Release Notes
Knox Service Plugin (KSP) offers a subset of existing Knox Platform for Enterprise (KPE) features to our enterprise customers' devices. The following table describes KSP features in detail.
| KSP app version | Release date |
|---|---|
| 1.1.99 | March 2020 |
| 1.1.92 | February 2020 |
| 1.1.80 | December 2019 |
| 1.1.72 | November 2019 |
| 1.1.67 | October 2019 |
| 1.1.60 | September 2019 |
| 1.1.50 | August 2019 |
| 1.1.42 | July 2019 |
| 1.1.26 | June 2019 |
| 1.1.19 | May 2019 |
| 1.1.01 | April 2019 |
Features
Category
Feature
License Type
Supported Deployment
KPE version required
Additional notes
Application management policy
- Enables an admin to whitelist or blacklist an application signature allowing it to be installed (whitelisted) or blocked (blacklisted) in either DO or PO. The installed package is not be part of the system image.
Premium
DO and PO
Knox 3.0 +
For information on setting application management controls, go to: Advanced policies and navigate to the Application management policies section.
Application management policy
-This policy enables an IT admin to disable an application in either DO or PO without uninstalling it, preventing the device user from launching the application.
Premium
DO and PO
Knox 3.0 +
For information on setting application management controls, go to: Advanced policies and navigate to the Application management policies section.
Password policy
- Enables an IT admin to specify the maximum numeric sequence length permitted in a device (and container) password.
Standard
PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to specify the maximum alphanumeric sequence length permitted in a work profile (PO) password.
Standard
PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set the maximum length of time to lock a device and container.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set a minimum password length for a device (and container).
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set the maximum number of device user failed password attempts before the device (and container) wipes its data.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set the maximum number of device user failed password attempts before the device (and container) no longer permit password entry and device access.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set criteria for password strength (minimum number of digits and special characters, etc.) for a device and its container
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Provides an IT admin the ability to control facial authentication within the work profile.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Device restrictions
- Provides an IT admin the ability to enable or disable a user's ability to backup their device deta on a Google Server.
Standard
DO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device restrictions
- Provides an IT admin the ability to enable or disable user access to the device's Secure Digitial (SD) memory card.
Standard
DO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device restrictions
- Provides an IT admin the ability to either enable or disable the installation of non-Google Play apps on a device.
Standard
DO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device restrictions
- Provides an IT admin the ability to enable or disable Android Beam (NFC and Bluetooth functionality) on a device. Once disabled, a device user cannot send information (contacts, emails, etc.) using Andorid Beam.
Standard
DO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device restrictions
- Provides an IT admin the ability to enable or disable the device camera. Third party applications cannot enable the device camera once disabled using this function.
Standard
DO and PO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device controls
- Controls Bluetooth whitelist and blacklist UUID restrictions. When enabled, all peripherals except those with specified UUIDs are allowed or blocked from operating with a device.
Premium
DO
Knox 3.0 +
For information on Bluetooth device controls, go to: Advanced policies and navigate to the Device controls > Bluetooth policy section.
Device controls
- Enables an IT admin to configure a device so 3rd party applications can pass an intent based on the specific device key pressed. This in turn helps a device user invoke an application's functionality faster.
Premium
DO
Knox 3.0 +
N/A
Certificate management
- Enables an admin to install a certificate into the keystore silently, without user intervention.
Standard
DO and PO
Knox 3.0 +
For information on certificate controls, go to: Advanced policies and navigate to the Certificate management policies section.
- Configures a device user inactivity timeout to periodically shutdown the device to conserve battery power and extend battery life between charges
Premium
DO and PO
Knox 3.0 +
There is a 10 minute minimum timeout if setting a user inactivity period.
- Enables hard key mapping for specific device and application actions
Premium
DO and PO
Knox 3.0 +
If the application receiving the key mapping configuration is already launched and in the background, pressing a hardware key a second time does not bring it to the foreground and kills the application.
