Menu

KME (KCS 1.36) release notes — November 4th 2020

Language selection for gesture-based enrollment with Android 11

Unlike Android 10 enrollment and the utilization of a language selection menu, with gesture-based KDA or QR code Android 11 enrollments, you cannot select a language.

To remedy this shortcoming, this release introduces a screen dedicated to selecting a language before displaying the gesture-based enrollment menu. This feature is available on select models in EU and some regions. More regions will be supported in future releases.

On devices where language selection is unavailable on the first screen, users can go to the next screen to select their language. Then, they can go back to the first screen for gesture-based enrollment.

SafePhone added to list of supported EMMs in the KME-DO dropdown list

With this release, SafePhone was added to the list of supported EMMs.

Specifically, SafePhone was added to the Pick your MDM drop-down menu when selecting an EMM to assign the device owner privilege.

Updated KME logos and branding

The KME console and email headers were updated to be consistent with other 2020 branding initiative updates across the Knox service product line.

These updates will help provide better uniformity in the look and feel of all Knox services.

Two-factor authentication will be mandatory for all IT admins using Knox Deployment App

To allow the Knox Deployment App (KDA) to leverage Samsung Account’s security features (like login alert, trusted device management, force logout, account activity history, and so on) two-factor authentication (2FA) will be required when logging in to KDA. A user who does not have 2FA set up will be directed to configure 2FA first.

A user who logs in to KDA effectively logs in with their Samsung Account on the entire device—not just KDA.

In addition, the minimum Knox version for KDA is now Knox 2.8 (Android 7.1).

The following are accepted as the second form of authentication:

  • Phone number
  • Authenticator app (such as Microsoft Authenticator, Google OTP, and so on)
  • Verification code sent to other Galaxy devices
  • Backup codes

The following are the user impacts:

  • Once the user has successfully logged in, they no longer need to log in again.
  • Once the user has set up 2FA on their account, it will also be required when they log in to www.samsungknox.com.
  • Users using a personal Samsung Account for B2C services (for example, Samsung Health, SmartThings, and so on) will not be able to log in to KDA on the same device with their enterprise account. They will need to log out of their personal account first.

For more information, see the FAQs for two-step verification.

KME will not support Device Admin based enrollment on devices running Android 11 or later

In accordance with Google’s Device Admin (DA) deprecation plan, KME is also going to deprecate DA by blocking new DA enrollments of devices with Android 11 or later. If a device running Android 11 tries to enroll using a KME DA profile, an error message will be shown. To continue enrollment, an Android Enterprise profile, such as a Device Owner profile, should be used.

For more information, see the following references:

NFC enrollment will be deprecated from Android 11

The Knox Deployment App’s NFC enrollment option is no longer available for devices running Android 11 or later. It was built based on Android Beam, which was deprecated by Google.

NOTE: The NFC option was designed to enroll devices to Knox cloud services (such as Knox Mobile Enrollment and Knox Configure) using KDA along with gesture-based out-of-the-box enrollment.

For more information, see Android Beam deprecation.

Pre-notice: Minimum Knox version for KME

The minimum Knox platform requirement for Knox Mobile Enrollment will go up to Knox 2.6 (Android 6.0) in March 2021. Currently, it is Knox 2.4 (Android 5.0.1).

KME may continue to work properly on devices with Knox 2.4 or 2.5, but it will no longer be officially tested and supported by the Knox team.