Knox Manage 24.09 release notes
Last updated September 25th, 2024
New
Samsung Knox Manage (Companion) app for Android Management API devices with a work profile
Previously, the Knox Manage app was used for enrolling devices on all platforms. Knox Manage 24.09 introduces a new app specifically for Android Management API devices with a work profile called Samsung Knox Manage (Companion).
Like the existing app, the Samsung Knox Manage (Companion) app is automatically installed when you enroll an Android Management API device with a work profile. However, unlike the existing app, the Samsung Knox Manage (Companion) app must run in the foreground to be able to install certificates and collect device location data.
On signing in on the device, the device user is shown a work checklist, which includes installing work apps, and is prompted to complete the enrollment. After enrollment, the device user can use the app to view detailed information and can configure the app, if required. They can also use the app to find contact information for Support and send activity logs for troubleshooting.
Once enrolled, you can use the app to:
- Locate devices using a device command. Device users are prompted to enable location tracking and the Google location accuracy setting.
- Configure and push certificates to devices. Device users can tap a notification to install the certificate, or can manually install a certificate in the app.
- Send device commands: Collect Audit Log, Collect Device Log, Reset Push Token, and Collect Current Location.
For more information see Manage Android devices with the Android Management API.
Ability to configure Windows updates
With Knox Manage 24.09, you can now set up an Update configuration to manage the Windows versions on your devices. Some key settings are:
| Setting | Description |
|---|---|
| Quality Update Deferral Period (days) | The deferral period for Windows quality updates |
| Feature Update Deferral Period (days) | The deferral period for Windows feature updates |
| Pause Quality Updates Start Date | The start date for pausing Windows quality updates |
| Pause Feature Updates Start Date | The start date for pausing Windows feature updates |
| Set Feature Updates Uninstall Period | The period (in days) following a feature update within which you can recover the previous version |
| Update Branch | The channel to use for receiving the updates. You can set branch readiness levels options for pre-release and released updates. |
| Automatic Update Behavior | The active hours in which to avoid the updates. Updates will only be installed during non-active hours. |
For a complete list of settings available to you, see Windows policies.
Improvements to the VPN policy
Knox Manage 24.09 includes the following improvements to VPN setup for Android devices:
| Platform | Update |
|---|---|
| Android Enterprise Android Management API | Ivanti secure access (Pulse secure) is now supported as a VPN Type while setting up the Android VPN policy. For Android Management API devices, you can set up a managed configuration for the app. |
| Android Enterprise | A new VPN Trigger Type field allows you to specify how the Ivanti secure access (Pulse secure) VPN app is triggered on a device. Values are Manual, On-demand, and Always On. |
| Android Enterprise | User Name is no longer a required field, allowing device users to manually enter their user name in the app. |
See VPN settings for Android Enterprise for a comprehensive list.
Updates for the sub-admin role
Knox Manage 24.09 provides new and updated Permission and Restriction settings when adding a sub-admin:
| New setting | Description |
|---|---|
| Permission > Content | Controls the Content menu (hidden unless this permission is enabled) |
| Permission > Audit Log |
Renamed to Log. Additionally, individual Device Log and Audit Log options provide better control over the logs generated. |
| Restriction > Location Tracking | Controls the Check Location feature in device and group lists |
| Restriction > Tag Management | Controls the Manage tag feature in device and user lists |
| Restriction > User Deletion | Controls the User Deletion feature in user lists |
For more information about the admin settings, see Menu access permissions.
Enhancements to Assign App pages on original and new consoles
Starting with Knox Manage 24.09, the Auto-run after Installation (Non-Android Management API) setting on the App Assign page is renamed to Automatically Run Apps (Non-Android Management API). See Assign internal Android, iOS, macOS, and Windows apps for more information.
Additionally, you can now select from the following values:
- After installation
- After installation and every app update. The previous Yes option is mapped to this value.
- Don’t automatically run app. The previous No option is mapped to this value.
This change is available on the Assign app pages on the new console for Android devices and on the original console for Android and Wear OS devices.
