Knox Manage (v19.9) release notes - September 26th 2019

Please refer to the below list of new features and improvements to be released with Knox Manage
version 19.9 scheduled for Thursday, the 26th of September 2019 till Monday, the 30th of September 2019.


  1. UI/UX design refreshment
  2. Multi-profile support
  3. Android zero-touch support
  4. AD/LDAP group sync support
  5. Android Q OS updates


  1. [UI/UX] Look & Feel Refreshment

The UI/UX design of Knox Manage Admin console been redesigned into Knox Suite style. This refreshment will allow IT admins with simplified workflows and deliver harmonized
look and feel with other Knox Cloud services such as Knox Configure.

  1. [UI/UX] App Assignment Workflow Enhancement

App Management profile step has been removed to streamline steps to assign
applications to groups and organizations. Now three clicks with connection points are all steps you have to do to assign apps.


  1. [UI/UX] Multi-profile Support

With Multi-profile support, IT admins can assign more than one profile to groups and
organizations and manage each by priority settings. The profile with the highest priority overrides the others when policy conflict occurs among multiple profiles.


  1. [UI/UX] Simplified Group Management

It was often hard for IT Admins to understand and manage many different types of
groups with different limitations.

Now, there are only three groups (of user, device and AD/LDAP) where multiple MDM
profiles or device commands can be executed regardless of types of the group.


  1. [UI/UX] Relocation of Keepalive and Profile Update Scheduler Settings

Two types of Knox Manage agent policies, Keepalive and Profile Update Scheduler, have
been moved to portal's main "˜Setting' menu.

Also, IT admins can apply each setting globally or per group/organization.5.PNG

  1. [AD/LDAP Sync] Profile Assignment to AD/LDAP Group

Previously, IT Admins could not assign profiles to AD/LDAP groups directly; they had to
firstly create organizations and move users to organization to assign profiles.

With v19.9 improvements, IT Admins can assign profile to AD/LDAP group.

  1. [Remote Support] Transferring of Whole Folder Device and IT Admin PC

Till the release, Remote Support supported transfer of file types only. With this release, Remote Support can move folder and every files inside that folder together.

This improvement is especially useful for the IT Admin to gather a whole bunch of device dump logs in the saved folder.

  1. [Android Enterprise] Google's zero-touch support

Samsung Knox Mobile Enrollment is a crucial feature for B2B customers who usually
require bulk enrollment feature, but the service is available for Samsung devices only.

In consideration of customers with mixed device environment, Knox Manage
implemented similar service by Google, called "zero-touch," from v19.9. It means we
now support bulk enrollment services for general Android devices as well.

  1. [Kiosk] Automatic App Deletion Upon Profile Removal

Previously, once-downloaded kiosk apps stayed on the device side even after the
removal of kiosk profiles or unenrollment upon IT Admin's command.

Now IT Admins can decide whether to remove kiosk application from the device
automatically or not when released from Kiosk mode. Default value is "Allow" (remove).

  1. [Android Enterprise] AER's Advanced Feature Updates

Knox Manage passed the standard level of Android Enterprise Recommended validation.
And now, we plan to implement advanced features as well starting from Fully Managed
Device and Work Profile. v19.9 update includes several advanced items like below.

  • When compliance issue happens, Work Profile apps will be hidden
  • Advanced password policy for AER advanced requirement
  • Key guard management for AER advanced requirement
  • Zero-touch device owner enrollment
  1. [Policy] Time Zone setting

IT Admins can force "Select Time zone" of user devices. If time zone policy is setup,
then the "Date/Time auto configuration" option will be grayed out.

  1. [General] "Android Go" Device Support Through Android Enterprise

Samsung Android Go devices does not have Knox platform and miss Knox API sets, so
do Knox policies. However it was not clear for IT Admins to understand such technical

Android GO devices should be handled as a non-Samsung Android devices although the
manufacturer is Samsung, and it is recommended to be enrolled through Android
Enterprise if were to use.

  1. [General] Deprecated Features with Android Q

Some EMM features are dependent to device OS. With huge updates in Android Q OS,
the below features will not be supported from Q devices. Please refer to the below
deprecation list when managing Android Q OS devices.

  1. MDM Profile > Knox > Container Data > Moving a file to Knox area/ general area
  2. Android Enterprise/ Android (Legacy) > System > S Beam
  3. Android Enterprise/ Android (Legacy) > Interface > NFC Control
  4. Knox > Firewall > Container > All Packages ("By Application" is still available)
  5. Knox/ Android (Legacy) > Security > Smart Card Browser Authentication
  6. Android (Legacy) > Security/ App/ System > … > Device Lock
  7. Device Command > Device > Lock & Unlock device/ Power off device/ Data reset
  8. Device detailed information > Wi-Fi & Network data usage
  1. [General] Updated Features with Android Q.
  1. Containers (Knox Workspace in Samsung Legacy, Work Profile in AE device) should be
    created manually through notification bar. High Accuracy setup also requires manual
    notification bar.
  1. Application runtime permission at Android Legacy can't be forced to end user. In other
    words, end user can change configuration from the device settings anytime later.
  1. Silent COMP deployment is limited from Android Q. If the device screen is off, then end
    user must click notification to deploy COMP later.

Resolved Issues and Improvements

  • [00173876 / KMVOC-8491] Wifi not automatically deploying
  • [00169394 / KMVOC-8152] Factory Reset issue
  • [00169035 / KMVOC-8186]Device command delivery has failed (device not found)
  • [00170363 / KMVOC-8198] E-FOTA - status is not displayed at all.
  • [00170608 / KMVOC-8212] Legacy Exchange activesync configuration applied but not
    registered by KM Agent
  • [00168158 / KMVOC-8220] KM Client given for 4.4 is not working properly - especially Multi
    app kiosk mode.
  • [00170715 / KMVOC-8238] Dialer app does not accept incoming calls
  • [00172103 / KMVOC-8298] Bug in App Permission policy
  • [00172629 / KMVOC-8327] Using Knox Manage after upgrade to version 9 (same issue as
  • [Internal testing / KMVOC-8334] COMP is not created in P devices.
  • [00173004 / KMVOC-8350] SIM PIN being shown on KM Client App "View Policies"
  • [Internal testing / KMVOC-8351] Activation Type is wrong
  • [00173438 / KMVOC-8359] Display warning details
  • [Internal testing / KMVOC-8361] AE DO and COMP enrollment flow issue
  • [00172514 / KMVOC-8361] Issues with Samsung e-mail app
  • [00173456 / KMVOC-8371] AE DO enrollment issue with KM (same issue as #8361)
  • [internal testing / KMVOC-8435] Email Account deleted automatically