Menu

Release Notes

Knox Service Plugin (KSP) offers a subset of existing Knox Platform for Enterprise (KPE) features to our enterprise customers' devices. The following table describes KSP features in detail.

KSP app version Release date
1.1.99 March 2020
1.1.92 February 2020
1.1.80 December 2019
1.1.72 November 2019
1.1.67 October 2019
1.1.60 September 2019
1.1.50 August 2019
1.1.42 July 2019
1.1.26 June 2019
1.1.19 May 2019
1.1.01 April 2019

Features

NOTE—To use premium features, you must purchase a Knox Platform for Enterprise premium license.

Category

Feature

License Type

Supported Deployment

KPE version required

Additional notes

Application management policy

- Enables an admin to whitelist or blacklist an application signature allowing it to be installed (whitelisted) or blocked (blacklisted) in either DO or PO. The installed package is not be part of the system image.

Premium

DO and PO

Knox 3.0 +

For information on setting application management controls, go to: Advanced policies and navigate to the Application management policies section.

Application management policy

-This policy enables an IT admin to disable an application in either DO or PO without uninstalling it, preventing the device user from launching the application.

Premium

DO and PO

Knox 3.0 +

For information on setting application management controls, go to: Advanced policies and navigate to the Application management policies section.

Password policy

- Enables an IT admin to specify the maximum numeric sequence length permitted in a device (and container) password.

Standard

PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to specify the maximum alphanumeric sequence length permitted in a work profile (PO) password.

Standard

PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set the maximum length of time to lock a device and container.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set a minimum password length for a device (and container).

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set the maximum number of device user failed password attempts before the device (and container) wipes its data.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set the maximum number of device user failed password attempts before the device (and container) no longer permit password entry and device access.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Enables an IT admin to set criteria for password strength (minimum number of digits and special characters, etc.) for a device and its container

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Password policy

- Provides an IT admin the ability to control facial authentication within the work profile.

Standard

DO and PO

Knox 3.0 +

For information on password controls, go to: Advanced policies and navigate to the Password policies section.

Device restrictions

- Provides an IT admin the ability to enable or disable a user's ability to backup their device deta on a Google Server.

Standard

DO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device restrictions

- Provides an IT admin the ability to enable or disable user access to the device's Secure Digitial (SD) memory card.

Standard

DO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device restrictions

- Provides an IT admin the ability to either enable or disable the installation of non-Google Play apps on a device.

Standard

DO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device restrictions

- Provides an IT admin the ability to enable or disable Android Beam (NFC and Bluetooth functionality) on a device. Once disabled, a device user cannot send information (contacts, emails, etc.) using Andorid Beam.

Standard

DO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device restrictions

- Provides an IT admin the ability to enable or disable the device camera. Third party applications cannot enable the device camera once disabled using this function.

Standard

DO and PO

Knox 3.0 +

For information on device restriction controls, go to: Advanced policies and navigate to the Device restriction section.

Device controls

- Controls Bluetooth whitelist and blacklist UUID restrictions. When enabled, all peripherals except those with specified UUIDs are allowed or blocked from operating with a device.

Premium

DO

Knox 3.0 +

For information on Bluetooth device controls, go to: Advanced policies and navigate to the Device controls > Bluetooth policy section.

Device controls

- Enables an IT admin to configure a device so 3rd party applications can pass an intent based on the specific device key pressed. This in turn helps a device user invoke an application's functionality faster.

Premium

DO

Knox 3.0 +

N/A

Certificate management

- Enables an admin to install a certificate into the keystore silently, without user intervention.

Standard

DO and PO

Knox 3.0 +

For information on certificate controls, go to: Advanced policies and navigate to the Certificate management policies section.

- Configures a device user inactivity timeout to periodically shutdown the device to conserve battery power and extend battery life between charges

Premium

DO and PO

Knox 3.0 +

There is a 10 minute minimum timeout if setting a user inactivity period.

- Enables hard key mapping for specific device and application actions

Premium

DO and PO

Knox 3.0 +

If the application receiving the key mapping configuration is already launched and in the background, pressing a hardware key a second time does not bring it to the foreground and kills the application.