Wear OS policy updates
With Knox Manage 24.09, the following updates are available:
- A new System policy is added for Wear OS devices in Knox Manage 24.09:
| Policy | Description |
|---|---|
| Always on Display | Sets the Always On Display feature on Wear OS devices. |
- Each policy now displays information about the supported Wear OS version in the tooltip.
- Applying the Key Remapping policy disables the Settings menu on the smartwatch to prevent device users from changing the setting.
Android Management API policy additions
With Knox Manage 24.09, the following Android Management API policies are added:
| Policy | Description |
|---|---|
| Connectivity > Printing | Allows the device to send print commands to a printer. Values are Allow or Disallow. |
| Certificate | Allows you to set certificate authority certificates and configure the certificate settings. |
iOS policy additions
With Knox Manage 24.09, the following System policy is added:
| Policy | Description |
|---|---|
| Custom Wallpaper |
Allows you to set a custom wallpaper on the device's home screen, lock screen, or both. Values
For devices running iOS 16 and higher or iPadOS 17 and higher, when you set the wallpaper for the first time, it is applied to both the lock screen and the home screen. After that, you can set separate wallpapers for each screen. |
API enhancements
Knox Manage 24.09 provides the following API related updates:
- A new Notification to device operation to send notifications to Android and iOS devices
- The Get Device Location operation now returns information about date and time in the ISO format using the new parameter
stdFormatUpdated.
For more information on API updates in this release, see the Knox Manage 24.09 release notes in the developer guide.
Support for Device location map on the new console
Starting with Knox Manage 24.09, you can enable location tracking for devices in the new console and view the device locations on the Dashboard and the Devices page.
To view device location map:
- On the Dashboard, click Customize and select Device location map. This displays the Devices by location card on the dashboard. You can search devices by device name, IMEI/SN, and user ID.
- On the Devices page, select a device and click Actions > View device location to see the device’s location on a map.
- Ensure that at least one profile is assigned to the group containing the devices, and the profile’s Location Settings > Allow collection of location data policy is enabled. Otherwise, the Devices by location card shows a Location tracking disabled notification.
Improvements to app management on the new console
Knox Manage 24.09 provides the following app updates.
Manual update of Managed Google Play apps
You can now manually update older versions of Managed Google Play, Managed Google Play private, or Managed Google Play web apps.
To update an app to the latest available version, click the app, and in the sliding panel, click the ellipsis (…) > Update app.
The Version field in the app sliding panel displays the following tooltip to indicate if an update is available — App update is available in the actions menu below.
Modify Managed Google Play private or web apps
The new console now supports modifications to Managed Google Play private and web apps.
To update the apps:
- Go to App library > Actions > Modify private or web apps.
- Select an option for private or web app, and click Next:
- Managed Google Play private — you can modify the app name and file.
- Managed Google Play web — you can modify the app name, URL, display, and icon.
- Select the app and modify its details.
Enhancements to the Assign app page on the new console
Knox Manage 24.09 provides the following updates on the Assign app page.
Scheduled installation of Managed Google Play apps
You can now specify the installation start time when you assign Managed Google Play, Managed Google Play private, or Manage Google Play web apps.
To set an installation schedule:
- On the Assign app page, select one of the following installation types:
- Auto-installed (can be removed by the user)
- Auto-installed (can’t be removed by the user)
- Click Schedule installation start time and set the following:
- Select Set a time for all apps to start installing automatically.
- Specify a date and time for app installation.
- Click Save.
- You must schedule the installation at least an hour after your current time.
- You can select installation times at 30-minute intervals, such as 1:00 and 1:30.
Version tracking of Managed Google Play private apps
When you now assign a Managed Google Play private app, you can also track the app’s versions.
On the Assign app page, select Use app track and select the app version to be installed. If the selected app version is higher than the app already installed on the device and their package names are the same, the app on the device is updated. If the app isn’t updated on the device, you must delete and reinstall it.
