Knox Service Plugin (KSP) offers a subset of existing Knox Platform for Enterprise (KPE) features to our enterprise customers' devices. The following table describes KSP features in detail.
| KSP app version | Release date |
|---|---|
| 1.2.45 | September 2020 |
| 1.2.26 | July 2020 |
| 1.2.16 | May 2020 |
| 1.2.09 | April 2020 |
| 1.1.99 | March 2020 |
| 1.1.92 | February 2020 |
| 1.1.80 | December 2019 |
| 1.1.72 | November 2019 |
| 1.1.67 | October 2019 |
| 1.1.60 | September 2019 |
| 1.1.50 | August 2019 |
| 1.1.42 | July 2019 |
| 1.1.26 | June 2019 |
| 1.1.19 | May 2019 |
| 1.1.01 | April 2019 |
Features
Category
Feature
License Type
Supported Deployment
KPE version required
Additional notes
Work profile on company owned device support
- Enables admins to provide Android 11 devices additional privacy benefits to the device user.
Premium
WP-C
Knox 3.7 +
For more information, go to: Work profile on company owned device.
App separation
- Enables admins to securely separate non-work approved apps from work apps on a fully managed device.
Premium
DO
Knox 3.7 +
For more information, go to: App separation. For information on App separation controls, go to: Advanced policies and navigate to the App separation policies section.
Deep settings special access
- Enables an admin to control the device video display when using other apps at the same time.
Premium
DO
Knox 3.0 +
For information on setting the Picture-in-Picture control for video permissions when using other apps, go to: Advanced policies and navigate to the Deep settings for Lockscreen policies section.
VPN over tethering
- Enables admins to ensure there is security-based certification available, so only a certified user can use VPN tethering with allow listed devices.
Premium
DO and PO
Knox 3.6 +
For information on configuring VPN tethering, go to: Advanced policies and navigate to the VPN > Enable VPN policy section.
Strongswan based VPN settings for PO
- Enables an admin to set a Knox VPN configuration using the Knox Strongswan client in PO mode, as well as the certificate for VPN installed in PO.
Premium
PO
Knox 3.6 +
For information on configuring VPN, go to: Advanced policies and navigate to the VPN policy section.
Device key mapping
- Ensures an admin cannot enable XCover PTT key re-mapping when TEAMS key re-mapping is enabled. Alternatively, an admin cannot select TEAMS PTT key re-mapping if XCover PTT key re-mapping is enabled.
Premium, Knox Suite, or Knox Platform for Customization (KPC) license
DO
Knox 3.0 +
For information on Device key mapping controls, go to: Advanced policies and navigate to the Device key mapping policies section.
- Enables an admin to control deep settings for DeX monitor display resolution.
Premium
DO
Knox 3.1 +
For information on configuring Samsung DeX controls, go to: Advanced policies and navigate to the DeX section.
Removal of potentially offensive language from Admin Guide
- With this release potentially offensive terms such as "whitelist" and "blacklist" have been removed from the KSP Admin Guide in favor of allowlist and blocklist.
NA
NA
NA
NA
Quick panel configuration
- Enables IT admins to display or hide specific setting shortcuts on the device quick panel display.
Premium
DO
Knox 3.0 +
For information on setting the quick panel configuration, go to: Advanced policies and navigate to the Quick panel configuration section.
Lockscreen - Deep settings configuration
- Enables IT admins to set unique deep settings for the device lockscreen roaming clock, face widget, and notification configuration.
Premium
DO
Knox 3.0 +
For information on deep setting roaming clock, face widget an notification controls for the lockscreen, go to: Advanced policies and navigate to the Lockscreen customization policies > Deep settings for Lockscreen policies section.
Lockscreen - Deep settings configuration
- Enables IT admins to set unique deep settings for device language and input controls, including text-to-speech and on-screen keyboard controls.
Premium
DO
Knox 3.0 +
For information on deep setting language and input controls for the lockscreen, go to: Advanced policies and navigate to the Lockscreen customization policies > Deep settings for Lockscreen policies section.
Lockscreen - Deep settings configuration
- Enables IT admins to set unique deep settings for sound and vibration controls, including notification sounds, charging, keyboard, and orther device sounds.
Premium
DO
Knox 3.0 +
For information on deep setting sound and vibration controls for the lockscreen, go to: Advanced policies and navigate to the Lockscreen customization policies > Deep settings for Lockscreen policies section.