Advanced Wi-Fi policy

- Once enrolled, this setting configures a roam trigger, roam duration period, and roam delta to improve device connectivity in an Enterprise environment

Premium

DO and PO

Knox 3.0 +

N/A

Advanced Wi-Fi policy

- Disables the blacklisting of a device SSID resulting from an authentication failure, so the impacted device does not need to wait before attempting to reauthenticate

Premium

DO and PO

Knox 3.0 +

N/A

Advanced Wi-Fi policy

- Enables or disables a DHCP check with each device roam to prevent the device from being dropped on the network. Turning off DHCP renewal allows the device to keep its current IP address.

Premium

DO and PO

Knox 3.0 +

N/A

- Enables or disables the 2nd SIM card slot on dual SIM devices. Not applicable to single SIM devices.

Premium

DO and PO

Knox 3.0 +

N/A

- Enables Wireless Intrusion Prevention System (WIPS) configuration options to both detect and prevent network access by an unauthorized Wi-Fi access point

Premium

DO and PO

Knox 3.0 +

For WIPS to succssfully function, ensure either one of the following three conditions is set WIPSEnforement - true/WIPSAdvanceProtection - true OR WIPSEnforement - true/WIPSAdvanceProtection - false OR WIPSEnforement - false/WIPSAdvanceProtection - true

VPN

- Allow VPN over a tethered connection so a whitelisted USB device can access and share resources with a peer device

Premium

DO and PO

Knox 3.0 +

N/A

Application management

- Allows USB device supported profiles to utilize specific configurations

Premium

DO and PO

Knox 3.0 +

N/A

Certificates

- Allow applications to read private keys without alerting the device user

Premium

DO and PO

Knox 3.0 +

N/A

- Wi-Fi and Bluetooth scanning
- Common Criteria (CC) mode

Premium

DO

Knox 3.0 +

N/A

- Wi-Fi and Bluetooth scanning
- Common Criteria (CC) mode

Premium

DO

Knox 3.0 +

- Allow or restrict the use of the secondary SIM card slot on a dual SIM device

Premium

DO

Knox 3.0 +

- Remote control of a device

Premium

DO and PO

Knox 3.0 +

- Manage battery optimization whitelist
- Manage whitelisted device admins

Standard

DO and PO

Knox 3.0 +

N/A

- Manage notifications with whitelist

Standard

DO and PO

Knox 3.0 +

N/A

Application management

- Create and apply app update policies on the device
- Customize app update policies to override the app update policies specified in Device Settings

Standard

DO and PO

Knox 3.0 +

Application management

- Allow or block updates to specific apps

Standard

DO

Knox 3.0 +

- Allow or restrict the ability to move applications to a container.

Premium

DO

Knox 3.0 +

- Manage Rich Communication Services (RCS) messaging

Standard

DO

Knox 3.0 +

N/A

- Set disclaimer text for messages

Standard

DO

Knox 3.0 +

N/A

- Certificate revocation
- Enable revocation check
- OCSP

Premium

DO and PO

Knox 3.0 +

N/A

Certificate management

- Add a Trusted CA alias
- Stop the user from removing certificates from the keystore

Premium

DO and PO

Knox 3.0 +

- Manage Wi-Fi hotspot settings
- Allow or block open Wi-Fi connections

Standard

DO

Knox 3.0 +

N/A

Device controls

- Show a custom banner on the device display on device restart

Premium

DO

Knox 3.0 +

- Manage Wi-Fi user profile and policy changes
- Allow or block specific network connections
- Allow or block automatic Wi-Fi connections
- Set minimum security requirements for a Wi-Fi connection
- Show or hide a Wi-Fi password in the network settings dialog
- Allow or restrict the user from changing the Wi-Fi connection state

Standard

DO

Knox 3.0 +

N/A

- Wi-Fi
- Bluetooth
- Cellular data
- Tethering (USB, Wi-Fi, and Bluetooth)
- USB devices
- Developer mode
- Power and data saver mode
- VPN connections
- Enforce external storage encryption

Standard

DO

Knox 3.0 +

- Microphone
- Sharing options

Standard

DO and PO

Knox 3.0 +

- Use Bluetooth profiles to manage connections from peripheral devices

Standard

DO

Knox 3.0 +

- Setup Samsung keyboard settings
- Show or hide items on Quick Panel

Standard

DO

Knox 3.0 +

N/A

- Disable app suggestions
- Enable battery protection settings

Premium

DO

Knox 3.4 +

N/A

- Customize the device settings menu using the Deep Settings Customization feature