Improvements to the Devices page in the new console
Knox Manage 24.09 includes the following changes on the Devices page.
Manage device tags and nicknames
- The Manage device tags page now shows a new Overwrite existing tags option to overwrite device tags in bulk.
- You can now update device nicknames individually or in bulk. For individual device nicknames, update the Device nickname field in the sliding panel. For devices in bulk, use the MANAGE DEVICE NICKNAMES option on the BULK ACTIONS tab.
Additional device list columns
The following additional columns are now available to view information in the device list: Firmware version, Manufacturer, MAC Address, Agent version, Profile name & version, Last Device Command, Lock Status, ICCID information, and Roaming.
Updates to the device sliding panel
The sliding panel of a device shows the following additions:
- The Tags, Status last updated, Device details last updated and Location last updated fields under SUMMARY.
- The SECURITY, NETWORK, and DEVICE INFORMATION categories for improved navigation.
- The APPS > VIEW ALL option that opens the App Library page to view all installed and assigned apps.
Additions to the ACTIONS menu
Furthermore, the Devices page features the following new actions:
| New Action | Description |
|---|---|
| Launch Knox Remote Support | Launches Knox Remote Support for the selected device. The device user must grant permission to launch Knox Remote Support. |
| View device deletion log | Shows a list of device deletion events. You can download the log as a CSV file. |
Support for Android device commands in new console
With Knox Manage 24.09, you can now use Android device commands to perform actions on selected devices.
- To access device commands in the new console, select the required devices and click ACTIONS > Perform action on device option on the Devices page.
- You can also add commonly-used device commands to FAVORITES.
| Category | Device commands |
|---|---|
| DEVICE | Lock device, Unlock device, Lock screen, Clear lock screen, Reset SD card, Play alarm sound, Push notification, Turn off device, Reboot device, Factory reset |
| APP | Run app, Uninstall app, Sync installed app list, Delete app data, Play Integrity (SafetyNet attestation), Register Managed Google Play Account |
| KNOX MANAGE | Push profile, Update Knox Manage agent, Lock Knox Manage agent, Unlock Knox Manage agent, Reset push token, Sync device information |
| USER AND PROFILE | Exit Kiosk mode, Update user information |
| MOBILE NETWORK | Reset data usage, Reset number of calls, Lock SIM pin, Unlock SIM pin |
| CERTIFICATE | Delete a user certificate, Delete admin-installed certificate, Delete a CA certificate |
| DIAGNOSTICS | Collect bug report, Collect audit log, Collect device log, Collect diagnosis information, Check for compromise OS |
Android policy additions on the new console
Knox Manage 24.09 provides the following changes to Android policies on the new console.
| Policy | Setting | Description |
|---|---|---|
| Wallpaper | Change wallpaper |
Allows changing wallpapers on the device. Values
|
| Set custom wallpaper |
Allows you to upload and set custom wallpapers, such as graphics showing your company logo. Values
In all of these cases, you can use Portrait or Landscape orientation. |
|
| System settings | Developer mode > Use mock location for testing |
Allows setting up mock locations for testing purposes. Values
|
| Developer mode > Set limit for background processes |
Allows limiting the device's background processes. Values
|
|
| Developer mode > Close apps if user signs out of device |
Allows closing apps once the device user signs out. Values
|
|
| Safe mode |
Allows turning on the device in safe mode, which will isolate third-party apps. Restart the device to exit safe mode. Values
|
|
| Backup data on cloud |
Allows cloud backups for device data. Values
|
|
| Set date and time |
Allows the device user to adjust the clock and current date. Values
|
|
| Set user certificates |
Allows setting user certificates for the device. Values
|
|
| Change language |
Allows changing the language. Values
|
|
| Change brightness setting |
Allows changing device brightness settings. Values
|
|
| Always on display |
Allows using the Always On Display (AOD) feature on the device, which lets users display a wallpaper or background while the screen is off. Values
|
|
| Android Easter egg game |
Enables the Android Easter Egg game on the device. Values