Advanced Wi-Fi policy
- Once enrolled, this setting configures a roam trigger, roam duration period, and roam delta to improve device connectivity in an Enterprise environment
Premium
DO and PO
Knox 3.0 +
N/A
Advanced Wi-Fi policy
- Disables the blacklisting of a device SSID resulting from an authentication failure, so the impacted device does not need to wait before attempting to reauthenticate
Premium
DO and PO
Knox 3.0 +
N/A
Advanced Wi-Fi policy
- Enables or disables a DHCP check with each device roam to prevent the device from being dropped on the network. Turning off DHCP renewal allows the device to keep its current IP address.
Premium
DO and PO
Knox 3.0 +
N/A
- Enables or disables the 2nd SIM card slot on dual SIM devices. Not applicable to single SIM devices.
Premium
DO and PO
Knox 3.0 +
N/A
- Enables Wireless Intrusion Prevention System (WIPS) configuration options to both detect and prevent network access by an unauthorized Wi-Fi access point
Premium
DO and PO
Knox 3.0 +
For WIPS to succssfully function, ensure either one of the following three conditions is set WIPSEnforement - true/WIPSAdvanceProtection - true OR WIPSEnforement - true/WIPSAdvanceProtection - false OR WIPSEnforement - false/WIPSAdvanceProtection - true
- Allow VPN over a tethered connection so a whitelisted USB device can access and share resources with a peer device
Premium
DO and PO
Knox 3.0 +
N/A
Application management
- Allows USB device supported profiles to utilize specific configurations
Premium
DO and PO
Knox 3.0 +
N/A
Certificates
- Allow applications to read private keys without alerting the device user
Premium
DO and PO
Knox 3.0 +
N/A
- Wi-Fi and Bluetooth scanning
- Common Criteria (CC) mode
Premium
DO
Knox 3.0 +
N/A
- Wi-Fi and Bluetooth scanning
- Common Criteria (CC) mode
Premium
DO
Knox 3.0 +
- Allow or restrict the use of the secondary SIM card slot on a dual SIM device
Premium
DO
Knox 3.0 +
- Remote control of a device
Premium
DO and PO
Knox 3.0 +
- Manage battery optimization whitelist
- Manage whitelisted device admins
Standard
DO and PO
Knox 3.0 +
N/A
Application management
- Create and apply app update policies on the device
- Customize app update policies to override the app update policies specified in Device Settings
Standard
DO and PO
Knox 3.0 +
Application management
- Allow or block updates to specific apps
Standard
DO
Knox 3.0 +
- Allow or restrict the ability to move applications to a container.
Premium
DO
Knox 3.0 +
- Certificate revocation
- Enable revocation check
- OCSP
Premium
DO and PO
Knox 3.0 +
N/A
Certificate management
- Add a Trusted CA alias
- Stop the user from removing certificates from the keystore
Premium
DO and PO
Knox 3.0 +
- Manage Wi-Fi hotspot settings
- Allow or block open Wi-Fi connections
Standard
DO
Knox 3.0 +
N/A
Device controls
- Show a custom banner on the device display on device restart
Premium
DO
Knox 3.0 +
- Allow or block specific network connections
- Allow or block automatic Wi-Fi connections
- Set minimum security requirements for a Wi-Fi connection
- Show or hide a Wi-Fi password in the network settings dialog
- Allow or restrict the user from changing the Wi-Fi connection state
Standard
DO
Knox 3.0 +
N/A
- Wi-Fi
- Bluetooth
- Cellular data
- Tethering (USB, Wi-Fi, and Bluetooth)
- USB devices
- Developer mode
- Power and data saver mode
- VPN connections
- Enforce external storage encryption
Standard
DO
Knox 3.0 +
- Sharing options
Standard
DO and PO
Knox 3.0 +
Standard
DO
Knox 3.0 +
- Setup Samsung keyboard settings
- Show or hide items on Quick Panel
Standard
DO
Knox 3.0 +
N/A
- Disable app suggestions
- Enable battery protection settings
Premium
DO
Knox 3.4 +
N/A