Lockscreen - Deep settings configuration
- Enables IT admins to set unique deep setting display controls for the lockscreen, including brightness, blue light filter settings, navigation bar, and font utilization.
Premium
DO
Knox 3.0 +
For information on deep setting display controls for the lockscreen, go to: Advanced policies and navigate to the Lockscreen customization policies > Deep settings for Lockscreen policies section.
Client certificate management (CCM)
- Enables IT admins to utilize a group of client specific certificate management controls.
Premium
DO
Knox 3.0 +
For information on setting the client-side certificate management configuration, go to: Advanced policies and navigate to Client certificate management (CCM) policies.
Device key mapping
- Enables IT admins to configure the PTT key used to launch a specific enterprise application package by name. The admin can define the button press intent and override default as applicable.
Premium, Knox Suite, or Knox Platform for Customization (KPC) license
DO
Knox 3.0 +
For information on Device key mapping controls, go to: Advanced policies and navigate to the Device key mapping policies section.
Device settings
- Enables IT admins to control the language usage shortcut, including hiding language settings within the Settings menu, and setting or greying out specific values.
Premium
DO
Knox 3.0 +
For information on language utilization and shortcut controls, go to: Advanced policies and navigate to Deep settings customization > Configure unique deep settings, or refer to the Device setting policies section.
Deep settings and Lockscreen
- Enables IT admins to control the numeric font size setting (0-7), font style (SamsungOne or Gothic Bold), and specific notification settings when employees log into their device.
Premium
DO
Knox 3.0 +
For information on font size and style controls, go to: Advanced policies and navigate to Deep settings customization > Configure unique deep settings, or refer to Lockscreen customization policies.
APN setting policy
- Enables an admin to define the preferred APN resource, and prevent the change or deletion of pushed APN settings.
Premium
PO
Knox 3.0 +
For information on APN settings, go to: Advanced policies and navigate to the Device controls > APN setting policy section.
Device settings
- Enables IT admins to hide WiFi settings, set device language country usage, enable auto start when connected to power, and mobile data management.
Premium
DO
Knox 3.0 +
For information on hiding WiFi settings, language and country usage, connected power consumption, and mobile data management go to: Advanced policies and navigate to Device setting policies.
Advanced restrictions
- Enables IT admins to set the USB connection type utilized by the device.
Premium
DO
Knox 3.0 +
For information on setting the device USB connection type, go to: Advanced policies and navigate to the Advanced restriction policies section.
Device restrictions
- Enables IT admins to enable or disable device user access to clipboard data. Also enables admins to either enable or disable multiple user access to the device and its potentially sensitive data.
Standard
DO and PO
Knox 3.0 +
For information on enabling clipboard data access and multiple user device restrictions, go to: Advanced policies and navigate to the Device restriction policies section.
Password policies
- Enables IT admins to hide password visibility while device users type the password to better secure the device.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Firmware update (FOTA)
- Enables IT admins to install and launch an EFOTA client on an employee device automatically.
Standard
DO
Knox 3.0 +
For information on FOTA controls, go to: Advanced policies and navigate to the Firmware update (FOTA) policies section.
Deep settings: Access Manageability
- Enables IT admins to control the accessibility of configuration settings when designated special needs employees attempt to log into their device.
Premium
DO and PO
Knox 3.0 +
For information on setting accessibility controls, go to: Advanced policies and navigate to the Lockscreen policies section.
Delay configuration
- This feature permits an admin to delay applying configurations for applications not yet installed. Specifically, this feature assists admins by automatically validating whether an application is installed before applying related policies.
Standard
DO
Knox 3.0 +
Restrictions in work profile policy
- This control permits bluetooth functionality within the device container.
Premium
PO
Knox 3.0 +
For information on managing Bluetooth within the device container, go to: Advanced policies and navigate to the Restrictions in work profile policy section.
Device settings
- This feature permits an admin to hide selected settings from the device user. Specifically, backup and reset, airplane mode, language, lockscreen, Bluetooth, and developer settings can be individually hidden as device deployment considerations warrant.
Premium
DO
Knox 3.0 +
For information on managing and hiding settings on a device, go to: Advanced policies and navigate to the Device settings policy section.
Application management policy
- This setting enables admins to set application restrictions so specific applications cannot be stopped by the device user. This setting also removes all packages from the force stop blocklist and allowlist.