|
|
| Notification | Show notifications on device |
Allows showing notifications on the device screen. Values
|
| Show error notification after app crash |
Allows showing error notifications after an app unexpectedly terminates. Values
|
|
| Show notification if event is triggered |
Sets the device to display a notification when a device control event is applied. Values
|
|
| Show notification if event is disabled |
Sets the device to display a notification when an event for device control is disengaged. Values
|
|
| Remove notifications from Quick panel |
Allows removing notifications from the Quick panel on the device. Values
|
|
| Show message for blocked settings |
Enables custom messages that are shown when the device user taps or tries to use a disabled setting in the Settings app. Values
|
|
| Show custom message on lock screen |
Enables a custom message on the device's lock screen. You can add lookup items to the message, which substitute for device and user information such as usernames and phone numbers in the Android environment. Value
If the message contains only whitespace characters, then no lock message displays. If this value is unset, the message only contains the user information — provided it's available. |
|
| Security Settings | Take action if OS is compromised |
Enables Knox Manage to perform a specific security measure if it detects a compromised OS. Values
Factory reset is not supported for devices running Android 2 and lower. However, you can simultaneously factory reset and initialize the SD card. |
| Set encryption for device storage |
Allows encrypting internal and external device storage. Values
|
|
| Lock screen | Block certain actions if screen is locked |
Allows blocking certain actions on the device if the screen is locked. Values
|
| Screen lock time changes by device user |
Allows the device user to change the screen timeout period. Values
|
|
| Connection settings | Use Wi-Fi > Wi-Fi Direct |
Enables the device to communicate with other devices using Wi-Fi Direct. Only applicable for devices that support the Samsung Knox platform. Values
|
| Use Bluetooth > Desktop connection |
Enables the device to connect to a Windows laptop, PC or tablet through Bluetooth. Only applicable for devices that support the Samsung Knox platform. Values
|
|
| Use Bluetooth > Search mode |
Enables the device to discover other devices through Bluetooth. Only applicable for devices that support the Samsung Knox platform. Values
|
|
| Control Bluetooth settings |
Allows the device user to access Bluetooth settings. Values
|
|
| Use VPN |
Allows connecting to a Virtual Private Network (VPN). Values
|
|
| Transfer data using NFC |
Allows the device to transfer data using Near Field Communication (NFC). Values
|
|
| Use external SD card > Write to external SD card |
Allows the device to write to an external SD card. Values
|
|
| Location settings | Location settings > Allow collection of location data |
Allows collecting location data. Values
|
| Location settings > Allow collection of location data > Set collection time |
Sets a daily time limit for collecting location data. Values
|
|
| App controls | Skip app tutorials |
Allows skipping app tutorials on the device. Values
|
| Control apps from settings |
Allows controlling apps through device settings. Values
|
|
| Delegated scopes for apps |
Allows the device owner to grant certain apps access to some Android Device Policy Manager (DPM) functions, such as certificate installation, configuration management, and network activity logging Click SET APP DELEGATION, find and select an app from the APPS or SYSTEM APPS tabs, and proceed to select one or more values for your app delegation scope: Values
Once you are done, click SET DELEGATION SCOPE to save the changes, or click CONFIRM AND SET ANOTHER to delegate scopes for another app. |
|
| Runtime permissions for all apps |
Sets runtime permissions to prevent apps from accessing private data without a device user's consent. Values
|
|
| Runtime permissions for all apps > Exceptions list |
Allows you to set runtime permissions for specific apps. Only applicable for Managed Google Play Public, Private, and Web apps. Click SET PERMISSION, find and select an app, and then proceed to specify app permissions. |
|
| App allowlist and blocklist | Block certain apps from using mobile data |
