Menu

Release Notes

Knox Service Plugin (KSP) offers a subset of existing Knox Platform for Enterprise (KPE) features to our enterprise customers' devices. The following table describes KSP features in detail.

KSP app version Release date
1.2.26 July 2020
1.2.16 May 2020
1.2.09 April 2020
1.1.99 March 2020
1.1.92 February 2020
1.1.80 December 2019
1.1.72 November 2019
1.1.67 October 2019
1.1.60 September 2019
1.1.50 August 2019
1.1.42 July 2019
1.1.26 June 2019
1.1.19 May 2019
1.1.01 April 2019

Features

NOTE—To use premium features, you must purchase a Knox Platform for Enterprise premium license.

Category

Feature

License Type

Supported Deployment

KPE version required

Additional notes

Device settings

- Enables IT admins to show and configure the device input method, including the text-to-speech settings and the default keyboard. An admin can also hide these settings from the device user as required.

Premium

DO

Knox 3.0 +

For information on language utilization and shortcut controls, go to: Advanced policies and navigate to the Device setting policies section.

Device key mapping

- Enables IT admins to set the side key mapping for Microsoft Teams and the XCover Pro key mapping for specified applications.

Premium

DO

Knox 3.0 +

For information on Device key mapping controls, go to: Advanced policies and navigate to the Device key mapping policies section.

Quick panel configuration

- Enables IT admins to display or hide specific setting shortcuts on the device quick panel display.

Premium

DO

Knox 3.0 +

For information on setting the quick panel configuration, go to: Advanced policies and navigate to the Quick panel configuration section.

Lockscreen - Deep settings configuration

- Enables IT admins to set unique deep settings for the device lockscreen roaming clock, face widget, and notification configuration.

Premium

DO

Knox 3.0 +

For information on deep setting roaming clock, face widget an notification controls for the lockscreen, go to: Advanced policies and navigate to the Lockscreen customization policies > Deep settings for Lockscreen policies section.

Lockscreen - Deep settings configuration

- Enables IT admins to set unique deep settings for device language and input controls, including text-to-speech and on-screen keyboard controls.

Premium

DO

Knox 3.0 +

For information on deep setting language and input controls for the lockscreen, go to: Advanced policies and navigate to the Lockscreen customization policies > Deep settings for Lockscreen policies section.

Lockscreen - Deep settings configuration

- Enables IT admins to set unique deep settings for sound and vibration controls, including notification sounds, charging, keyboard, and orther device sounds.

Premium

DO

Knox 3.0 +

For information on deep setting sound and vibration controls for the lockscreen, go to: Advanced policies and navigate to the Lockscreen customization policies > Deep settings for Lockscreen policies section.

Lockscreen - Deep settings configuration

- Enables IT admins to set unique deep setting display controls for the lockscreen, including brightness, blue light filter settings, navigation bar, and font utilization.

Premium

DO

Knox 3.0 +

For information on deep setting display controls for the lockscreen, go to: Advanced policies and navigate to the Lockscreen customization policies > Deep settings for Lockscreen policies section.

Client certificate management (CCM)

- Enables IT admins to utilize a group of client specific certificate management controls.

Premium

DO

Knox 3.0 +

For information on setting the client-side certificate management configuration, go to: Advanced policies and navigate to Client certificate management (CCM) policies.

Device key mapping

- Enables IT admins to configure the PTT key used to launch a specific enterprise application package by name. The admin can define the button press intent and override default as applicable.

Premium

DO

Knox 3.0 +

For information on Device key mapping controls, go to: Advanced policies and navigate to the Device key mapping policies section.

Device settings

- Enables IT admins to control the language usage shortcut, including hiding language settings within the Settings menu, and setting or greying out specific values.

Premium

DO

Knox 3.0 +

For information on language utilization and shortcut controls, go to: Advanced policies and navigate to Deep settings customization > Configure unique deep settings, or refer to the Device setting policies section.

Deep settings and Lockscreen

- Enables IT admins to control the numeric font size setting (0-7), font style (SamsungOne or Gothic Bold), and specific notification settings when employees log into their device.