Premium

DO

Knox 3.4 +

N/A

- Set data lock timeout type (minutes)
- Restrict access to device encrypted (DE) storage

Premium + (KPE Premium license with DDAR add-on)

DO and PO

Knox 3.3 +

- Manage data sync restrictions, including app- and property-level restrictions
- Enable use of RCP data sync policy controls
- Allow or block movement of apps between personal and Work profiles
- Enable and configure RCP data sync policies

Premium + (KPE Premium license with DDAR add-on)

PO

Knox 3.3 +

Device UI customization

- Customize the lockscreen and add shortcuts to open apps from the lockscreen

Premium

DO

Knox 3.0 +

- Add, update and manage APN settings
- Manage NFC

Standard

DO

Knox 3.0 +

- Dual APN based enterprise billing
- Modify APN settings

Premium

DO and PO

Knox 3.0 +

N/A

- Manage firewall configurations
- Set allow or deny rules
- Set reroute rules
- Set domain filters

Premium

DO and PO

Knox 3.0 +

N/A

- Manage global proxy with static configuration
- Manage global proxy with PAC file

Standard

DO

Knox 3.0 +

N/A

- Allow firmware update over-the-air
- Allow firmware update in recovery mode

Standard

DO

Knox 3.0 +

N/A

- Enforce firmware auto update on Wi-Fi

Premium

DO

Knox 3.0 +

N/A

Mobile Virtual Network Operator (MVNO) configuration

- Customize the MVNO configuration on the device, including the type of configuration and the value

Standard

DO

Knox 3.2.1 +

Knox v3.4 or higher

Network Platform Analytics (NPA) data configuration

- Create NPA data configuration profiles
- Select specific data points to collect information

Standard

DO and PO

Knox 3.3 +

- Enable or disable authentication methods such as password and biometric authentication such as fingerprint, iris, or face recognition

Standard

DO

Knox 3.0 +

- Multifactor authentication

Standard

DO

Knox 3.0 +

Passwords

- Enforce password change
- Specify the number of minutes up to which the user can cancel or delay the password change

Premium

DO and PO

Knox 3.3 +

Passwords

- Set the maximum length of an alphabetic sequence that is allowed for a device password

Standard

DO

Knox 3.3 +

RCP profile configuration for application data sync

- Configure the RCP profile to specify rules for syncing application data

Feature is Standard, but the Policies enforced by the configuration profile may be Premium

PO

Knox 3.3 +

- Enable and disable DeX
- Enforce Ethernet connection or virtual MAC address
- Set apps available in DeX mode

Standard

DO

Knox 3.1 +

- Set home alignment
- Set screen timeout
- Set loading logo
- Set DeX wallpaper
- Skip DeX welcome screen
- Skip overscan detection screen
- Auto-start DeX on HDMI connection
- Hide apps in app drawer
- Add application shortcuts on DeX
- Add URL shortcuts on DeX

Premium

DO

Knox 3.1 +

- Disable buttons on the DeX panel

Premium

DO

Knox 3.3 +

- Configure app launch behavior

Premium

DO

Knox 3.3 +

- Manage Universal storage credentials for all types of storage on the device; external and internal
- Set up and manage a UCM plugin for device lock and unlock

Premium

DO and PO

Knox 3.2 +

N/A

VPN

- Supported VPNs—Cisco AnyConnect, PulseSecure, Knox built in client (StrongSwan)
- VPN types—device-wide, per-app, or workspace-wide
- Manage list of apps that can use or bypass VPN
- Enable on-demand VPN

Premium

DO and PO

Knox 3.0 +

VPN

- VPN chaining with two profiles
- Proxy over VPN
- Include UID/PID meta-data in VPN

Premium

DO and PO

Knox 3.0 +

VPN

- Silent authentication mode is supported for Pulse Secure VPN

Premium

DO and PO

Knox 3.0 +

Silent authentication for Pulse Secure VPN is currently available only on DO or COMP devices

VPN

- Support for Net Motion VPN on DO or PO deployments

Premium

DO and PO

Knox 3.0 +

Net Motion VPN supports the following:
- profile-wide VPN
- device-wide VPN
- on-demand VPN
- certificate based authentication
- NTLM authentication with username & password

- Device users can rename Workspace and personal tabs
- IT admins can allow or restrict the installation of apps from the Personal tab to the Workspace

Premium

DO and PO

Knox 3.0 +

N/A