Prevents certain apps from transferring app data over cellular networks. Click SELECT APPS, select your intended app rows, and finally click SELECT to add them to your mobile data blocklist. |
| User and account | Add or delete account |
Allows adding or deleting user accounts on the device. Values
|
| Add or delete account > Account type allowlist and blocklist |
Lets you set the allowlist or blocklist for the device. Values
For each of these lists, you can specify Account types and Select accounts to allow in Google Play values. |
|
| User deletion |
Allows deleting device users. Values
|
Terminology updates for Android policies in the new console
With Knox Manage 24.09, the following Android policies have been renamed in the original console for a more intuitive user experience:
| Policy | Previous setting name | New setting name |
|---|---|---|
| System | Camera | Use camera |
| Screen Capture | Screen Capture Permission | |
| Safe mode | ||
|
System Update Values
|
Install System Updates Values
|
|
| Backup data on cloud | ||
|
Set date and time Values
|
||
| Set user certificates | ||
| Change language | ||
| Change brightness setting | ||
| Always on display | ||
| Android Easter egg game | ||
| Wallpaper | Change wallpaper | |
|
Set custom wallpaper Values
|
||
| Set custom wallpaper > Home screen | ||
| Set custom wallpaper > Lock screen | ||
| Set custom wallpaper > Wallpaper | ||
| Notification | Show notifications on devices | |
| Show error notification after app crash | ||
| Show notification if event is triggered | ||
| Show notification if event is disabled | ||
| Remove notifications from Quick panel | ||
| Show message for blocked settings | ||
| Show message for blocked settings > Show custom short message | ||
| Show message for blocked settings > Show custom long message | ||
| Show custom message on lock screen | ||
| Show custom message on lock screen > Write message | ||
| Security settings |
Take action if OS is compromised Values
|
|
|
Set encryption for device storage Values
|
||
| Lock screen |
Screen lock expiration (days) Values
|
Set days before user must reset password Value
|
| Unlock attempt limit | Limit wrong unlock attempts | |
| Screen lock timer (hours) | Lock devices after a set number of hours | |
|
Block certain actions if screen is locked Values
|
||
| Screen lock time changes by device user | ||
| Maximum screen timeout allowed | Set maximum screen timeout allowed | |
| Connectivity | Wi-Fi | Use Wi-Fi |
| Bluetooth | Use Bluetooth | |
| Use Bluetooth > Desktop connection | ||
| Use Bluetooth > Search mode | ||
| Control Bluetooth settings | ||
| Use VPN | ||
| USB File Transfer | Transfer files through USB | |
| Transfer data using NFC | ||
| External SD Card | Use external SD Card | |
| Use external SD Card > Write to external SD card | ||
| Wi-Fi |
Additional settings Values
|
Additional settings Values
|
| Location |
Allow collection of location data Values
|
|
|
Allow collection of location data > Set collection time Values
|
||
| App controls | Skip app tutorials | |
| Control apps from settings | ||
| Delegated scopes for apps | ||
| Runtime permissions for all apps | ||
| Runtime permissions for all apps > Exceptions list | ||
| Block certain apps from using mobile data | ||
| User and account | Add or delete account | |
| Account type allowlist and blocklist | ||
| Account type allowlist and blocklist > Accounts types | ||
|
Account type allowlist and blocklist > Select accounts to allow in Google Play Values
|
||
| Account type allowlist and blocklist > Accounts | ||
| User deletion |
Improvement to assignment settings for ChromeOS apps
Knox Manage 24.09 now supports new Incognito mode and Policy for extensions settings while assigning apps to ChromeOS devices. The Incognito mode setting prevents apps from saving certain information.
To use the new settings when assigning an app to the ChromeOS device:
- On the Assign Application dialog, select Users & browsers and click OK. The Select Users & Browsers Application page displays.
- Select the app and click Assign.
- To allow use of the Incognito mode, set it to Locally applied and Yes. If you set it to No, the device user can’t use Incognito mode.
- Set the Policy for extensions to Inherited from Google Default.
- Click Assign & Update to Google to save your changes.
Support for Managed Configuration for Android apps on ChromeOS
With Knox Manage 24.09, you can now set Managed Configuration when assigning Android apps to ChromeOS devices.