Premium

DO

Knox 3.0 +

For information on font size and style controls, go to: Advanced policies and navigate to Deep settings customization > Configure unique deep settings, or refer to Lockscreen customization policies.

APN setting policy

- Enables an admin to define the preferred APN resource, and prevent the change or deletion of pushed APN settings.

Premium

PO

Knox 3.0 +

For information on APN settings, go to: Advanced policies and navigate to the Device controls > APN setting policy section.

Device settings

- Enables IT admins to hide WiFi settings, set device language country usage, enable auto start when connected to power, and mobile data management.

Premium

DO

Knox 3.0 +

For information on hiding WiFi settings, language and country usage, connected power consumption, and mobile data management go to: Advanced policies and navigate to Device setting policies.

Advanced restrictions

- Enables IT admins to set the USB connection type utilized by the device.

Premium

DO

Knox 3.0 +

For information on setting the device USB connection type, go to: Advanced policies and navigate to the Advanced restriction policies section.

Device restrictions

- Enables IT admins to enable or disable device user access to clipboard data. Also enables admins to either enable or disable multiple user access to the device and its potentially sensitive data.

Standard

DO and PO

Knox 3.0 +

For information on enabling clipboard data access and multiple user device restrictions, go to: Advanced policies and navigate to the Device restriction policies section.

Password policies

- Enables IT admins to hide password visibility while device users type the password to better secure the device.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Firmware update (FOTA)

- Enables IT admins to install and launch an EFOTA client on an employee device automatically.

Standard

DO

Knox 3.0 +

For information on FOTA controls, go to: Advanced policies and navigate to the Firmware update (FOTA) policies section.

Deep settings: Access Manageability

- Enables IT admins to control the accessibility of configuration settings when designated special needs employees attempt to log into their device.

Premium

DO and PO

Knox 3.0 +

For information on setting accessibility controls, go to: Advanced policies and navigate to the Lockscreen policies section.

Delay configurationy

- This feature permits an admin to delay applying configurations for applications not yet installed. Specifically, this feature assists admins by automatically validating whether an application is installed before applying related policies.

Standard

DO

Knox 3.0 +

Restrictions in work profile policy

- This control permits bluetooth functionality within the device container.

Premium

PO

Knox 3.0 +

For information on managing Bluetooth within the device container, go to: Advanced policies and navigate to the Restrictions in work profile policy section.

Device settings

- This feature permits an admin to hide selected settings from the device user. Specifically, backup and reset, airplane mode, language, lockscreen, Bluetooth, and developer settings can be individually hidden as device deployment considerations warrant.

Premium

DO

Knox 3.0 +

For information on managing and hiding settings on a device, go to: Advanced policies and navigate to the Device settings policy section.

Application management policy

- This setting enables admins to set application restrictions so specific applications cannot be stopped by the device user. This setting also removes all packages from the force stop blocklist and allowlist.

Premium

DO and PO

Knox 3.0 +

For information on preventing a device user from stopping a specified application, go to: Advanced policies and navigate to the Application management policy section.

Application management policy

- This setting enables admins to set application restrictions so specific applications cannot be stopped by the device user. This setting also removes all packages from the force stop blocklist and allowlist.

Premium

DO and PO

Knox 3.0 +

For information on preventing a device user from stopping a specified application, go to: Advanced policies and navigate to the Application management policy section.

Restrictions in work profile policy

- This setting permits admins to restrict the device user from making a video recording with their device. The device camera remains functional when video recording is disabled.

Standard

DO and PO

Knox 3.0 +

For information on restricting device video recording capabilities, go to: Advanced policies and navigate to the Restrictions in work profile policy section.

Lockscreen

- This setting permits admins to hide specific Settings menu items from the user's device display. Thus permits the admin to set specific settings as appropriate for an intended deployment, then hiding the setting to avoid the user changing it.

Standard

DO and PO

Knox 3.0 +

For information on hiding Settings menu items from the device user, go to: Advanced policies and navigate to the Lockscreen customization policies section.

KSP versioning

- This functionality lets an admin determine which KSP version is being deployed to better ensure the latest version is deployed to the enterprise.

