Back to top

Knox Platform for Enterprise 3.7 release notes

Last updated July 26th, 2023

November 2020

The latest Samsung Knox 3.7 release features Android 11, which offers both:

  • greater privacy to consumers using personal apps on company devices
  • sufficient controls to enterprise IT admins to protect corporate assets

The Knox 3.7 platform is built into the firmware of new Samsung flagship devices, and will be installed on existing devices following the release schedule of mobile service providers.

Work profile on company-owned devices

As you may be aware, Android 10 introduced extensive changes to protect user privacy and give users more control over the personal data that apps could access. Android 11 further enhances privacy, on corporate devices that are enabled for personal use.

Specifically, Google has replaced the device management mode called fully managed device with work profile (also known as Corporate Owned Managed Profile or COMP) with work profile on company-owned device.

The UEM apps used by enterprises to manage their devices no longer have device owner privileges over the personal profile, but instead have elevated profile owner privileges to protect corporate assets in the personal side. For more about these changes, see:

Separated apps

Some enterprises still need full (device owner) control over a device, while enabling users to install third-party business apps. For example, enterprises might need: password reset on the device, Mobile Threat Defense in user0, general visibility and control of DNS filtering, APN, and so on. In these scenarios, you can use Separated apps, which isolates third-party apps in a sandboxed folder. The third-party apps cannot intercommunicate with work apps or access confidential work data. See how to use the Knox Service Plugin to set up Separated apps.

Deep Settings Customization

This release expands the list of deep settings introduced with Knox 3.4, delivering options to configure the following Settings through the Knox Service Plugin.

Setting Description
Side key setting The new Side key, which combines the Power and Bixby keys, can be configured for the events: double press and press-and-hold. The Side key can be also enabled or disabled.
APN change disabling The change of the Preferred APN can now be disabled after an IT admin sets the APN settings.

Each KSP release introduces additional deep settings so you are encouraged to browse the KSP release notes for all the latest capabilities.

Lock screen enhancements

This release offers several customer-requested enhancements to the lock screen:

Feature Issue Enhancement
Admin lock on Knox license expiry When a license is expires, the device or the profile is immediately admin locked from a security and management point of view. The users can use the existing device or profile under the policies.
Admin lock on maximum failed passwords The device is admin locked when a user fails 5 times (assuming the maximum failed password count is 5). The profile (PO) will be admin locked or wiped instead of device locked when user fails 5 times.
Face unlock for work profile Lack of face unlock to open a work profile. Face authentication is allowed for the profile owner. To enable or disable this feature, use the API method setBiometricAuthenticationEnabled.
Advanced access control for work profile Once a device owner unlocks their work profile, unauthorized users can easily access the data inside the profile at any time. When a non-registered device user (who is not the owner) is detected, the profile is locked automatically base on face authentication. To enable or disable this feature, use the Knox Service Plugin.

Bug fixes and feature enhancements

The release fixes the following customer-reported bugs:

Bug Issue Fix
Ownership transfer for DPM In the case of a profile owner, a work profile is removed when an IT admin tries to transfer ownership using the API method DPM.transferOwnership. Ownership migration is now supported
Filter data traffic for tethering using Firewall Samsung devices provide an enhance Knox firewall, but the policy does not affect tethered devices such as laptops and tablets. The Knox firewall policy now includes tethered devices.
Ultra-wideband control UWB was introduced with the Galaxy Note20 but IT admins could not control it. New API methods allow UEM partners to add an enable/disable feature to consoles.

Is this page helpful?