To use this feature, during app assignment select Users & browsers mode, then select the app. Proceed to use the Manage Configuration field to specify configuration values.
- On the Assign Application dialog, select Users & browsers and click OK. The Select Users & Browsers Application page displays.
- Select the Android app and click Assign.
- Set Managed Configuration to Inherited from Google Default.
- Click Assign & Update to Google to save your changes.
Updates to ChromeOS device commands
The following ChromeOS device commands are newly added in Knox Manage 24.09:
| Device command | Description |
|---|---|
| Reboot |
Sends a device reboot command. Reboot delay options are:
|
| Export Logs |
Sends an export log request for selected log types. On the Request Command confirmation dialog, you can specify the diagnostic data to include in the log sent to Google. You can download the ZIP file containing the log from Device Details > Device Information tab > System logs. The naming format of the ZIP file is admin-generated-(UTCtimestamp_identifier). |
| Capture logs |
Sends a capture log request for devices that don't support the Export Logs command. To enable this command, you must first enable the Device system log upload policy for the organization to which the device is assigned:
Changing the device mode disables the policy. Ensure that you set the policy again after changing the device mode. You can download the log file, called logs.zip, from Device Details > Device Information tab > System logs. |
The Capture logs and Export logs commands are supported on the following ChromeOS versions:
| Device command | Supported version | ||
|---|---|---|---|
| Users & browsers mode | Kiosks mode | Managed guest sessions mode | |
| Export logs | ChromeOS 122 or higher | ChromeOS 114 or higher | ChromeOS 122 or higher |
| Capture logs | ChromeOS 121 or lower | ChromeOS 113 or lower | ChromeOS 121 or lower |
Updates
Enhancements to the Device page
Starting with Knox Manage 24.09, the Device page supports the following changes:
- When exporting device lists to Excel (Device > Export to Excel), the Device Nickname (Alias) is now also included.
- For iOS devices:
- A new Advance Search filter called MDM Profile Removed(iOS). You can use this filter to search for iOS devices that are no longer connected to the Knox Manage server because their MDM profile was deleted. After you identify the devices, you can re-enroll them to reestablish their connection to the Knox Manage server.
- In the search results, a tooltip MDM Profile Removed is shown in the Device Name column for devices not connected to the Knox Manage server.
Enhancements to the Group Details page
Knox Manage 24.09 includes the following updates to the Group Details page:
- New Advance Search for more effective search of devices in a group. The advanced options include a variety of device conditions.
- New column options to view additional information on the Device tab. You can choose from the following new options: Status, Last Seen, Device Name, IMEI / MEID, Serial Number, User Name, Device Tag, Platform & Management Type, Mobile Number, Enrollment Type, and Status Last Updated.
License update for Knox Browser
Knox Browser was a premium feature that required a Knox Suite license. With Knox Manage 24.09, Knox Browser is now available to all tenants, irrespective of the license type.
Windows OS improvements
Knox Manage 24.09 includes the following enhancements for Windows OS devices:
- Windows OS version information is now synced between Knox Admin Portal and Windows settings to show consistent version information.
- You can now install Knox Manage in Windows environments where the Microsoft Store app is not available.
Enhancements to file uploads
Knox Manage 24.09 includes the following enhancements to file uploads:
- Scanning of apps and content files for malware — previously, uploading apps and content files to the Knox Manage console didn’t involve checking them for malicious software.
- Starting with Knox Manage 24.09, when you upload an APK file or a content file to the console, the files are automatically scanned for malware. If the scan is successfully completed, the file is uploaded and you can use it as required.
- Maximum file size for content uploads — you can now upload content files of up to 4 GB. Previously, the maximum file size allowed for upload was 2 GB.
Improvement to limited enrollment of Android Enterprise devices
Previously, you could set up limited enrollment for either Devices or KME Devices. With Knox Manage 24.09, you can now set up limited enrollment based on Management Types as well.
Consider the following when using the Management Types option:
- Device users belonging to one or more groups can enroll using a management type allowed for those groups.
- Device users that do not belong to any group can enroll using any management type.