Standard

DO and PO

Knox 3.0 +

This KSP versioning enhancement helps admins validate the date the current KSP version was published to the Play Store and ensure they are supporting the latest available feature set.

Application management policy

- Enables an admin to allow or block an application signature allowing it to be installed or blocked in either DO or PO. The installed package is not be part of the system image.

Premium

DO and PO

Knox 3.0 +

For information on setting application management controls, go to: Advanced policies and navigate to the Application management policies section.

Application management policy

-This policy enables an IT admin to disable an application in either DO or PO without uninstalling it, preventing the device user from launching the application.

Premium

DO and PO

Knox 3.0 +

For information on setting application management controls, go to: Advanced policies and navigate to the Application management policies section.

Password policy

- Enables an IT admin to specify the maximum numeric sequence length permitted in a device (and container) password.

Standard

PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to specify the maximum alphanumeric sequence length permitted in a work profile (PO) password.

Standard

PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set the maximum length of time to lock a device and container.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set a minimum password length for a device (and container).

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set the maximum number of device user failed password attempts before the device (and container) wipes its data.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set the maximum number of device user failed password attempts before the device (and container) no longer permit password entry and device access.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set criteria for password strength (minimum number of digits and special characters, etc.) for a device and its container

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Provides an IT admin the ability to control facial authentication within the work profile.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Device restrictions

- Provides an IT admin the ability to enable or disable a user's ability to backup their device deta on a Google Server.

Standard

DO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device restrictions

- Provides an IT admin the ability to enable or disable user access to the device's Secure Digitial (SD) memory card.

Standard

DO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device restrictions

- Provides an IT admin the ability to either enable or disable the installation of non-Google Play apps on a device.

Standard

DO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device restrictions

- Provides an IT admin the ability to enable or disable Android Beam (NFC and Bluetooth functionality) on a device. Once disabled, a device user cannot send information (contacts, emails, etc.) using Andorid Beam.

Standard

DO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device restrictions

- Provides an IT admin the ability to enable or disable the device camera. Third party applications cannot enable the device camera once disabled using this function.

Standard

DO and PO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device controls

- Controls Bluetooth allowlist and blocklist UUID restrictions. When enabled, all peripherals except those with specified UUIDs are allowed or blocked from operating with a device.

Premium

DO

Knox 3.0 +

For information on Bluetooth device controls, go to: Advanced policies and navigate to the Device controls > Bluetooth policy section.

Device controls

- Enables an IT admin to configure a device so 3rd party applications can pass an intent based on the specific device key pressed. This in turn helps a device user invoke an application's functionality faster.

Premium

DO

Knox 3.0 +

N/A

Certificate management

- Enables an admin to install a certificate into the keystore silently, without user intervention.

Standard

DO and PO

Knox 3.0 +

For information on certificate controls, go to: Advanced policies and navigate to the Certificate management policies section.

- Configures a device user inactivity timeout to periodically shutdown the device to conserve battery power and extend battery life between charges

Premium

DO and PO

Knox 3.0 +

There is a 10 minute minimum timeout if setting a user inactivity period.

- Enables hard key mapping for specific device and application actions

Premium

DO and PO

Knox 3.0 +

If the application receiving the key mapping configuration is already launched and in the background, pressing a hardware key a second time does not bring it to the foreground and kills the application.

Advanced Wi-Fi policy

- Once enrolled, this setting configures a roam trigger, roam duration period, and roam delta to improve device connectivity in an Enterprise environment

Premium

DO and PO

Knox 3.0 +

N/A

Advanced Wi-Fi policy

- Disables the blocking of a device SSID resulting from an authentication failure, so the impacted device does not need to wait before attempting to reauthenticate

Premium

DO and PO

Knox 3.0 +

N/A

Advanced Wi-Fi policy

- Enables or disables a DHCP check with each device roam to prevent the device from being dropped on the network. Turning off DHCP renewal allows the device to keep its current IP address.

Premium

DO and PO

Knox 3.0 +

N/A

- Enables or disables the 2nd SIM card slot on dual SIM devices. Not applicable to single SIM devices.