Premium
DO and PO
Knox 3.0 +
For information on preventing a device user from stopping a specified application, go to: Advanced policies and navigate to the Application management policy section.
Application management policy
- This setting enables admins to set application restrictions so specific applications cannot be stopped by the device user. This setting also removes all packages from the force stop blocklist and allowlist.
Premium
DO and PO
Knox 3.0 +
For information on preventing a device user from stopping a specified application, go to: Advanced policies and navigate to the Application management policy section.
Restrictions in work profile policy
- This setting permits admins to restrict the device user from making a video recording with their device. The device camera remains functional when video recording is disabled.
Standard
DO and PO
Knox 3.0 +
For information on restricting device video recording capabilities, go to: Advanced policies and navigate to the Restrictions in work profile policy section.
Lockscreen
- This setting permits admins to hide specific Settings menu items from the user's device display. Thus permits the admin to set specific settings as appropriate for an intended deployment, then hiding the setting to avoid the user changing it.
Standard
DO and PO
Knox 3.0 +
For information on hiding Settings menu items from the device user, go to: Advanced policies and navigate to the Lockscreen customization policies section.
KSP versioning
- This functionality lets an admin determine which KSP version is being deployed to better ensure the latest version is deployed to the enterprise.
Standard
DO and PO
Knox 3.0 +
This KSP versioning enhancement helps admins validate the date the current KSP version was published to the Play Store and ensure they are supporting the latest available feature set.
Application management policy
- Enables an admin to allowlist or blocklist an application signature to be installed or blocked in either DO or PO. The installed package is not be part of the system image.
Premium
DO and PO
Knox 3.0 +
For information on setting application management controls, go to: Advanced policies and navigate to the Application management policies section.
Application management policy
-This policy enables an IT admin to disable an application in either DO or PO without uninstalling it, preventing the device user from launching the application.
Premium
DO and PO
Knox 3.0 +
For information on setting application management controls, go to: Advanced policies and navigate to the Application management policies section.
Password policy
- Enables an IT admin to specify the maximum numeric sequence length permitted in a device (and container) password.
Standard
PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to specify the maximum alphanumeric sequence length permitted in a work profile (PO) password.
Standard
PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set the maximum length of time to lock a device and container.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set a minimum password length for a device (and container).
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set the maximum number of device user failed password attempts before the device (and container) wipes its data.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set the maximum number of device user failed password attempts before the device (and container) no longer permit password entry and device access.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Enables an IT admin to set criteria for password strength (minimum number of digits and special characters, etc.) for a device and its container
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Password policy
- Provides an IT admin the ability to control facial authentication within the work profile.
Standard
DO and PO
Knox 3.0 +
For information on password controls, go to: Advanced policies and navigate to the Password policies section.
Device restrictions
- Provides an IT admin the ability to enable or disable a user's ability to backup their device deta on a Google Server.
Standard
DO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device restrictions
- Provides an IT admin the ability to enable or disable user access to the device's Secure Digitial (SD) memory card.
Standard
DO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device restrictions
- Provides an IT admin the ability to either enable or disable the installation of non-Google Play apps on a device.
Standard
DO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device restrictions
- Provides an IT admin the ability to enable or disable Android Beam (NFC and Bluetooth functionality) on a device. Once disabled, a device user cannot send information (contacts, emails, etc.) using Android Beam.
Standard
DO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device restrictions
- Provides an IT admin the ability to enable or disable the device camera. Third party applications cannot enable the device camera once disabled using this function.
Standard
DO and PO
Knox 3.0 +
For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.
Device controls
- Controls Bluetooth allowlist and blocklist UUID restrictions. When enabled, all peripherals except those with specified UUIDs are allowed or blocked from operating with a device.
Premium
DO
Knox 3.0 +
For information on Bluetooth device controls, go to: Advanced policies and navigate to the Device controls > Bluetooth policy section.
Device controls
- Enables an IT admin to configure a device so 3rd party applications can pass an intent based on the specific device key pressed. This in turn helps a device user invoke an application's functionality faster.
Premium
DO
Knox 3.0 +
N/A
Certificate management
- Enables an admin to install a certificate into the keystore silently, without user intervention.
Standard
DO and PO
Knox 3.0 +
For information on certificate controls, go to: Advanced policies and navigate to the Certificate management policies section.