- If a device user tries to enroll with a management type that is not allowed, a Mismatched Management Type error — with error code KMA_F9002 — displays on the device screen.
Persistent content sorting on Knox Manage agent
Previously, the Knox Manage agent’s Content screen didn’t retain its Ascending or Descending sort order if the device user navigated away from the screen. Starting with Knox Manage 24.09, the sort order on the Content screen persists even after the device user returns to the screen.
Improvements to API Client Log page
With Knox Manage 24.09, you can now search for API Client Logs using API names and view logs from a specific Log Date & Time range. The API Client Log page displays up to 500 rows of logs. You can use the new Load More button to view additional logs.
Support to prevent backup of VPP app data to iCloud
Previously, for Apple Volume Purchase Program (VPP) apps assigned to iOS or MacOS devices, the app data was automatically backed up to iCloud.
With Knox Manage 24.09, you can now disable the automatic backup of data for VPP apps assigned to iOS or macOS devices. To use this setting, on the Assign Application page, set Prevent iCloud App Backup to Yes.
Enhancements to Google server and sync settings for ChromeOS
Previously, Sync New Chrome OS Enrollments under Server Setting displayed a Sync Google option.
With Knox Manage 24.09, the Server Setting section is updated as follows:
| Existing setting | Update |
|---|---|
| Sync New Chrome OS Enrollments | Renamed to Sync Google Admin & Manage License |
| Sync Google button |
Renamed to Sync & Assign. You can provide status for:
|
Terminology updates for Android Enterprise policies
With Knox Manage 24.09, the following Android Enterprise policies have been renamed in the original console for a more intuitive user experience:
| Category | Previous policy name | New policy name |
|---|---|---|
| System | Camera | Use camera |
| Screen Capture | Screen Capture Permission | |
| Mock Location | Use Mock Location for Testing | |
| Background Process Limitation | Set Limit for Background Processes | |
| Quit Application Upon Killing Activities | Close Apps if User Signs Out of Device | |
| System Updates | Install System Updates | |
| Schedule (Start - End Time) | Set Time Range | |
| Freeze Period | Set Dates to Block Updates | |
| Backup | Backup Data on Cloud | |
| Date and Time | Set Date and Time | |
| Certificate Settings | Set User Certificates | |
| Language Setting | Change Language | |
| Brightness Setting | Change Brightness Setting | |
| Easter Egg | Android Easter Egg Game | |
| Wallpaper Change | Change Wallpaper | |
|
Custom Wallpaper Values
|
Set Custom Wallpaper Values
For information about how the values are mapped, see "Mapping of custom wallpaper values" below. |
|
| Create Window | Show Notifications on Device | |
| System Error Screen Control | Show Error Notification after App Crash | |
| Notifications when an Event is Set to On | Show Notification if Event is Triggered | |
| Notifications when an Event is Set to Off | Show Notification if Event is Disabled | |
| Fix Event Notifications | Remove Notifications from Quick Panel | |
| Set a Message for Blocked Settings | Show Message for Blocked Settings | |
| Set a Message for Lock Screen | Show Custom Message on Lock Screen | |
| If Compromised OS is Detected | Take Action if OS is Compromised | |
| Encryption for Storage Settings | Set Encryption for Device Storage | |
| Location | Screen Lock Expiration (days) | Set Days Before User Must Reset Password |
| Send Notification Before Expiration (Fully Managed) | Notify Users about Expiring Passwords (Fully Managed) | |
| Unlock Attempt Limit | Limit Wrong Unlock Attempts | |
| Screen Lock Timer (hours) | Lock Devices after a Set Number of Hours | |
| KeyGuard (Block Functions on the Lock Screen) | Block Certain Actions if Screen is Locked | |
| Screen Timeout | Screen Lock Time Changes by Device User | |
| Maximum Screen Timeout Allowed | Set Maximum Screen Timeout Allowed | |
| Device Location Collection | Allow Collection of Location Data | |
| Time Between Location Collection | Set Collection Time | |
| Connectivity | Wi-Fi | Use Wi-Fi |
| Bluetooth | Use Bluetooth | |
| Desktop PC Connection | Desktop Connection | |
