November 3, 2022

Upcoming changes to Knox products in November 2022

Samsung Knox Team

The next Knox cloud service release is scheduled for November 16, 2022, PDT. This release is expected to include new product features and changes that aim to improve product usability in the Knox ecosystem. During the release process, and each of the product consoles will continue to be available.

Keep in mind that these pre-release notes include future feature commitments and other information that may change leading up to the actual release.

Expected changes to Knox cloud services

The following table summarizes the key changes to Knox cloud services that will go live with the upcoming release.

Service Changes
Knox Admin Portal
  • Cross-service device deletion — Add the ability to remove one or more devices from all Knox services on the centralized device information page of the Knox Admin Portal. You can quickly access the centralized page after you search for a device, so with this enhancement you’ll be able to find and delete outdated or unneeded devices in an instant.
  • Improvements to integration with Knox Manage
    • Allow admins on the Knox Admin Portal to activate and deactivate admin accounts from other Knox cloud services that are attached to the Knox Manage tenant.
    • Switch from the bespoke Knox Manage license service to the license management system common to all other Knox cloud services.
  • Knox Remote Support enhancements
    • Enable admins to use Knox Remote Support during a Knox Admin Portal session in which they signed in through Okta, Ping, and Microsoft Azure AD identity providers.
    • Enable device users to receive remote support sessions while the Android device is connected to a Windows device through Samsung DeX.
    • When you first access the viewer, make it perform an initial time sync with the local time of your PC.
Knox Mobile Enrollment
  • REST API enhancements
    • Add the ability to retrieve device information logged between a specific point in time through to the present. Specify the time period as a number of hours, minutes, or even as a starting date.
    • Update the Unassign Profile operation to unassign all valid devices (valid device IDs like IMEI or serial number) regardless of any invalid devices (invalid IMEIs) in the parameters. Add lists of the valid, non-existent, and invalid devices to the response.
Knox Manage
  • Notice regarding upcoming changes to platform support — In next year’s 23.03 release, the scheduled changes to minimum requirements consist of:
    • Support for Android 8 and higher, up from 6
    • End of official support for Android Legacy
    • Support for iOS 14 and higher, up from 11
  • Support for Android 13 — Support enrolling and managing devices running Android 13.
  • Non-shared fully managed Android devices— Introduce a new enrollment workflow, called non-shared, in which you can configure a device, its profile, and its content with a temporary staging user. Once the user signs in to the device, it enrolls their account and deletes the staging user account. This mode will help speed up customization and deployment of devices when other rapid enrollment technologies aren’t available.
  • Improvements to shared and non-shared Android devices
    • Allow you to pre-configure Wi-Fi access point configurations so that shared and non-shared devices can connect to on-premises networks out of the box.
    • In the staging user profile, add options for Shared Device and Non-shared Device so you can specify the device’s intended user provisioning.
    • Rename the Setting > Configuration > Staging & Shared Device page to Staging Device.
  • Google server connection test— Add an action to the console that tests the connection between the tenant and the Google servers. This test will help you assess sync issues with Google’s servers when the Knox Manage tenant is linked to a Google Workspace tenant.
  • Improvement to auto-update setting for Managed Google Play apps —When Auto Update Mode is set to Default Update while assigning a Managed Google Play (MGP) app, make it respect the tenant’s global Auto Update Apps setting instead of the generic update schedule.
  • Kiosk app installation status for Android kiosks — Add a column to the list of devices on the Kiosk Details page that indicates whether the latest version of the kiosk app package is installed.
  • Improvement to Knox Browser homepage policies — Add the standard Lookup action to the Homepage URL and Default URL policies, which provides quick access to lookup items.
  • Support for iOS 16 — Support enrolling and managing devices running iOS 16.
  • User enrollment for iOS devices — Support user enrollment, which is a means of enrolling BYOD (personally-owned) iPhones and iPads.
  • iOS policy additions — Add support for iOS policies concerning keyboard features, such as autocorrect, spellcheck, definitions, dictation, and QuickPath.
  • Content management for Windows devices — Extend the Mobile Content Management (MCM) features and capabilities of Knox Manage to Windows devices.
  • Changes to Microsoft Store app identifiers —Make Package Family Name (PFN) identifiers an optional method for locating apps on Microsoft Store. Automatically determine the app identifier from its Microsoft Store URL, with no additional input required from IT admins.
  • Support for Windows kiosks — Expand support for the single-app and multi-app kiosk modes to Windows devices.
  • Windows policy additions — Add support for Windows policies concerning apps and data sharing features, such as trusted apps, auto update, developer unlock, DVR and game broadcasting, sharing app data between users, and restricting app data to the system volume.
  • Chrome OS policy additions — Add support for 66 new Chrome OS policies, plus 163 policies related to managed guest sessions. The majority of the managed guest session policies are equivalent to existing base policies for the operating system, but are specific to that user mode.
  • Samsung DeX with Knox Remote Support — Enable device users to receive remote support sessions while the Android device is connected to a Windows device through Samsung DeX.
  • Time zone sync in Knox Remote Support Viewer — When you first access the viewer, make it perform an initial time sync with the local time of your PC.
  • Improvement to Knox Service Plugin integration — Have the console automatically approve the Knox Service Plugin on your behalf when you configure one of its policies in a profile.
  • MSP creation of read-only admins — Provide MSPs in the Knox MSP Program with the ability to create read-only sub-admins for Knox Manage tenants. Give these sub-admins permission to sign in to the Knox Manage console without any additional registration.
  • Enhancements to unenrollment actions