- Customize the device settings menu using the Deep Settings Customization feature
Premium
DO
Knox 3.4 +
N/A
- Set data lock timeout type (minutes)
- Restrict access to device encrypted (DE) storage
Premium + (KPE Premium license with DDAR add-on)
DO and PO
Knox 3.3 +
- Manage data sync restrictions, including app- and property-level restrictions
- Enable use of RCP data sync policy controls
- Allow or block movement of apps between personal and Work profiles
- Enable and configure RCP data sync policies
Premium + (KPE Premium license with DDAR add-on)
PO
Knox 3.3 +
Device UI customization
- Customize the lockscreen and add shortcuts to open apps from the lockscreen
Premium
DO
Knox 3.0 +
- Add, update and manage APN settings
- Manage NFC
Standard
DO
Knox 3.0 +
- Dual APN based enterprise billing
- Modify APN settings
Premium
DO and PO
Knox 3.0 +
N/A
-
Allow firmware update
over-the-air
- Allow firmware update in
recovery mode
Standard
DO
Knox 3.0 +
N/A
Mobile Virtual Network Operator (MVNO) configuration
- Customize the MVNO configuration on the device, including the type of configuration and the value
Standard
DO
Knox 3.2.1 +
Knox v3.4 or higher
Network Platform Analytics (NPA) data configuration
- Create NPA data configuration profiles
- Select specific data points to collect information
Standard
DO and PO
Knox 3.3 +
- Enable or disable authentication methods such as password and biometric authentication such as fingerprint, iris, or face recognition
Standard
DO
Knox 3.0 +
Passwords
- Enforce password change
- Specify the number of minutes up to which the user can cancel or delay the password change
Premium
DO and PO
Knox 3.3 +
Passwords
- Set the maximum length of an alphabetic sequence that is allowed for a device password
Standard
DO
Knox 3.3 +
RCP profile configuration for application data sync
- Configure the RCP profile to specify rules for syncing application data
Feature is Standard, but the Policies enforced by the configuration profile may be Premium
PO
Knox 3.3 +
- Enable and disable DeX
- Enforce Ethernet connection or virtual MAC address
- Set apps available in DeX mode
Standard
DO
Knox 3.1 +
- Set home alignment
- Set screen timeout
- Set loading logo
- Set DeX wallpaper
- Skip DeX welcome screen
- Skip overscan detection screen
- Auto-start DeX on HDMI connection
- Hide apps in app drawer
- Add application shortcuts on DeX
- Add URL shortcuts on DeX
Premium
DO
Knox 3.1 +
- Disable buttons on the DeX panel
Premium
DO
Knox 3.3 +
- Configure app launch behavior
Premium
DO
Knox 3.3 +
- Manage Universal storage credentials for all types of storage on the device; external and internal
- Set up and manage a UCM plugin for device lock and unlock
Premium
DO and PO
Knox 3.2 +
N/A
- Supported VPNs—Cisco AnyConnect, PulseSecure, Knox built in client (StrongSwan)
- VPN types—device-wide, per-app, or workspace-wide
- Manage list of apps that can use or bypass VPN
- Enable on-demand VPN
Premium
DO and PO
Knox 3.0 +
- VPN chaining with two profiles
- Proxy over VPN
- Include UID/PID meta-data in VPN
Premium
DO and PO
Knox 3.0 +
- Silent authentication mode is supported for Pulse Secure VPN
Premium
DO and PO
Knox 3.0 +
Silent authentication for Pulse Secure VPN is currently available only on DO or COMP devices
- Support for Net Motion VPN on DO or PO deployments
Premium
DO and PO
Knox 3.0 +
Net Motion VPN supports the following:
- profile-wide VPN
- device-wide VPN
- on-demand VPN
- certificate based authentication
- NTLM authentication with username & password
- Device users can rename Workspace and personal tabs
- IT admins can allow or restrict the installation of apps from the Personal tab to the Workspace
Premium
DO and PO
Knox 3.0 +
N/A
