Menu

Knox Manage release notes—June 24, 2020

Admin portal

Getting Started tour

The Getting Started tour is now available in seven languages:

  • English
  • Spanish
  • Portuguese
  • French
  • Italian
  • German
  • Korean

You can access the Getting Started tour by clicking the Support icon on the upper-right corner of the screen.

Two-factor authentication enhancement

When logging in to the Knox Manage admin portal, you can click Skip additional verification on this browser next time if you want to skip two-factor authentication on your browser. If the following conditions are met, you won't be prompted for a verification code until you clear your browser cache:

  • The new session is created in the same network.

  • The same user ID and password are used to log in.

  • The same browser is used to log in.

Knox Manage agent version in Device Detail

The version number of a device's Knox Manage agent is now shown in the Device Detail.

Add Control Application button

Previously, control apps could be added only in the Profile tab through the Manage Control App button. To make this functionality more easily accessible, control apps can now be added through the Add Control Application button which has been added in several places.

Samsung Knox Support

A link to Samsung Knox Support has been added in the Knox Manage admin portal. You can access the Knox Support link by clicking the Support icon on the upper-right corner of the screen.

History of device commands in requests

The history of device commands in requests will be deleted after three months. This option is available in History > Device Command in Request.

Service Admin access

For privacy reasons, the Service Admin role no longer has access to the following actions. These buttons will be removed:

  • Check Location
  • Export to CSV

Application

Managed Configuration wildcard support

Checkpoint Sandblast is a mobile security application that Knox Manage supports. When setting Managed Configuration for Checkpoint Sandblast, you can now use the following wildcard variables:

  • $deviceid$

  • $imei$

Profile

Use of Knox Platform for Enterprise license in the Android Enterprise mode

Previously, Premium features were only supported through a Knox Suite license. The Knox Platform for Enterprise (KPE) license was only used for the Knox Workspace (legacy) mode. Starting this release, you can use a KPE license in the Android Enterprise (AE) mode to take advantage of Premium features.

NOTEKnox E-FOTA One is not included in a KPE license. It is included in Knox Suite.

Mode Knox Manage license Knox Manage & KPE license Knox Suite license
Android Legacy Standard features Standard + Premium features Not supported
Android Enterprise Standard features Standard + Premium features Standard + Premium features

You can upgrade the following licenses to a Knox Suite license in the License tab of the Knox Manage admin portal:

  • Knox Platform for Enterprise
  • Knox Manage

IMPORTANT—Once you've upgraded a license, you cannot downgrade back.

Requirements to use Premium features with a KPE license

  • The Knox Manage agent must be upgraded to v20.6.
  • The devices must be Samsung devices.

NOTE—One UI Core devices (that is, non-Knox Samsung devices, formerly known as JDM devices) do not support Premium features with a KPE license. Applying KPE policies on such a device will cause unexpected errors that require a factory reset.

Allow USB devices for default access by app

You can now set control policies for USB access for each application.

  • Set this policy to Allow to whitelist an app. When using that app, the user will not be prompted through a popup message to grant permission to allow USB usage. It will always be allowed. You'll need to provide the following to identify the app to be whitelisted:

    • Package name of the target application
    • Vendor ID
    • USB product ID
  • Set this policy to Disallow, or do not apply this policy, if you want users to specify (though the popup message) whether they want to allow or deny USB access for the app.

A KPE or Knox Suite license is required to configure this setting in the Work profile area.

When adding or modifying an Android Enterprise profile, you can find this setting in Samsung KnoxInterfaceAllow USB devices for default access by app.

Enforce Firmware Auto Update on Wi-Fi

You can now enforce automatic firmware updates when the device is connected to a Wi-Fi network.

  • Set this policy to Use to allow firmware auto-updates over a Wi-Fi network. Device users will not be able to turn this setting off.

  • Set this policy to Do not use to allow the device user to choose whether or not to allow auto-updates over Wi-Fi.

When adding or modifying an Android Enterprise profile, you can find this setting in Samsung KnoxSystemEnforce Firmware Auto Update on Wi-Fi.

APN configuration with wildcard variable

The Access Point Username and Access Point Password settings now allow the following wildcard variables:

  • Device IMEI

  • Device serial number

When adding or modifying an Android Enterprise profile, you can find these settings in Samsung KnoxAPN.

Manage file uploads through the Kiosk Browser

You can now allow or disallow file uploads through the Kiosk Browser. The default value is Disallowed.

When adding or modifying an Android Enterprise or Android Legacy profile, you can find this setting in the following paths:

  • Android EnterpriseKioskKiosk app settings > File Upload.

  • Android LegacyKioskKiosk app settings > File Upload.

Secure Startup

The Secure Startup policy has been added for devices running an OS earlier than Android P in Android Legacy mode. This policy allows you to allow or disallow users from setting the Secure Startup feature on devices.

When Secure Startup is set and the user enters the wrong password 30 times, the device will undergo a factory reset even if you have restricted factory resets through a policy. To avoid this situation, set the Secure Startup policy to Disallow.

When adding or modifying an Android Legacy profile, you can find this setting in Android LegacySecuritySecure Startup.