    o    Add the ability to apply the Unenroll actions to all devices in a group on the Group page.

    o    Redouble the warning dialogs for these actions to help prevent accidental unenrollment.

    ·Bulk user tagging — Allow you to create and update user tags in the bulk user template.

    ·Enhanced device search on Group Details page — Give you the ability to query multiple device parameters with the device search on the Device tab of the Group Details page.

    ·Enhancement to bulk app assignment — Add a Common Settings dialog to the Application page that configures the assignment settings of multiple apps at once.

    ·Increase to bulk app assignment limit — Increase the maximum number of apps that can be assigned in bulk from 20 to 100. The exceptions to this limit will be MGP private web apps and Apple Volume Purchase Program apps.

    ·Knox Service Plugin audit log — Add a KSP Feedback dialog that lists all Knox Service Plugin messages automatically delivered to the servers by the plugin. Place it on the History > Audit Log page.

    ·API updates

    o    Add operations that delete devices by device ID, IMEI, and serial number.

    o    Update the createUser operation with a parameter that sends an enrollment email to the device user.

    o    Update the selectDeviceList operation:

    ·         Add a string parameter that returns the day the device was last seen by the server.

    ·         Add a bool parameter that returns whether the device is currently locked.

    ·         Add a string parameter that returns the email address of the assigned user.

Deprecate the deleteSMSQueue, selectSMSQueueList, and updateSMSQueue operations.