Premium

DO and PO

Knox 3.0 +

N/A

- Enables Wireless Intrusion Prevention System (WIPS) configuration options to both detect and prevent network access by an unauthorized Wi-Fi access point

Premium

DO and PO

Knox 3.0 +

For WIPS to succssfully function, ensure either one of the following three conditions is set WIPSEnforement - true/WIPSAdvanceProtection - true OR WIPSEnforement - true/WIPSAdvanceProtection - false OR WIPSEnforement - false/WIPSAdvanceProtection - true

VPN

- Allow VPN over a tethered connection so an allowed USB device can access and share resources with a peer device

Premium

DO and PO

Knox 3.0 +

N/A

Application management

- Allows USB device supported profiles to utilize specific configurations

Premium

DO and PO

Knox 3.0 +

N/A

Certificates

- Allow applications to read private keys without alerting the device user

Premium

DO and PO

Knox 3.0 +

N/A

- Wi-Fi and Bluetooth scanning
- Common Criteria (CC) mode

Premium

DO

Knox 3.0 +

N/A

- Wi-Fi and Bluetooth scanning
- Common Criteria (CC) mode

Premium

DO

Knox 3.0 +

- Allow or restrict the use of the secondary SIM card slot on a dual SIM device

Premium

DO

Knox 3.0 +

- Remote control of a device

Premium

DO and PO

Knox 3.0 +

- Manage battery optimization allowlist
- Manage allowed device admins

Standard

DO and PO

Knox 3.0 +

N/A

- Manage notifications with allowlist

Standard

DO and PO

Knox 3.0 +

N/A

Application management

- Create and apply app update policies on the device
- Customize app update policies to override the app update policies specified in Device Settings

Standard

DO and PO

Knox 3.0 +

Application management

- Allow or block updates to specific apps

Standard

DO

Knox 3.0 +

- Allow or restrict the ability to move applications to a container.

Premium

DO

Knox 3.0 +

- Manage Rich Communication Services (RCS) messaging

Standard

DO

Knox 3.0 +

N/A

- Set disclaimer text for messages

Standard

DO

Knox 3.0 +

N/A

- Certificate revocation
- Enable revocation check
- OCSP

Premium

DO and PO

Knox 3.0 +

N/A

Certificate management

- Add a Trusted CA alias
- Stop the user from removing certificates from the keystore

Premium

DO and PO

Knox 3.0 +

- Manage Wi-Fi hotspot settings
- Allow or block open Wi-Fi connections

Standard

DO

Knox 3.0 +

N/A

Device controls

- Show a custom banner on the device display on device restart

Premium

DO

Knox 3.0 +

- Manage Wi-Fi user profile and policy changes
- Allow or block specific network connections
- Allow or block automatic Wi-Fi connections
- Set minimum security requirements for a Wi-Fi connection
- Show or hide a Wi-Fi password in the network settings dialog
- Allow or restrict the user from changing the Wi-Fi connection state

Standard

DO

Knox 3.0 +

N/A

- Wi-Fi
- Bluetooth
- Cellular data
- Tethering (USB, Wi-Fi, and Bluetooth)
- USB devices
- Developer mode
- Power and data saver mode
- VPN connections
- Enforce external storage encryption

Standard

DO

Knox 3.0 +

- Microphone
- Sharing options

Standard

DO and PO

Knox 3.0 +

- Use Bluetooth profiles to manage connections from peripheral devices

Standard

DO

Knox 3.0 +

- Setup Samsung keyboard settings
- Show or hide items on Quick Panel

Standard

DO

Knox 3.0 +

N/A

- Disable app suggestions
- Enable battery protection settings

Premium

DO

Knox 3.4 +

N/A

- Customize the device settings menu using the Deep Settings Customization feature

Premium

DO

Knox 3.4 +

N/A

- Set data lock timeout type (minutes)
- Restrict access to device encrypted (DE) storage

Premium + (KPE Premium license with DDAR add-on)

DO and PO

Knox 3.3 +

- Manage data sync restrictions, including app- and property-level restrictions
- Enable use of RCP data sync policy controls
- Allow or block movement of apps between personal and Work profiles
- Enable and configure RCP data sync policies

