox Browser | 6 | 8 |
Improvement to Google account sign-in on Android devices
Previously, a device user had to manually enter an email ID to set up a Google account on a device. With Knox Manage 24.06, device users are prompted to set up a Google account on enrolled devices running Android 9 and higher, and the corporate work email ID that was used for enrollment is automatically populated on the sign-in page. Note that as email IDs aren’t case sensitive, any email IDs that include uppercase letters are automatically transformed to lowercase.
Additionally, the Google account is auto-populated even if the Google domain is listed in the blocklist for the Account Modification policy.
Update to Android Management API KeyGuard policy
Knox Manage 24.06 now supports two additional functions for the KeyGuard policy that can’t be accessed from the locked screen of the device:
- Camera
- Shortcut
Enhancement to Staging policy for Android Enterprise
With Knox Manage 24.06, you can now limit the number of times a device user can attempt to exit a shared device. Additionally, if the device user exceeds the set limit, you can prevent them from entering the code for either 10 mins or 30 mins.
The new Exit Staging Mode Attempt Limit and Take Action if Attempts Are Exceeded policies can be set on the Set Policy and Modify Policy pages at Android Enterprise > Staging. For more information, see Android Enterprise policies.
Enhancement to time-fencing event for Android Enterprise
Previously, an event profile of the Day & Time type was triggered after a small delay instead of exactly at the scheduled time.
Knox Manage 24.06 provides improvements to the time-fencing event on Android devices. When you push a new or updated Date & Time event to non-Samsung devices or Samsung devices with a work profile, the device users are prompted to accept or deny the change and permit the Knox Manage Agent to run in the device’s background. Fully managed devices don’t require user permission to run the event.
Enhancement to reports
Knox Manage 24.06 provides new query options for the following reports:
Report | Query option |
---|---|
Device Details Information |
|
Device by Group |
|
For more information, see Default reports and report queries.
Improvement to device location
Previously, the end date on the Check Location page showed the last updated date by default. With Knox Manage 24.06, the end date is now automatically set to the current date. For more information, see View location data.
Improvements to admin authentication
Two-factor authentication
Previously, you could set two-factor authentication for admins in your tenant by navigating to Setting > Configuration > Basic Configuration page in the Knox Manage console.
As part of Knox Manage 24.06, you are now prompted to set up two-factor authentication as soon as you sign in to Knox Manage using a direct URL. The dialog links you to the Basic Configuration page and complete the setup.
Updated password requirements
With Knox Manage 24.06, you are now required to change your password every three months. Additionally, passwords must now meet stringent requirements:
- A combination of letters, numbers, and special characters and a minimum password length of 8 characters
- No more than two identical letters or numbers
- No more than two consecutive numbers
For more information, see Add an administrator.
Terminology updates for policies
With Knox Manage 24.06, the following Android Enterprise, Samsung Knox, and Android Enterprise Management API app restriction policies are renamed:
Platform Type | Previous policy name | New policy name |
---|---|---|
Android Enterprise | Untrusted App Sources | App Installation from Other Sources |
App Execution Blocklist Setting | Block Certain Apps from Running | |
Hide App Setting | Hide Apps | |
App Uninstallation Prevention List | Block Certain Apps from Being Uninstalled | |
System App Reactivation | Activate Certain Pre-installed System Apps | |
Prevent Apps from Using Mobile Data Setting | Prevent Apps from Using Mobile Data | |
App Download Block/Allowlist Setting | App Download Block/Allowlist | |
Apps Allowing External SD Card Setting | Apps Allowing External SD Card | |
Work and Personal Apps Connection Setting | Work and Personal Apps Connection | |
Samsung Knox | App Component Blocklist Setting | App Component Blocklist |
Android Management API | Untrusted Apps Policy | App Installation from Other Sources |
App Execution Blocklist | Block Certain Apps from Running | |
System App Reactivation | Activate Certain Pre-installed System Apps |
Deprecations
Notice regarding App Wrapper deprecation
With the Knox Manage 24.06 release, the App Wrapper functionality is deprecated.
- You can’t deploy an App Wrapper for new apps.
- Existing apps using App Wrapper can continue to use it without any impact.
The App Wrapper (Deprecated) setting in the Modify Application dialog is now shown only for apps already using the functionality. If you change the setting to No, the app wrapper is removed from the app and the App Wrapper (Deprecated) setting is not shown again.
Notice regarding deprecation of device commands and policies
The following commands and policies are deprecated in the Knox Manage 24.06 release.
Component | Deprecated options |
---|---|
Android Legacy platform |
|
Android Enterprise platform | Lock Email option available for the If compromised OS is detected policy |
Knox Manage Agent | Lock EAS option available for the OS Version Violation policy |
On this page
Is this page helpful?