  • Improvements to network settings for firmware downloads
    • Add the ability to configure advanced network settings for firmware downloads. Support three network types — Wi-Fi, Mobile, and Ethernet. Permit downloads while roaming and add logic that switches to Wi-Fi or Ethernet connections during large downloads.
    • Provide a priority order of the network type to use when downloading firmware.
  • Notification center enhancements — Show all notifications and events related to devices and EMM groups in the notification center.
  • Improvements to firmware installation reminders
    • Allow installation reminder messages to be displayed for a duration of 1 to 999 minutes to help encourage device users to install firmware updates sooner.
    • Allow you to turn off reminder messages to trigger firmware downloads without notifying device users.
  • Support for secondary IMEI on dual-SIM devices — Add the ability to query and retrieve the secondary IMEI (IMEI2) of dual-SIM devices on search and device pages. Export IMEI2s in device data saved to CSV and XLSX files.
Knox Asset Intelligence
  • Dashboard enhancements
    • Add the ability to monitor device network usage by carrier and by network generation.
    • Provide more details in the charging, low battery, and battery drain event charts, such as chart insights based on custom thresholds.
    • Enable admins to see enhanced information in the app, battery, and network consumption charts, such as new expanded views.
    • Allow admins to filter out high battery consumption and network usage data if it's attributed to a small number of devices.
  • Improvements to enrollment flow — Add the ability to disable auto-enrollment for selected devices as needed
  • Device diagnostics — Allow the device user to directly view app issues in the Knox Asset Intelligence agent that occurred on the device within the last 24 hours.
Knox Configure
  • Enhancements to the Knox Configure client
    • Add the option to customize the product name and image displayed in the client.
    • For devices running Android 13 or higher, adjust the location of the client to Settings > Advanced features.
    • Adjust the name of the client to Configuration service.
    • Add the ability to pin a persistent notification to provide the device user with a quick way to access the client. If this option is enabled, you can optionally customize the app name and message displayed.
    • Add accessory and routine information to the client.
  • Removal of mandatory Knox Configure client Terms and Conditions — Remove the Knox Configure Terms and Conditions. The device user must only agree to the Samsung Knox Privacy Policy during enrollment.
  • Updates to message shown when pairing Knox Configure accessories
    • If the device user attempts to pair a Knox Configure accessory to a device that has already been enrolled by a different accessory, open a message explaining that the previous accessory profile must be cleared from the device before a new accessory can be paired.
    • When Knox Configure enrollment is triggered by an accessory, open a message showing the number of accessory registrations remaining.
Knox Guard
  • Last server connection time on the device lock screen — Show the last time a device was connected to the Knox Guard server on its lock screen. This will help inform the device user that recent updates and actions pushed to the device might still be pending. Access to this feature will be limited to admins with the Last Seen permission.
  • Support for secondary IMEI on dual-SIM devices — Add the ability to query and retrieve the secondary IMEI (IMEI2) of dual-SIM devices on search and device pages. Export IMEI2s in device data saved to CSV files. Access to this feature will be temporarily limited to devices uploaded using the Knox Deployment Program and the Knox Guard upload feature, and not through the Knox Deployment App.
Samsung Care+ for Business
  • Support for secondary IMEI on dual-SIM devices — Add the ability to query and retrieve the secondary IMEI (IMEI2) of dual-SIM devices on search and device pages, as well as export the IMEI2s in device data saved to CSV files.
  • Error message improvements — Update the text of the generic error message for when you submit a license not intended for the country in question.
  • Customizable license names — Add the ability to name licenses and sort them alphabetically, making them easier to track and use.
  • Access Assigned/Activated devices from Licenses page — Provide a way to access the list of Assigned and Activated devices by clicking the corresponding field on the Licenses page.
  • Claim request redirection by claim type — Direct you to either the Samsung Care+ for Business claim guide or the insurer claim portal depending on the type of claim being requested (Extended Warranty or Accidental Damage from Handling).
  • Access sign-in activity by IP address — Enable viewing the IP addresses for your account session activity in the Activity log CSV file

Expected changes to Knox partner products 

The following table summarizes the key changes to Knox partner products that will go live with the upcoming release.

Program Changes
Knox Deployment Program
  • Removal of bulk actions for Vendor accounts — Remove access to bulk actions in the Reseller Portal for resellers with the Vendor account type.
  • Tooltip for IMEIs of dual-SIM devices in device list — Add a tooltip to dual-SIM devices when hovering over them, which shows both of the device’s IMEIs.
Knox MSP Program
  • Knox Configure profile copying across customers
    • Introduce the ability to copy Knox Configure profiles from fully managed customers to any fully or jointly managed customers on the Knox MSP Portal.
    • Add a central view of all Knox Configure profiles across customers.
    • Allow MSPs to assign profiles to multiple customers at a time or update profiles as needed.
  • Add additional role permissions for profiles and Knox Manage — Allow MSP admins to create and assign roles with the permission to:
    • Manage or view profiles.
    • Either view or manage Knox Manage data on the customer’s Knox Manage console. Full access to data will be permitted by default.
  • Email notification control for emails generated by Knox MSP Portal — Add notification controls for emails generated by events on the Knox MSP Portal.
  • License table export to CSV file — Allow you to:
    • Export both the Fully Managed and Jointly Managed license tables to a CSV file.
    • When exporting the license table as a CSV file, include columns for license key information and the date when the license was activated.
  • SSO authentication support — Allow MSPs to access the Knox MSP Portal through SSO identity providers including Okta, Ping Identity, and Microsoft Azure AD.