| Bluetooth Setting | Control Bluetooth Settings | |
| VPN Settings | Use VPN | |
| USB File Transfer | Transfer files through USB | |
| Outgoing Beam | Transfer Data Using NFC | |
| External SD Card | Use External SD Card | |
| Wi-Fi | Automatically Connect to the Network | Automatically connect to Wi-Fi |
| Allow User to Remove the Network | Allow user to remove network from Knox Manage agent configuration | |
| Hidden Network | Hide Wi-Fi (SSID) | |
| App Restrictions | App Control | Control Apps from Settings |
| App Verification | Verify Apps Using Google Play Protect | |
| App Delegation Scope Management | Delegated Scopes for Apps | |
| App Permission | Runtime Permissions for All Apps | |
| Prevent Apps from Using Mobile Data Setting | Block Certain Apps from Using Mobile Data | |
| Account Modification | Add or Delete Account | |
| Account Block/Allowlist | Account Type Allowlist and Blocklist | |
| Allow Account in Google Play | Allow Changes to Managed Google Play |
Mapping of custom wallpaper values
The existing Custom Wallpaper values are mapped to the new Set Customer Wallpaper settings as follows:
| Existing value | Existing uploaded file | Mapping to the new value |
|---|---|---|
| Apply to the home and lock screen respectively | File uploaded for home screen only | Set for home screen only |
| File uploaded for lock screen only | Set for lock screen only | |
| File uploaded for both home and lock screens | Set for home and lock screen | |
| Apply to the home and lock screen | Set for home and lock screen with the same image |
Platform updates
Latest supported platform versions
Knox Manage 24.09 supports the following latest platform versions:
| Platform | New supported version |
|---|---|
| Android Enterprise | Android 15 |
| iOS | iOS 18 |
| iPadOS | iPadOS 18 |
| macOS | macOS 15 |
| Wear OS | Android 14 |
Changes to minimum supported platform versions
| Platform | Previous minimum supported version | New minimum supported version |
|---|---|---|
| ChromeOS | ChromeOS 99 | ChromeOS 120 |
| iOS User Enrollment | iOS 15 | iOS 16 |
Improvement to Wear OS enrollment
With 24.09, the enrollment process of Wear OS devices is improved to ensure faster enrollment. For information about how to enroll smartwatches, see Enroll a Wear OS device.
Miscellaneous updates to the new console
With Knox Manage 24.09, the new console includes the following miscellaneous updates:
- You can now view an app’s version code in the tooltip available on the Version field, which shows on the Add app and Edit app pages and on an app’s sliding panel.
- The Type field on an app’s sliding panel is now removed, since the information is available in App source details.
- Clicking the device count on the Devices issues card on the dashboard opens the Devices page to view details.
- The confirmation message on the Delete app(s) dialog is updated and the color of the Delete button is changed to red.
- The Profiles page now shows policies under following categories for improved navigation: System, Connectivity, Wi-Fi, Lock screen, Location, App restrictions, and Kiosk.
- The menu structure and policy settings structure on the Create policy page are updated for better user experience.
- You can now find settings on the Create profile and Create policy pages using search.
- Policy names are now editable. Previously, policy names couldn’t be edited once saved.
- The Created In column on the Profiles page is now shown only when the profile list contains a profile created in the original console.
- You can now no longer create a profile without defining settings. The Create and Review buttons on the Create policy page are enabled only if you define settings for the profile.
Change to tenant behavior regarding default organizations
Previously, a Default Organization was automatically created for all tenants. The Default Organization got assigned to users not added to any organization.
Starting with Knox Manage 24.09, the Default Organization is no longer automatically created for new tenants. Additionally, users are not required to be assigned to an organization, allowing greater flexibility to manage them using either a group or an organization.
Back to release notesOn this page
Is this page helpful?