- Configures a device user inactivity timeout to periodically shutdown the device to conserve battery power and extend battery life between charges
Premium
DO and PO
Knox 3.0 +
There is a 10 minute minimum timeout if setting a user inactivity period.
- Enables hard key mapping for specific device and application actions
Premium, Knox Suite, or Knox Platform for Customization (KPC) license
DO and PO
Knox 3.0 +
If the application receiving the key mapping configuration is already launched and in the background, pressing a hardware key a second time does not bring it to the foreground and kills the application.
Advanced Wi-Fi policy
- Once enrolled, this setting configures a roam trigger, roam duration period, and roam delta to improve device connectivity in an Enterprise environment
Premium
DO and PO
Knox 3.0 +
N/A
Advanced Wi-Fi policy
- Disables the blocklisting of a device SSID resulting from an authentication failure, so the impacted device does not need to wait before attempting to reauthenticate
Premium
DO and PO
Knox 3.0 +
N/A
Advanced Wi-Fi policy
- Enables or disables a DHCP check with each device roam to prevent the device from being dropped on the network. Turning off DHCP renewal allows the device to keep its current IP address.
Premium
DO and PO
Knox 3.0 +
N/A
- Enables or disables the 2nd SIM card slot on dual SIM devices. Not applicable to single SIM devices.
Premium
DO and PO
Knox 3.0 +
N/A
- Enables Wireless Intrusion Prevention System (WIPS) configuration options to both detect and prevent network access by an unauthorized Wi-Fi access point
Premium
DO and PO
Knox 3.0 +
For WIPS to succssfully function, ensure either one of the following three conditions is set WIPSEnforement - true/WIPSAdvanceProtection - true OR WIPSEnforement - true/WIPSAdvanceProtection - false OR WIPSEnforement - false/WIPSAdvanceProtection - true
- Allow VPN over a tethered connection so a whitelisted USB device can access and share resources with a peer device
Premium
DO and PO
Knox 3.0 +
N/A
Application management
- Allows USB device supported profiles to utilize specific configurations
Premium
DO and PO
Knox 3.0 +
N/A
Certificates
- Allow applications to read private keys without alerting the device user
Premium
DO and PO
Knox 3.0 +
N/A
- Wi-Fi and Bluetooth scanning
- Common Criteria (CC) mode
Premium
DO
Knox 3.0 +
N/A
- Wi-Fi and Bluetooth scanning
- Common Criteria (CC) mode
Premium
DO
Knox 3.0 +
- Allow or restrict the use of the secondary SIM card slot on a dual SIM device
Premium
DO
Knox 3.0 +
- Remote control of a device
Premium
DO and PO
Knox 3.0 +
- Manage battery optimization whitelist
- Manage whitelisted device admins
Standard
DO and PO
Knox 3.0 +
N/A
Application management
- Create and apply app update policies on the device
- Customize app update policies to override the app update policies specified in Device Settings
Standard
DO and PO
Knox 3.0 +
Application management
- Allow or block updates to specific apps
Standard
DO
Knox 3.0 +
- Allow or restrict the ability to move applications to a container.
Premium
DO
Knox 3.0 +
- Certificate revocation
- Enable revocation check
- OCSP
Premium
DO and PO
Knox 3.0 +
N/A
Certificate management
- Add a Trusted CA alias
- Stop the user from removing certificates from the keystore
Premium
DO and PO
Knox 3.0 +
- Manage Wi-Fi hotspot settings
- Allow or block open Wi-Fi connections
Standard
DO
Knox 3.0 +
N/A
Device controls
- Show a custom banner on the device display on device restart
Premium
DO
Knox 3.0 +
- Manage Wi-Fi user profile and policy changes
- Allow or block specific network connections
- Allow or block automatic Wi-Fi connections
- Set minimum security requirements for a Wi-Fi connection
- Show or hide a Wi-Fi password in the network settings dialog
- Allow or restrict the user from changing the Wi-Fi connection state
Standard
DO
Knox 3.0 +
N/A
- Wi-Fi
- Bluetooth
- Cellular data
- Tethering (USB, Wi-Fi, and Bluetooth)
- USB devices
- Developer mode
- Power and data saver mode
- VPN connections
- Enforce external storage encryption
Standard
DO
Knox 3.0 +
- Microphone
- Sharing options
Standard
DO and PO
