Menu

KPE feature update — Knox 3.3

This section highlights what's changed in each iteration of the Knox Platform for Enterprise. For a full list of all Knox features across all versions, see our Knox on Android feature page.

Verified Boot

Knox Verified Boot is a new solution that both extends and enhances Android Verified Boot (AVB). This aims to provide a more reliable Verified Boot State to the systems that use it. This release provides the following.

NOTE —This feature is enabled by default on new devices released with Knox 3.3, but is not available to older devices with firmware updates to Knox 3.3.

Dual DAR

Dual DAR encryption allows enterprises to secure their work data with two layers of encryption, which provides protection to devices even while powered off or in an unauthenticated state. With single layer encryption, potential flaws in the implementation may result in a single point of failure.

Contact Storage Restrictions

IT Admins can restrict local contacts stored on enterprise devices to reduce the risk of losing contacts or becoming out of sync with contacts stored on an enterprise server.

Knox on DeX

Knox on DeX provides 4 new features to a Samsung DeX device: auto start, on-screen keyboard, open app on DeX display, and set custom wallpaper.

Firewall

Knox SDK 3.3 now supports the interaction between Domain Filter rules and Firewall policies.

Without this feature enabled, Firewall policies can affect whitelist rules applied by Domain Filter. After enabling this, IT Admins can do the following use cases:

  • Use Firewall Rules to block all IPs in a specified device.
  • Use the Domain Filter Rules to allow specific domains to be white listed even if the IPs were blocked using Firewall policies.

To learn more about this new feature, visit the Firewall section of the Knox SDK user guide.

VPN improvements

This release includes several enhancements to improve user experience and VPN client performance on the Knox framework. The enhancements include:

  1. Multi-app tunneling support — Enhances user experience when using VPN tunnels to allow users the ability to connect with and start using business apps immediately after establishing a VPN tunnel.
  2. Knox event and Android networking event synchronization — Improves VPN client performance to allow the Knox container to recognize that the VPN client is connected without any delay.

Network Platform Analytics

This release includes ongoing network flow analytics for NPA purposes. This feature allows IT admins to configure EMM-based NPA tools to receive network statistics while the network connection is ongoing. Doing so efficiently gathers analytics for long lasting network sessions. 

Container Only Mode (COM) deprecation

Container Only Mode is deprecated starting the release of Galaxy S10 running Knox 3.3 or any device launched after.

NOTE — If you’re using COM/CL containers on a previous device, such as in the Galaxy S9 or S8, they will be supported until the end of life of the devices. See the bulletin notice for more information.