Premium + (KPE Premium license with DDAR add-on)

PO

Knox 3.3 +

Device UI customization

- Customize the lockscreen and add shortcuts to open apps from the lockscreen

Premium

DO

Knox 3.0 +

- Add, update and manage APN settings
- Manage NFC

Standard

DO

Knox 3.0 +

- Dual APN based enterprise billing
- Modify APN settings

Premium

DO and PO

Knox 3.0 +

N/A

- Manage firewall configurations
- Set allow or deny rules
- Set reroute rules
- Set domain filters

Premium

DO and PO

Knox 3.0 +

N/A

Firewall and Proxy

- Manage global proxy with static configuration
- Manage global proxy with PAC file

Standard

DO

Knox 3.0 +

N/A

- Allow firmware update over-the-air
- Allow firmware update in recovery mode

Standard

DO

Knox 3.0 +

N/A

- Enforce firmware auto update on Wi-Fi

Premium

DO

Knox 3.0 +

N/A

Mobile Virtual Network Operator (MVNO) configuration

- Customize the MVNO configuration on the device, including the type of configuration and the value

Standard

DO

Knox 3.2.1 +

Knox v3.4 or higher

Network Platform Analytics (NPA) data configuration

- Create NPA data configuration profiles
- Select specific data points to collect information

Standard

DO and PO

Knox 3.3 +

- Enable or disable authentication methods such as password and biometric authentication such as fingerprint, iris, or face recognition

Standard

DO

Knox 3.0 +

- Multifactor authentication

Standard

DO

Knox 3.0 +

Passwords

- Enforce password change
- Specify the number of minutes up to which the user can cancel or delay the password change

Premium

DO and PO

Knox 3.3 +

Passwords

- Set the maximum length of an alphabetic sequence that is allowed for a device password

Standard

DO

Knox 3.3 +

RCP profile configuration for application data sync

- Configure the RCP profile to specify rules for syncing application data

Feature is Standard, but the Policies enforced by the configuration profile may be Premium

PO

Knox 3.3 +

- Enable and disable DeX
- Enforce Ethernet connection or virtual MAC address
- Set apps available in DeX mode

Standard

DO

Knox 3.1 +

- Set home alignment
- Set screen timeout
- Set loading logo
- Set DeX wallpaper
- Skip DeX welcome screen
- Skip overscan detection screen
- Auto-start DeX on HDMI connection
- Hide apps in app drawer
- Add application shortcuts on DeX
- Add URL shortcuts on DeX

Premium

DO

Knox 3.1 +

- Disable buttons on the DeX panel

Premium

DO

Knox 3.3 +

- Configure app launch behavior

Premium

DO

Knox 3.3 +

- Manage Universal storage credentials for all types of storage on the device; external and internal
- Set up and manage a UCM plugin for device lock and unlock

Premium

DO and PO

Knox 3.2 +

N/A

VPN

- Supported VPNs—Cisco AnyConnect, PulseSecure, Knox built in client (StrongSwan)
- VPN types—device-wide, per-app, or workspace-wide
- Manage list of apps that can use or bypass VPN
- Enable on-demand VPN

Premium

DO and PO

Knox 3.0 +

VPN

- VPN chaining with two profiles
- Proxy over VPN
- Include UID/PID meta-data in VPN

Premium

DO and PO

Knox 3.0 +

VPN

- Silent authentication mode is supported for Pulse Secure VPN

Premium

DO and PO

Knox 3.0 +

Silent authentication for Pulse Secure VPN is currently available only on DO or COMP devices

VPN

- Support for Net Motion VPN on DO or PO deployments

Premium

DO and PO

Knox 3.0 +

Net Motion VPN supports the following:
- profile-wide VPN
- device-wide VPN
- on-demand VPN
- certificate based authentication
- NTLM authentication with username & password

- Device users can rename Workspace and personal tabs
- IT admins can allow or restrict the installation of apps from the Personal tab to the Workspace

Premium

DO and PO

Knox 3.0 +

N/A