Knox 3.0 +
- Use Bluetooth profiles to manage connections from peripheral devices
Standard
DO
Knox 3.0 +
- Setup Samsung keyboard settings
- Show or hide items on Quick Panel
Standard
DO
Knox 3.0 +
N/A
- Disable app suggestions
- Enable battery protection settings
Premium
DO
Knox 3.4 +
N/A
- Customize the device settings menu using the Deep Settings Customization feature
Premium
DO
Knox 3.4 +
N/A
- Set data lock timeout type (minutes)
- Restrict access to device encrypted (DE) storage
Premium + (KPE Premium license with DDAR add-on)
DO and PO
Knox 3.3 +
- Manage data sync restrictions, including app- and property-level restrictions
- Enable use of RCP data sync policy controls
- Allow or block movement of apps between personal and Work profiles
- Enable and configure RCP data sync policies
Premium + (KPE Premium license with DDAR add-on)
PO
Knox 3.3 +
Device UI customization
- Customize the lockscreen and add shortcuts to open apps from the lockscreen
Premium
DO
Knox 3.0 +
- Add, update and manage APN settings
- Manage NFC
Standard
DO
Knox 3.0 +
- Dual APN based enterprise billing
- Modify APN settings
Premium
DO and PO
Knox 3.0 +
N/A
Firewall and Proxy
- Manage global proxy with static configuration
- Manage global proxy with PAC file
Standard
DO
Knox 3.0 +
N/A
-
Allow firmware update
over-the-air
- Allow firmware update in
recovery mode
Standard
DO
Knox 3.0 +
N/A
Mobile Virtual Network Operator (MVNO) configuration
- Customize the MVNO configuration on the device, including the type of configuration and the value
Standard
DO
Knox 3.2.1 +
Knox v3.4 or higher
Network Platform Analytics (NPA) data configuration
- Create NPA data configuration profiles
- Select specific data points to collect information
Standard
DO and PO
Knox 3.3 +
- Enable or disable authentication methods such as password and biometric authentication such as fingerprint, iris, or face recognition
Standard
DO
Knox 3.0 +
Passwords
- Enforce password change
- Specify the number of minutes up to which the user can cancel or delay the password change
Premium
DO and PO
Knox 3.3 +
Passwords
- Set the maximum length of an alphabetic sequence that is allowed for a device password
Standard
DO
Knox 3.3 +
RCP profile configuration for application data sync
- Configure the RCP profile to specify rules for syncing application data
Feature is Standard, but the Policies enforced by the configuration profile may be Premium
PO
Knox 3.3 +
- Enable and disable DeX
- Enforce Ethernet connection or virtual MAC address
- Set apps available in DeX mode
Standard
DO
Knox 3.1 +
- Set home alignment
- Set screen timeout
- Set loading logo
- Set DeX wallpaper
- Skip DeX welcome screen
- Skip overscan detection screen
- Auto-start DeX on HDMI connection
- Hide apps in app drawer
- Add application shortcuts on DeX
- Add URL shortcuts on DeX
Premium
DO
Knox 3.1 +
- Disable buttons on the DeX panel
Premium
DO
Knox 3.3 +
- Configure app launch behavior
Premium
DO
Knox 3.3 +
- Manage Universal storage credentials for all types of storage on the device; external and internal
- Set up and manage a UCM plugin for device lock and unlock
Premium
DO and PO
Knox 3.2 +
N/A
- Supported VPNs—Cisco AnyConnect, PulseSecure, Knox built in client (StrongSwan)
- VPN types—device-wide, per-app, or workspace-wide
- Manage list of apps that can use or bypass VPN
- Enable on-demand VPN
Premium
DO and PO
Knox 3.0 +
- VPN chaining with two profiles
- Proxy over VPN
- Include UID/PID meta-data in VPN
Premium
DO and PO
Knox 3.0 +
- Silent authentication mode is supported for Pulse Secure VPN
Premium
DO and PO
Knox 3.0 +
Silent authentication for Pulse Secure VPN is currently available only on DO or COMP devices
- Support for Net Motion VPN on DO or PO deployments
Premium
DO and PO
Knox 3.0 +
Net Motion VPN supports the following:
- profile-wide VPN
- device-wide VPN
- on-demand VPN
- certificate based authentication
- NTLM authentication with username & password
- Device users can rename Workspace and personal tabs
- IT admins can allow or restrict the installation of apps from the Personal tab to the Workspace
Premium
DO and PO
Knox 3.0 +
N/A