Kiosk

Mobile hotspot setting for Kiosk devices

You can now allow users to configure the Mobile Hotspot setting in kiosk devices. When adding or modifying a kiosk using the Kiosk Wizard, you can select Hotspot in the Device Setting menu.

For more information on configuring kiosk device settings, see Configure device settings.

License

License usage visualization

The License menu and License Detail screen have been enhanced to show license usage visualization for easy viewing.

In addition, Knox Suite license usage is updated whenever you access the following.

  • Dashboard > License

  • SettingLicense > (Click a license key of type Knox Suite.)License Detail

License upgrades

Enhancements to license upgrades have been made.

Upgrade a Knox Manage license to a Knox Manage (& KPE) license

You can now upgrade a Knox Manage license to a Knox Manage (& KPE) license. There are two ways to do this.

By modifying a user:

  1. Go to User and find the user to be upgraded.
  2. Click Modify.
  3. Next to Knox Platform for Enterprise (Android Enterprise), select Yes.
  4. Click Save.
  5. Click OK to confirm your request.

By assigning a Knox Manage (& KPE) license to a user:

  1. Go to SettingLicense.
  2. Click Assign.
  3. Select the organizations or users to be upgraded, and click Assign.
  4. Click OK to confirm your request.

Upgrade a Knox Manage (& KPE) license to a Knox Suite license

You can also upgrade a Knox Manage (& KPE) license to a Knox Suite license:

  1. Go to SettingLicense.
  2. Click Upgrade.
  3. Select the organizations or users to be upgraded, and click Upgrade.
  4. Click OK to confirm your request.

Report

Report enhancement for Device Detail

The following details were added to the Device Detail report:

  • Wi-Fi AP name
  • AP MAC address
  • Hidden SSID
  • External SD card (Y/N)

iOS

Apple VPP enhancement

Previously, Knox Manage only supported user-based app assignment for the Apple Volume Purchase Program (VPP). This requires adding VPP users before assigning VPP apps to their devices.

Moreover, end users also had to log in with their Apple ID to install the VPP application.

Starting this release, Knox Manage supports device-based VPP app assignment, which doesn't require Apple ID based mapping. You no longer need to go through the VPP user management process. You can just assign the app to groups or organizations.

When assigning a VPP application, you can do the following:

  • Check the license usage synced from Apple Business Manager (https://business.apple.com).

  • Select the assignment type—Device or User.

    The Device assignment type is based on the device's serial number and works without Apple ID configuration on the device. If you choose this, you don't need to set up any Apple IDs.

    NOTE—The User assignment type works as it did before v20.6.

  • Select the install type—Manual or Automatic.

    • If you select Manual, the assigned application becomes available in the Knox Manage agent's Application Store for the user to download.

    • If you select Automatic, the app is installed on target devices without user intervention.

    Regardless of install type, the installation status can be seen on the Knox Manage agent’s Application Store.

  • Select a target type—Group or Organization.

Resolved issues and improvements

NOTE— Items marked with (HOTFIX) were released before version 20.6.

  • [KMVOC-9456 / 00194312] Report Error
  • [KMVOC-9449 / 00194328] getting Error in uploading internal app
  • [KMVOC-9418 / 00193497] Device leave kiosk and shows application to choose.
  • [KMVOC-9380, 9475 / 00192777] KM/KS SSO login from Knox Portal shows black(greyish) screen (HOTFIX)
  • [KMVOC-9372 / 00191944] [KM/KME] Auto enrollment
  • [KMVOC-9350 / 00192096] cannot open any applications just after start the device
  • [KMVOC-9347 / 00191930] Select via Filter not work properly in version 20.4 (HOTFIX)
  • [KMVOC-9334 / 00192286] LDAP user sync doesn't change the 'type' attribute (HOTFIX)
  • [KMVOC-9328 / 00188140] AD sync service scheduler is not syncing group (HOTFIX)
  • [KMVOC-9324 / 00191953] [ETS] S9 | OS 9 | KNOX Manage Client v 20.4 causing battery Drain (HOTFIX)
  • [KMVOC-9318 / 00191955] Managed Configuration with Managed Google Play Private Apps (HOTFIX)
  • [KMVOC-9311 / 00191842] After KM update 20.4, SM-T365 devices get statusbar and apps locked. (HOTFIX)
  • [KMVOC-9304 / 00191692] Managed Configuration of CISCO AnyConnect (HOTFIX)
  • [KMVOC-9299 / 00191118] KM agent Not responding after latest update (HOTFIX)
  • [KMVOC-9183 / 00188933] KM sync issue
  • [KMVOC-9167 / 00188056] AD null pointer exception while AD LDAP sync on some users for SRA (HOTFIX)
  • [KMVOC-9090 / 00182768, 00186386][KCSME-2221] KC/KM workflow
  • [KMVOC-9488 / 00195000] Internal Application File name Error
  • [KMVOC-8589,8824 / 00186713, 00178677, 00178628, 00182410] wrong variables in Samsung Email app / Samsung E-Mail, wildcard issue in Knox Manage and AE managed config